URL Normalization and Domain Name Trailing Dot

I was playing around with OpenID recently. I found that

http://timc.idv.tw/

and

http://timc.idv.tw./

are actually two distinct OpenID identifies. First I thought it was a flaw in the implementation library, however after checking URL normalization rules in OpenID specification, and RFC 3986 it referred to, I realized that people who write the specs has never consider the trailing dot in domain names; they think people should just leave the hostname as-is, without adding nor striping the dot.

Yes, they are indeed different as described in RFC 1034: The trailing dot represent the DNS root, indicated that hostname specified is a complete full qualified domain name (FQDN); the other being an incomplete one, where local software (e.g. OS-level DNS service) can try to complete it with knowledge of the local domain (e.g. primary DNS suffix). Yet for a URL that identifies people (“OpenID”, dah!), I think it’s strange to accept an incomplete domain name – nor indicate in the spec that an incomplete domain name (by definition of RFC 1034) should be treated as a FQDN.

Maybe future spec or RFCs should address this issue.

See also: Trailing Dots in Domain Names

Leave a Reply

Your email address will not be published. Required fields are marked *