idnits 2.17.1 draft-ietf-idn-nameprep-10.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == No 'Intended status' indicated for this document; assuming Proposed Standard == The page length should not exceed 58 lines per page, but there was 1 longer page, the longest (page 1) being 227 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Authors' Addresses Section. Miscellaneous warnings: ---------------------------------------------------------------------------- == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords -- however, there's a paragraph with a matching beginning. Boilerplate error? (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- Couldn't find a document date in the document -- date freshness check skipped. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 5 errors (**), 0 flaws (~~), 3 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Internet Draft Paul Hoffman 2 draft-ietf-idn-nameprep-10.txt IMC & VPNC 3 May 17, 2002 Marc Blanchet 4 Expires in six months ViaGenie 6 Nameprep: A Stringprep Profile for Internationalized Domain Names 8 Status of this memo 10 This document is an Internet-Draft and is in full conformance with all 11 provisions of Section 10 of RFC2026. 13 Internet-Drafts are working documents of the Internet Engineering Task 14 Force (IETF), its areas, and its working groups. Note that other groups 15 may also distribute working documents as Internet-Drafts. 17 Internet-Drafts are draft documents valid for a maximum of six months 18 and may be updated, replaced, or obsoleted by other documents at any 19 time. It is inappropriate to use Internet-Drafts as reference material 20 or to cite them other than as "work in progress." 22 To view the list Internet-Draft Shadow Directories, see 23 http://www.ietf.org/shadow.html. 25 Abstract 27 This document describes how to prepare internationalized domain name 28 labels in order to increase the likelihood that name input and name 29 comparison work in ways that make sense for typical users throughout the 30 world. This profile of the stringprep protocol is used as part of a 31 suite of on-the-wire protocols for internationalizing the DNS. 33 1. Introduction 35 This document specifies processing rules that will allow users to enter 36 internationalized domain names in applications and have the highest 37 chance of getting the content of the strings correct. It is a profile of 38 stringprep [STRINGPREP]. These processing rules are only intended for 39 internationalized domain names, not for arbitrary text. 41 This profile defines the following, as required by [STRINGPREP] 43 - The intended applicability of the profile: internationalized 44 domain names processed by IDNA 46 - The character repertoire that is the input and output to stringprep: 47 Unicode 3.1, specified in Section 2 49 - The mappings used: specified in Section 3 51 - The Unicode normalization used: specified in Section 4 53 - The characters that are prohibited as output: specified in section 5 55 1.1 Interaction of protocol parts 57 Nameprep is used by the IDNA [IDNA] protocol for preparing domain names; 58 it is not designed for any other purpose. It is explicitly not designed 59 for processing arbitrary free text and SHOULD NOT be used for that 60 purpose. Nameprep is a profile of Stringprep [STRINGPREP]. 61 Implementations of Nameprep MUST fully implement Stringprep. 63 Nameprep is used to process domain name labels, not domain names. IDNA 64 calls nameprep for each label in a domain name, not for the whole domain 65 name. 67 1.2 Terminology 69 The key words "MUST", "MUST NOT", "SHOULD", "SHOULD NOT", and 70 "MAY" in this document are to be interpreted as described in RFC 2119 71 [RFC2119]. 73 2. Character Repertoire 75 This profile uses Unicode 3.1, as defined in [STRINGPREP] Appendix 76 A.1. 78 3. Mapping 80 This profile specifies mapping using the following tables from 81 [STRINGPREP]: 82 Table B.1 83 Table B.2 85 4. Normalization 87 This profile specifies using Unicode normalization form KC, as described 88 in [STRINGPREP]. 90 5. Prohibited Output 92 This profile specifies prohibiting using the following tables from 93 [STRINGPREP]: 94 Table C.1 95 Table C.2 96 Table C.3 97 Table C.4 98 Table C.5 99 Table C.6 100 Table C.7 101 Table C.8 102 Table C.9 104 IMPORTANT NOTE: This profile MUST be used with the IDNA protocol. The 105 IDNA protocol has additional prohibitions that are checked outside of 106 this profile. 108 In addition, this profile adds the prohibitions. Thus, the full set of 109 prohibited characters are those from the tables above plus those listed 110 individually below. 112 5.1 Inappropriate characters from common input mechanisms 114 U+3002 is used as if it were U+002E in many domain name input mechanisms 115 used by applications, particularly in Asia. Thus, U+3002 is prohibited 116 in domain names by this specification. 118 3002; IDEOGRAPHIC FULL STOP 120 6. Unassigned Code Points in Internationalized Domain Names 122 If the processing in [IDNA] specifies that a list of unassigned code 123 points be used, the system uses table A.1 from [STRINGPREP] as its list 124 of unassigned code points. 126 7. References 128 7.1 Normative references 130 [IDNA] Patrik Faltstrom, Paul Hoffman, and Adam M. Costello, 131 "Internationalizing Domain Names in Applications (IDNA)", 132 draft-ietf-idn-idna, work-in-progress. 134 [STRINGPREP] Paul Hoffman and Marc Blanchet, "Preparation of 135 Internationalized Strings ("stringprep")", draft-hoffman-stringprep, 136 work in progress. 138 7.2 Informative references 140 [RFC2119] Scott Bradner, "Key words for use in RFCs to Indicate 141 Requirement Levels", March 1997, RFC 2119. 143 [STD13] Paul Mockapetris, "Domain names - concepts and facilities" (RFC 144 1034) and "Domain names - implementation and specification" (RFC 1035, 145 STD 13, November 1987. 147 8. Security Considerations 149 The Unicode and ISO/IEC 10646 repertoires have many characters that look 150 similar. In many cases, users of security protocols might do visual 151 matching, such as when comparing the names of trusted third parties. 152 Because it is impossible to map similar-looking characters without a 153 great deal of context such as knowing the fonts used, 154 stringprep does nothing to map similar-looking characters together nor 155 to prohibit some characters because they look like others. 157 Security on the Internet partly relies on the DNS. Thus, any change 158 to the characteristics of the DNS can change the security of much of the 159 Internet. 161 Domain names are used by users to connect to Internet servers. The 162 security of the Internet would be compromised if a user entering a 163 single internationalized name could be connected to different servers 164 based on different interpretations of the internationalized domain name. 166 Current applications might assume that the characters allowed in domain 167 names will always be the same as they are in [STD13]. This document 168 vastly increases the number of characters available in domain names. 169 Every program that uses "special" characters in conjunction with domain 170 names may be vulnerable to attack based on the new characters allowed by 171 this specification. 173 9. IANA Considerations 175 This is a profile of stringprep. When it becomes an RFC, it should be 176 registered in the stringprep profile registry. 178 10. Acknowledgements 180 Many people from the IETF IDN Working Group and the Unicode Technical 181 Committee contributed ideas that went into the first draft of this 182 document. 184 The IDN namprep design team made many useful changes to the first 185 draft. That team and its advisors include: 187 Asmus Freytag 188 Cathy Wissink 189 Francois Yergeau 190 James Seng 191 Marc Blanchet 192 Mark Davis 193 Martin Duerst 194 Patrik Faltstrom 195 Paul Hoffman 197 Additional significant improvements were proposed by: 199 Jonathan Rosenne 200 Kent Karlsson 201 Scott Hollenbeck 202 Dave Crocker 203 Erik Nordmark 205 11. Author Contact Information 207 Paul Hoffman 208 Internet Mail Consortium and VPN Consortium 209 127 Segre Place 210 Santa Cruz, CA 95060 USA 211 paul.hoffman@imc.org and paul.hoffman@vpnc.org 213 Marc Blanchet 214 Viagenie inc. 215 2875 boul. Laurier, bur. 300 216 Ste-Foy, Quebec, Canada, G1V 2M2 217 Marc.Blanchet@viagenie.qc.ca