Oh come on.
I am sure that you can sort the problem out with some sort of rule
such as 'if case matters, use punycode for upper case'.
It won't of course because people have been trying and failing to put
account information into the DNS since the first DNS specs. The number
of people who can configure DNS that way are maybe 5% of the total
base. Big enterprises can't do it because the DNS is an infrastructure
for describing hosts and they have other infrastructures for tracking
people. Small enterprises can't do it because if you don't run your
own DNS, you are left entering RRs through Web interfaces that only
recently started supporting SRV.
Let these folk get on with their experiment so that they can learn
what others have learned before for themselves.
The only way you could do that sort of thing with DNS records is if
you were doing something like S/MIME and you had a LRA for the domain
with its own root or intermediate cert and published an authenticator
for that in the DNS. then you could put a link to your directory where
account granular lookup can be performed in the DNS next to it.
This fits S/MIME a lot better than OpenPGP because it is already
hierarchical. Of course you can do the same thing with OpenPGP but the
cost is that you are imposing the DNSSEC hierarchy on OpenPGP.
This is not a solution, it is a distraction. But the sooner they get
started on learning the problems themselves, the sooner we can get
onto the next thing.