This seems reasonable.  I did a few minutes of research to see if we'd 
be breaking any IDN scenarios, and I don't think so.  We don't pass 
AI_IDN to getaddrinfo(), so getaddrinfo won't be doing any encoding 
into ACE, and we obviously don't do our own encoding.  An application 
could, in theory, encode an IDN to ACE before importing a GSS name, but 
if it does that then hostname validation will succeed.