idnits 2.17.1 draft-ietf-idnabis-protocol-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 16. -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on line 1248. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 1259. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 1266. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 1272. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The draft header indicates that this document obsoletes RFC3490, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (July 27, 2008) is 5749 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'ASCII' is defined on line 771, but no explicit reference was found in the text == Unused Reference: 'Unicode' is defined on line 810, but no explicit reference was found in the text -- Possible downref: Non-RFC (?) normative reference: ref. 'IDNA2008-BIDI' ** Downref: Normative reference to an Informational draft: draft-ietf-idnabis-rationale (ref. 'IDNA2008-Rationale') -- Possible downref: Non-RFC (?) normative reference: ref. 'Unicode-PropertyValueAliases' -- Possible downref: Non-RFC (?) normative reference: ref. 'Unicode-RegEx' -- Possible downref: Non-RFC (?) normative reference: ref. 'Unicode-Scripts' -- Possible downref: Non-RFC (?) normative reference: ref. 'Unicode-UAX15' -- Obsolete informational reference (is this intentional?): RFC 2535 (Obsoleted by RFC 4033, RFC 4034, RFC 4035) -- Obsolete informational reference (is this intentional?): RFC 2671 (Obsoleted by RFC 6891) -- Obsolete informational reference (is this intentional?): RFC 3490 (Obsoleted by RFC 5890, RFC 5891) -- Obsolete informational reference (is this intentional?): RFC 4952 (Obsoleted by RFC 6530) Summary: 2 errors (**), 0 flaws (~~), 3 warnings (==), 18 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group J. Klensin 3 Internet-Draft July 27, 2008 4 Obsoletes: 3490 (if approved) 5 Intended status: Standards Track 6 Expires: January 28, 2009 8 Internationalized Domain Names in Applications (IDNA): Protocol 9 draft-ietf-idnabis-protocol-03.txt 11 Status of this Memo 13 By submitting this Internet-Draft, each author represents that any 14 applicable patent or other IPR claims of which he or she is aware 15 have been or will be disclosed, and any of which he or she becomes 16 aware will be disclosed, in accordance with Section 6 of BCP 79. 18 Internet-Drafts are working documents of the Internet Engineering 19 Task Force (IETF), its areas, and its working groups. Note that 20 other groups may also distribute working documents as Internet- 21 Drafts. 23 Internet-Drafts are draft documents valid for a maximum of six months 24 and may be updated, replaced, or obsoleted by other documents at any 25 time. It is inappropriate to use Internet-Drafts as reference 26 material or to cite them other than as "work in progress." 28 The list of current Internet-Drafts can be accessed at 29 http://www.ietf.org/ietf/1id-abstracts.txt. 31 The list of Internet-Draft Shadow Directories can be accessed at 32 http://www.ietf.org/shadow.html. 34 This Internet-Draft will expire on January 28, 2009. 36 Abstract 38 This document supplies the protocol definition for a revised and 39 updated specification for internationalized domain names (IDNs). The 40 rationale for these changes, the relationship to the older 41 specification, and important terminology are provided in other 42 documents. This document specifies the protocol mechanism, called 43 Internationalizing Domain Names in Applications (IDNA), for 44 registering and looking up IDNs in a way that does not require 45 changes to the DNS itself. IDNA is only meant for processing domain 46 names, not free text. 48 Table of Contents 50 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 51 1.1. Discussion Forum . . . . . . . . . . . . . . . . . . . . . 4 52 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 53 3. Requirements and Applicability . . . . . . . . . . . . . . . . 5 54 3.1. Requirements . . . . . . . . . . . . . . . . . . . . . . . 5 55 3.2. Applicability . . . . . . . . . . . . . . . . . . . . . . 5 56 3.2.1. DNS Resource Records . . . . . . . . . . . . . . . . . 6 57 3.2.2. Non-domain-name Data Types Stored in the DNS . . . . . 6 58 4. Registration Protocol . . . . . . . . . . . . . . . . . . . . 6 59 4.1. Proposed label . . . . . . . . . . . . . . . . . . . . . . 6 60 4.2. Conversion to Unicode and Normalization . . . . . . . . . 7 61 4.3. Permitted Character and Label Validation . . . . . . . . . 7 62 4.3.1. Rejection of Characters that are not Permitted . . . . 7 63 4.3.2. Label Validation . . . . . . . . . . . . . . . . . . . 7 64 4.3.3. Registration Validation Summary . . . . . . . . . . . 8 65 4.4. Registry Restrictions . . . . . . . . . . . . . . . . . . 9 66 4.5. Punycode Conversion . . . . . . . . . . . . . . . . . . . 9 67 4.6. Insertion in the Zone . . . . . . . . . . . . . . . . . . 9 68 5. Domain Name Resolution (Lookup) Protocol . . . . . . . . . . . 9 69 5.1. Label String Input . . . . . . . . . . . . . . . . . . . . 10 70 5.2. Conversion to Unicode . . . . . . . . . . . . . . . . . . 10 71 5.3. Character Changes in Preprocessing or the User 72 Interface . . . . . . . . . . . . . . . . . . . . . . . . 10 73 5.4. A-label Input . . . . . . . . . . . . . . . . . . . . . . 11 74 5.5. Validation and Character List Testing . . . . . . . . . . 11 75 5.6. Punycode Conversion . . . . . . . . . . . . . . . . . . . 13 76 5.7. DNS Name Resolution . . . . . . . . . . . . . . . . . . . 13 77 6. Name Server Considerations . . . . . . . . . . . . . . . . . . 13 78 6.1. Processing Non-ASCII Strings . . . . . . . . . . . . . . . 13 79 6.2. DNSSEC Authentication of IDN Domain Names . . . . . . . . 13 80 6.3. Root and other DNS Server Considerations . . . . . . . . . 14 81 7. Security Considerations . . . . . . . . . . . . . . . . . . . 14 82 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 83 9. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . . 15 84 9.1. Changes between Version -00 and -01 of 85 draft-ietf-idnabis-protocol . . . . . . . . . . . . . . . 15 86 9.2. Version -02 . . . . . . . . . . . . . . . . . . . . . . . 15 87 9.3. Version -03 . . . . . . . . . . . . . . . . . . . . . . . 16 88 10. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 16 89 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 16 90 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 17 91 12.1. Normative References . . . . . . . . . . . . . . . . . . . 17 92 12.2. Informative References . . . . . . . . . . . . . . . . . . 18 93 Appendix A. The Contextual Rules Registry . . . . . . . . . . . . 19 94 Appendix B. Contextual Rules Registry - Alternate Syntax . . . . 22 95 B.1. HYPHEN-MINUS . . . . . . . . . . . . . . . . . . . . . . . 23 96 B.2. ZERO WIDTH NON-JOINER . . . . . . . . . . . . . . . . . . 23 97 B.3. ZERO WIDTH JOINER . . . . . . . . . . . . . . . . . . . . 24 98 B.4. MIDDLE DOT . . . . . . . . . . . . . . . . . . . . . . . . 24 99 B.5. GREEK LOWER NUMERAL SIGN (KERAIA) . . . . . . . . . . . . 25 100 B.6. MODIFIER LETTER PRIME . . . . . . . . . . . . . . . . . . 25 101 B.7. COMBINING CYRILLIC TITLO . . . . . . . . . . . . . . . . . 26 102 B.8. HEBREW PUNCTUATION GERESH . . . . . . . . . . . . . . . . 26 103 B.9. HEBREW PUNCTUATION GERSHAYIM . . . . . . . . . . . . . . . 26 104 B.10. IDEOGRAPHIC ITERATION MARK; . . . . . . . . . . . . . . . 27 105 B.11. VERTICAL IDEOGRAPHIC ITERATION MARK . . . . . . . . . . . 27 106 B.12. KATAKANA MIDDLE DOT . . . . . . . . . . . . . . . . . . . 27 107 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 28 108 Intellectual Property and Copyright Statements . . . . . . . . . . 29 110 1. Introduction 112 This document supplies the protocol definition for a revised and 113 updated specification for internationalized domain names. The 114 rationale for these changes and relationship to the older 115 specification and some new terminology is provided in other 116 documents, notably [IDNA2008-Rationale]. 118 IDNA works by allowing applications to use certain ASCII string 119 labels (beginning with a special prefix) to represent non-ASCII name 120 labels. Lower-layer protocols need not be aware of this; therefore 121 IDNA does not depend on changes to any infrastructure. In 122 particular, IDNA does not depend on any changes to DNS servers, 123 resolvers, or protocol elements, because the ASCII name service 124 provided by the existing DNS is entirely sufficient for IDNA. 126 IDNA is applied only to DNS labels. Standards for combining labels 127 into fully-qualified domain names and parsing labels out of those 128 names are covered in the base DNS standards [RFC1035]. An 129 application may, of course, apply locally-appropriate conventions to 130 the presentation forms of domain names as discussed in 131 [IDNA2008-Rationale]. 133 While they share terminology, reference data, and some operations, 134 this document describes two separate protocols, one for IDN 135 registration (Section 4) and one for IDN lookup (Section 5). 137 A good deal of the background material that appeared in RFC 3490 has 138 been removed from this update. That material is either of historical 139 interest only or has been covered from a more recent perspective in 140 RFC 4690 [RFC4690] and [IDNA2008-Rationale]. 142 [[anchor2: Note in Draft: This document still needs more specifics 143 about how to perform some of the tests in the Registration and Lookup 144 protocols described below. Those details will be supplied in a later 145 revision, but the intent should be clear from the existing text.]] 147 1.1. Discussion Forum 149 [[anchor4: RFC Editor: please remove this section.]] 151 This work is being discussed in the IETF IDNABIS WG and on the 152 mailing list idna-update@alvestrand.no 154 2. Terminology 156 General terminology applicable to IDNA, but with meanings familiar to 157 those who have worked with Unicode or other character set standards 158 and the DNS, appears in [IDNA2008-Rationale]. Terminology that is an 159 integral, normative, part of the IDNA definition, including the 160 definitions of "ACE", appears in that document as well. Familiarity 161 with the terminology materials in that document is assumed for 162 reading this one. The reader of this document is assumed to be 163 familiar with DNS-specific terminology as defined in RFC 1034 164 [RFC1034]. 166 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 167 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 168 document are to be interpreted as described in BCP 14, RFC 2119 169 [RFC2119]. 171 3. Requirements and Applicability 173 3.1. Requirements 175 IDNA conformance means adherence to the following requirements: 177 1. Whenever a domain name is put into an IDN-unaware domain name 178 slot (see Section 2 and [IDNA2008-Rationale]), it MUST contain 179 only ASCII characters (i.e., must be either an A-label or an LDH- 180 label), or must be a label associated with a DNS application that 181 is not subject to either IDNA or the historical recommendations 182 for "hostname"-style names [RFC1034]. 184 2. Comparison of labels MUST be done on the A-label form, using an 185 ASCII case-insensitive comparison as with all comparisons of DNS 186 labels. 188 3. Labels being registered MUST conform to the requirements of 189 Section 4. Labels being looked up and the lookup process MUST 190 conform to the requirements of Section 5. 192 3.2. Applicability 194 IDNA is applicable to all domain names in all domain name slots 195 except where it is explicitly excluded. It is not applicable to 196 domain name slots which do not use the LDH syntax rules. 198 This implies that IDNA is applicable to many protocols that predate 199 IDNA. Note that IDNs occupying domain name slots in those older 200 protocols MUST be in A-label form until and unless those protocols 201 and implementations of them are upgraded. 203 3.2.1. DNS Resource Records 205 IDNA applies only to domain names in the NAME and RDATA fields of DNS 206 resource records whose CLASS is IN. 208 There are currently no other exclusions on the applicability of IDNA 209 to DNS resource records. Applicability depends entirely on the 210 CLASS, and not on the TYPE except as noted below. This will remain 211 true, even as new types are defined, unless there is a compelling 212 reason for a new type that requires type-specific rules. The special 213 naming conventions applicable to SRV records are examples of type- 214 specific rules that are incompatible with IDNA coding. Hence the 215 first two labels (the ones required to start in "_") on a record with 216 TYPE SRV MUST NOT be A-labels or U-labels (while it would be possible 217 to write a non-ASCII string with a leading underscore, conversion to 218 an A-label would be impossible without loss of information because 219 the underscore is not a letter, digit, or hyphen). Of course, those 220 labels may be part of a domain that uses IDN labels at higher levels 221 in the tree. 223 3.2.2. Non-domain-name Data Types Stored in the DNS 225 Although IDNA enables the representation of non-ASCII characters in 226 domain names, that does not imply that IDNA enables the 227 representation of non-ASCII characters in other data types that are 228 stored in domain names, specifically in the RDATA field for types 229 that have structured RDATA format. For example, an email address 230 local part is stored in a domain name in the RNAME field as part of 231 the RDATA of an SOA record (hostmaster@example.com would be 232 represented as hostmaster.example.com). IDNA specifically does not 233 update the existing email standards, which allow only ASCII 234 characters in local parts. Even though work is in progress to define 235 internationalization for email addresses [RFC4952], changes to the 236 email address part of the SOA RDATA would require action in other 237 standards, specifically those that specify the format of the SOA RR. 239 4. Registration Protocol 241 This section defines the procedure for registering an IDN. The 242 procedure is implementation independent; any sequence of steps that 243 produces exactly the same result for all labels is considered a valid 244 implementation. 246 4.1. Proposed label 248 The registrant submits a request for an IDN. The user typically 249 produces the request string by the keyboard entry of a character 250 sequence in the local native character set (which might, of course, 251 be Unicode). The registry MAY permit submission of labels in A-label 252 form. If it does so, it SHOULD perform a conversion to a U-label, 253 perform the steps and tests described below, and verify that the 254 A-label produced by the step in Section 4.5 matches the one provided 255 as input. If, for some reason, it does not, the registration MUST be 256 rejected. 257 [[anchor9: Editorial: Should the sentences starting with "The 258 registry" be moved to 4.3? I.e., would they be more in sequence 259 there?]] 261 4.2. Conversion to Unicode and Normalization 263 Some system routine, or a localized front-end to the IDNA process, 264 ensures that the proposed label is a Unicode string or converts it to 265 one as appropriate. That string MUST be in Unicode Normalization 266 Form C (NFC [Unicode-UAX15]). 268 As a local implementation choice, the implementation MAY choose to 269 map some forbidden characters to permitted characters (for instance 270 mapping uppercase characters to lowercase ones), displaying the 271 result to the user, and allowing processing to continue. However, it 272 is strongly recommended that, to avoid any possible ambiguity, 273 entities responsible for zone files ("registries") accept 274 registrations only for A-labels (to be converted to U-labels by the 275 registry) or U-labels actually produced from A-labels, not forms 276 expected to be converted by some other process. 278 4.3. Permitted Character and Label Validation 280 4.3.1. Rejection of Characters that are not Permitted 282 The Unicode string is checked to verify that no characters that IDNA 283 does not permit in input appear in it. Those characters are 284 identified in the "DISALLOWED" and "UNASSIGNED" lists that are 285 discussed in [IDNA2008-Rationale]. The normative rules for producing 286 that list and the initial version of it are specified in 287 [IDNA2008-Tables]. Characters that are either DISALLOWED or 288 UNASSIGNED MUST NOT be part of labels being processed for 289 registration in the DNS. 291 4.3.2. Label Validation 293 The proposed label (in the form of a Unicode string, i.e., a putative 294 U-label) is then examined, performing tests that require examination 295 of more than one character. 297 4.3.2.1. Rejection of Confusing or Hostile Sequences in U-labels 299 The Unicode string MUST NOT contain "--" (two consecutive hyphens) in 300 the third and fourth character positions. 302 4.3.2.2. Leading Combining Marks 304 The first character of the string is examined to verify that it is 305 not a combining mark. If it is a combining mark, the string MUST NOT 306 be registered. 308 4.3.2.3. Contextual Rules 310 Each code point is checked for its identification as characters 311 requiring contextual processing for registration (the list of 312 characters appears as the combination of CONTEXTJ and CONTEXTO in 313 [IDNA2008-Tables]). If that indication appears, the table of 314 contextual rules is checked for a rule for that character. If no 315 rule is found, the proposed label is rejected and MUST NOT be 316 installed in a zone file. If one is found, it is applied (typically 317 as a test on the entire label or on adjacent characters). If the 318 application of the rule does not conclude that the character is valid 319 in context, the proposed label MUST BE rejected. (See the IANA 320 Considerations: IDNA Context Registry section of [IDNA2008-Rationale] 321 and Appendix A of this document.) 323 4.3.2.4. Labels Containing Characters Written Right to Left 325 Additional special tests for right-to-left strings are applied (See 326 [IDNA2008-BIDI]. Strings that contain right to left characters that 327 do not conform to the rule(s) identified there MUST NOT be inserted 328 in zone files. 329 [[anchor15: If the bidi specification continues to specify checking 330 more than one label, this subsection will need to be revised and/or 331 moved to a separate "FQDN validation" section.]] 333 4.3.3. Registration Validation Summary 335 Strings that have been produced by the steps above, and whose 336 contents pass the above tests, are U-labels. 338 To summarize, tests are made here for invalid characters, invalid 339 combinations of characters, and for labels that are invalid even if 340 the characters they contain are valid individually. For example, 341 labels containing invisible ("zero-width") characters may be 342 permitted in context with characters whose presentation forms are 343 significantly changed by the presence or absence of the zero-width 344 characters, while other labels in which zero-width characters appear 345 may be rejected. 346 [[anchor17: Should the example text be removed or moved? Note that 347 I've been strongly encouraged to supply specific examples to reduce 348 abstraction and questions about the appropriateness of the text. 349 -JcK]] 351 4.4. Registry Restrictions 353 Registries at all levels of the DNS, not just the top level, are 354 expected to establish policies about the labels that may be 355 registered, and for the processes associated with that action. While 356 exact policies are not specified as part of IDNA2008 and it is 357 expected that different registries may specify different policies, 358 there SHOULD be policies. These per-registry policies and 359 restrictions are an essential element of the IDNA registration 360 protocol even for registries (and corresponding zone files) deep in 361 the DNS hierarchy. As discussed in [IDNA2008-Rationale], such 362 restrictions have always existed in the DNS. 364 The string produced by the above steps is checked and processed as 365 appropriate to local registry restrictions. Application of those 366 registry restrictions may result in the rejection of some labels or 367 the application of special restrictions to others. 369 4.5. Punycode Conversion 371 The resulting U-label is converted to an A-label (i.e., the encoding 372 of that label according to the Punycode algorithm [RFC3492] with the 373 ACE prefix added, i.e., the "xn--..." form). 374 [[anchor18: Explain why 3492 failures cannot occur or explain what to 375 do if they do.]] 377 4.6. Insertion in the Zone 379 The A-label is registered in the DNS by insertion into a zone. 381 5. Domain Name Resolution (Lookup) Protocol 383 Resolution is conceptually different from registration and different 384 tests are applied on the client. Although some validity checks are 385 necessary to avoid serious problems with the protocol (see 386 Section 5.5 ff.), the resolution-side tests are more permissive and 387 rely heavily on the assumption that names that are present in the DNS 388 are valid. 390 5.1. Label String Input 392 The user supplies a string in the local character set, typically by 393 typing it or clicking on, or copying and pasting, a resource 394 identifier, e.g., a URI [RFC3986] or IRI [RFC3987] from which the 395 domain name is extracted. Or some process not directly involving the 396 user may read the string from a file or obtain it in some other way. 397 Processing in this step and the next two are local matters, to be 398 accomplished prior to actual invocation of IDNA, but at least these 399 two steps must be accomplished in some way. 401 5.2. Conversion to Unicode 403 The string is converted from the local character set into Unicode, if 404 it is not already Unicode. The exact nature of this conversion is 405 beyond the scope of this document, but may involve normalization, as 406 described in Section 4.2. 408 5.3. Character Changes in Preprocessing or the User Interface 410 The Unicode string MAY then be processed, in a way specific to the 411 local environment, to make the result of the IDNA processing match 412 user expectations. For instance, it would be reasonable, at this 413 step, to convert all upper case characters to lower case, if this 414 makes sense in the user's environment. 416 Other examples of processing for localization might be applied, if 417 appropriate, at this point. They include interpreting various 418 characters as separating domain name components from each other 419 (label separators) because they either look like periods or are used 420 to separate sentences, mapping different "width" forms of the same 421 character into the one form permitted in labels[[anchor20: This needs 422 clarification]], or giving special treatment to characters whose 423 presentation forms are dependent only on placement in the label. 424 Such localization changes are also outside the scope of this 425 specification. 427 Recommendations for preprocessing for global contexts (i.e., when 428 local considerations do not apply or cannot be used) and for maximum 429 interoperability with labels that might have been specified under 430 liberal readings of IDNA2003 are given in [IDNA2008-Rationale]. 432 [[anchor21: The question of preprocessing remains controversial in 433 the WG. One school of thought is that, for compatibility with 434 IDNA2003, preprocessing should be standardized and required, with 435 only one form permitted. Another sees important advantages in having 436 the mappings between U-labels and A-labels be symmetric, unambiguous, 437 and information-preserving. And a third believes that local mappings 438 will occur regardless of what we specify and that it is better to 439 specify the protocol on that basis than to indirectly encourage local 440 inventions. The first group (and perhaps others) believe that local 441 mappings will be, to put it mildly, "very bad... for 442 interoperability.]] 444 Because these transformations are local, it is important that domain 445 names that might be passed between systems (e.g., in IRIs) be 446 U-labels or A-labels and not forms that might be accepted locally as 447 a consequence of this step. This step is not standardized as part of 448 IDNA, and is not further specified here. 450 5.4. A-label Input 452 If the input to this procedure appears to be an A-label (i.e., it 453 starts in "xn--"), the lookup application MAY attempt to convert it 454 to a U-label and apply the tests of Section 5.5 and, of course, the 455 conversion of Section 5.6 to that form. If the A-label is converted 456 to a U-label then the processing specified in those two sections MUST 457 yield an A-label identical to the original one. See also 458 Section 6.1. 460 In general, that conversion and testing should be performed if the 461 domain name will later be presented to the user in native character 462 form (this requires that the lookup application be IDNA-aware). 463 Applications that are not IDNA-aware will obviously omit that 464 testing; others may treat the string as opaque to avoid the 465 additional processing at the expense of providing less protection and 466 information to users. 468 5.5. Validation and Character List Testing 470 As with the registration procedure, the Unicode string is checked to 471 verify that all characters that appear in it are valid for IDNA 472 resolution input. As discussed above and in [IDNA2008-Rationale], 473 the resolution check is more liberal than the registration one. 474 Putative labels with any of the following characteristics MUST BE 475 rejected prior to DNS lookup: 477 o Labels containing code points that are unassigned in the version 478 of Unicode being used by the application, i.e., in the 479 "Unassigned" Unicode category or the UNASSIGNED category of 480 [IDNA2008-Tables]. 482 o Labels that are not in NFC form. 484 o Labels containing prohibited code points, i.e., those that are 485 assigned to the "DISALLOWED" category in the permitted character 486 table [IDNA2008-Tables]. 488 o Labels containing code points that are shown in the permitted 489 character table as requiring a contextual rule and that are 490 flagged as requiring exceptional special processing on lookup 491 ("CONTEXTJ" in the Tables) MUST conform to the rule, which MUST be 492 present. 494 o Labels containing other code points that are shown in the 495 permitted character table as requiring a contextual rule 496 ("CONTEXTO" in the tables), but for which no such rule appears in 497 the table of rules. With the exception in the rule immediately 498 above, applications resolving DNS names or carrying out equivalent 499 operations are not required to test contextual rules, only to 500 verify that a rule exists. 502 o Labels whose first character is a combining mark. [[anchor23: Note 503 in Draft: this definition may need to be further tightened.]] 505 In addition, the application SHOULD apply the following test. The 506 test may be omitted in special circumstances, such as when the 507 resolver application knows that the conditions are enforced 508 elsewhere, because an attempt to resolve such strings will almost 509 certainly lead to a DNS lookup failure. However, applying the test 510 is likely to give much better information about the reason for a 511 lookup failure -- information that may be usefully passed to the user 512 when that is feasible -- then DNS resolution failure alone. In any 513 event, resolvers should avoid looking up labels that are invalid 514 under that test. 515 [[anchor24: Should this be a MUST? Pro: this is the only remaining 516 SHOULD (true?), the test is relatively straightforward, and it helps 517 avoid visual ambiguity. Con: the "special circumstances" that might 518 justify doing something different are explained above.]] 520 o Verification that the string is compliant with the requirements 521 for right to left characters, specified in [IDNA2008-BIDI]. 523 For all other strings, the resolver MUST rely on the presence or 524 absence of labels in the DNS to determine the validity of those 525 labels and the validity of the characters they contain. If they are 526 registered, they are presumed to be valid; if they are not, their 527 possible validity is not relevant. A resolver that declines to look 528 up a string that conforms to the above rules is not in conformance 529 with this protocol. 531 5.6. Punycode Conversion 533 The validated string, a U-label, is converted to an A-label using the 534 Punycode algorithm with the ACE prefix added. 536 5.7. DNS Name Resolution 538 The A-label is looked up in the DNS, using normal DNS procedures. 540 6. Name Server Considerations 542 6.1. Processing Non-ASCII Strings 544 Existing DNS servers do not know the IDNA rules for handling non- 545 ASCII forms of IDNs, and therefore need to be shielded from them. 546 All existing channels through which names can enter a DNS server 547 database (for example, master files (as described in RFC 1034) and 548 DNS update messages [RFC2136]) are IDN-unaware because they predate 549 IDNA. Other sections of this document provide the needed shielding 550 by ensuring that internationalized domain names entering DNS server 551 databases through such channels have already been converted to their 552 equivalent ASCII A-label forms. 554 Because of the design of the algorithms in Section 4 and Section 5 (a 555 domain name containing only ASCII codepoints can not be converted to 556 an A-label), there can not be more than one A-label form for any 557 given U-label. 559 The current update to the definition of the DNS protocol [RFC2181] 560 explicitly allows domain labels to contain octets beyond the ASCII 561 range (0000..007F), and this document does not change that. Note, 562 however, that there is no defined interpretation of octets 0080..00FF 563 as characters. If labels containing these octets are returned to 564 applications, unpredictable behavior could result. The A-label form, 565 which cannot contain those characters, is the only standard 566 representation for internationalized labels in the current DNS 567 protocol. 569 6.2. DNSSEC Authentication of IDN Domain Names 571 DNS Security [RFC2535] is a method for supplying cryptographic 572 verification information along with DNS messages. Public Key 573 Cryptography is used in conjunction with digital signatures to 574 provide a means for a requester of domain information to authenticate 575 the source of the data. This ensures that it can be traced back to a 576 trusted source, either directly or via a chain of trust linking the 577 source of the information to the top of the DNS hierarchy. 579 IDNA specifies that all internationalized domain names served by DNS 580 servers that cannot be represented directly in ASCII must use the 581 A-label form. Conversion to A-labels must be performed prior to a 582 zone being signed by the private key for that zone. Because of this 583 ordering, it is important to recognize that DNSSEC authenticates a 584 domain name containing A-labels or conventional LDH-labels, not 585 U-labels. In the presence of DNSSEC, no form of a zone file or query 586 response that contains a U-label may be signed or the signature 587 validated. 589 One consequence of this for sites deploying IDNA in the presence of 590 DNSSEC is that any special purpose proxies or forwarders used to 591 transform user input into IDNs must be earlier in the resolution flow 592 than DNSSEC authenticating nameservers for DNSSEC to work. 594 6.3. Root and other DNS Server Considerations 596 IDNs in A-label form will generally be somewhat longer than current 597 domain names, so the bandwidth needed by the root servers is likely 598 to go up by a small amount. Also, queries and responses for IDNs 599 will probably be somewhat longer than typical queries historically, 600 so EDNS0 [RFC2671] support may be more important (otherwise, queries 601 and responses may be forced to go to TCP instead of UDP). 603 7. Security Considerations 605 The general security principles and issues for IDNA appear in 606 [IDNA2008-Rationale]. The comments below are specific to this pair 607 of protocols, but should be read in the context of that material and 608 the definitions and specifications, identified there, on which this 609 one depends. 611 This memo describes procedures for registering and looking up labels 612 that are not compatible with the preferred syntax described in the 613 base DNS specifications (STD13 [RFC1034] [RFC1035] and Host 614 Requirements [RFC1123]) because they contain non-ASCII characters. 615 These procedures depend on the use of a special ASCII-compatible 616 encoding form that contains only characters permitted in host names 617 by those earlier specifications. The encoding is specified in 618 [RFC3492]. No security issues such as string length increases or new 619 allowed values are introduced by the encoding process or the use of 620 these encoded values, apart from those introduced by the ACE encoding 621 itself. 623 Domain names (or portions of them) are sometimes compared against a 624 set domains to be given special treatment if a match occurs, e.g., 625 treated as more privileged than others or blocked in some way. In 626 such situations it is especially important that the comparisons be 627 done properly, as specified in requirement 2 of Section 3.1. For 628 labels already in ASCII form (i.e., are LDH-labels or A-labels), the 629 proper comparison reduces to the same case-insensitive ASCII 630 comparison that has always been used for ASCII labels. 632 The introduction of IDNA means that any existing labels that start 633 with the ACE prefix would be construed as A-labels, at least until 634 they failed one of the relevant tests, whether or not that was the 635 intent of the zone administrator or registrant. There is no evidence 636 that this has caused any practical problems since RFC 3490 was 637 adopted, but the risk still exists in principle. 639 8. IANA Considerations 641 IANA actions for this version of IDNA are specified in 642 [IDNA2008-Rationale]. 644 9. Change Log 646 [[anchor30: RFC Editor: Please remove this section.]] 648 9.1. Changes between Version -00 and -01 of draft-ietf-idnabis-protocol 650 o Corrected discussion of SRV records. 652 o Several small corrections for clarity. 654 o Inserted more "open issue" placeholders. 656 9.2. Version -02 658 o Rewrote the "conversion to Unicode" text in Section 5.2 as 659 requested on-list. 661 o Added a comment (and reference) about EDNS0 to the "DNS Server 662 Conventions" section, which was also retitled. 664 o Made several editorial corrections and improvements in response to 665 various comments. 667 o Added several new discussion placeholder anchors and updated some 668 older ones. 670 9.3. Version -03 672 o Trimmed change log, removing information about pre-WG drafts. 674 o Incorporated a number of changes suggested by Marcos Sanz in his 675 note of 2008.07.17 and added several more placeholder anchors. 677 o Several minor editorial corrections and improvements. 679 o "Editor" designation temporarily removed because the automatic 680 posting machinery does not accept it. 682 10. Contributors 684 While the listed editor held the pen, the original versions of this 685 document represent the joint work and conclusions of an ad hoc design 686 team consisting of the editor and, in alphabetic order, Harald 687 Alvestrand, Tina Dam, Patrik Faltstrom, and Cary Karp. This document 688 draws significantly on the original version of IDNA [RFC3490] both 689 conceptually and for specific text. This second-generation version 690 would not have been possible without the work that went into that 691 first version and its authors, Patrik Faltstrom, Paul Hoffman, and 692 Adam Costello. While Faltstrom was actively involved in the creation 693 of this version, Hoffman and Costello were not and should not be held 694 responsible for any errors or omissions. 696 11. Acknowledgements 698 This revision to IDNA would have been impossible without the 699 accumulated experience since RFC 3490 was published and resulting 700 comments and complaints of many people in the IETF, ICANN, and other 701 communities, too many people to list here. Nor would it have been 702 possible without RFC 3490 itself and the efforts of the Working Group 703 that defined it. Those people whose contributions are acknowledged 704 in RFC 3490, [RFC4690], and [IDNA2008-Rationale] were particularly 705 important. 707 Specific textual changes were incorporated into this document after 708 suggestions from Stephane Bortzmeyer, Mark Davis, and others. 710 12. References 711 12.1. Normative References 713 [IDNA2008-BIDI] 714 Alvestrand, H. and C. Karp, "An updated IDNA criterion for 715 right-to-left scripts", July 2008, . 718 [IDNA2008-Rationale] 719 Klensin, J., Ed., "Internationalizing Domain Names for 720 Applications (IDNA): Issues, Explanation, and Rationale", 721 July 2008, . 724 [IDNA2008-Tables] 725 Faltstrom, P., "The Unicode Codepoints and IDNA", 726 July 2008, . 729 A version of this document is available in HTML format at 730 http://stupid.domain.name/idnabis/ 731 draft-ietf-idnabis-tables-02.html 733 [RFC1034] Mockapetris, P., "Domain names - concepts and facilities", 734 STD 13, RFC 1034, November 1987. 736 [RFC1035] Mockapetris, P., "Domain names - implementation and 737 specification", STD 13, RFC 1035, November 1987. 739 [RFC1123] Braden, R., "Requirements for Internet Hosts - Application 740 and Support", STD 3, RFC 1123, October 1989. 742 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 743 Requirement Levels", BCP 14, RFC 2119, March 1997. 745 [RFC3492] Costello, A., "Punycode: A Bootstring encoding of Unicode 746 for Internationalized Domain Names in Applications 747 (IDNA)", RFC 3492, March 2003. 749 [Unicode-PropertyValueAliases] 750 The Unicode Consortium, "Unicode Character Database: 751 PropertyValueAliases", March 2008, . 754 [Unicode-RegEx] 755 The Unicode Consortium, "Unicode Technical Standard #18: 756 Unicode Regular Expressions", May 2005, 757 . 759 [Unicode-Scripts] 760 The Unicode Consortium, "Unicode Standard Annex #24: 761 Unicode Script Property", February 2008, 762 . 764 [Unicode-UAX15] 765 The Unicode Consortium, "Unicode Standard Annex #15: 766 Unicode Normalization Forms", 2006, 767 . 769 12.2. Informative References 771 [ASCII] American National Standards Institute (formerly United 772 States of America Standards Institute), "USA Code for 773 Information Interchange", ANSI X3.4-1968, 1968. 775 ANSI X3.4-1968 has been replaced by newer versions with 776 slight modifications, but the 1968 version remains 777 definitive for the Internet. 779 [RFC2136] Vixie, P., Thomson, S., Rekhter, Y., and J. Bound, 780 "Dynamic Updates in the Domain Name System (DNS UPDATE)", 781 RFC 2136, April 1997. 783 [RFC2181] Elz, R. and R. Bush, "Clarifications to the DNS 784 Specification", RFC 2181, July 1997. 786 [RFC2535] Eastlake, D., "Domain Name System Security Extensions", 787 RFC 2535, March 1999. 789 [RFC2671] Vixie, P., "Extension Mechanisms for DNS (EDNS0)", 790 RFC 2671, August 1999. 792 [RFC3490] Faltstrom, P., Hoffman, P., and A. Costello, 793 "Internationalizing Domain Names in Applications (IDNA)", 794 RFC 3490, March 2003. 796 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 797 Resource Identifier (URI): Generic Syntax", STD 66, 798 RFC 3986, January 2005. 800 [RFC3987] Duerst, M. and M. Suignard, "Internationalized Resource 801 Identifiers (IRIs)", RFC 3987, January 2005. 803 [RFC4690] Klensin, J., Faltstrom, P., Karp, C., and IAB, "Review and 804 Recommendations for Internationalized Domain Names 805 (IDNs)", RFC 4690, September 2006. 807 [RFC4952] Klensin, J. and Y. Ko, "Overview and Framework for 808 Internationalized Email", RFC 4952, July 2007. 810 [Unicode] The Unicode Consortium, "The Unicode Standard, Version 811 5.0", 2007. 813 Boston, MA, USA: Addison-Wesley. ISBN 0-321-48091-0 815 Appendix A. The Contextual Rules Registry 817 [[anchor38: Note in Draft: The WG seems to be concluding that this 818 material should actually be in the Tables document, possibly with 819 some additional material added from Rationale. Unless there are 820 objections and consensus on some other plan, that move will be made 821 with -03 of this document. Regardless of where they are placed, the 822 WG will still need to review the specific content of the rules. In 823 this version of the document, the table remains something of a 824 illustrative placeholder, not a final specification.]] 826 [[anchor39: The next appendix sketches out an alternate way to 827 present this information. See the notes there.]] 829 As discussed in the IANA Considerations section of 830 [IDNA2008-Rationale], a registry of rules that define the contexts in 831 which particular PROTOCOL-VALID characters, characters associated 832 with a requirement for Contextual Information, are permitted. These 833 rules are expressed as tests on the label in which the characters 834 appear (all, or any part of, the label may be tested). [[anchor40: 835 Probably the IANA registry spec should be moved directly from 836 Rationale to Tables -- see above.]] 838 For each character specified as requiring a contextual rule, a rule 839 MAY be established with the following data elements: 841 1. The code point associated with the character. 843 2. The name of the character. 845 3. An indication as to whether the code point requires the rule be 846 processed at lookup time (this indication is equivalent to the 847 difference between "CONTEXTJ" and "CONTEXTO" in the tables 848 document [IDNA2008-Tables]). 850 4. A prose description of the contextual rule. 852 5. A description of the contextual rule using Unicode Regular 853 Expression notation [Unicode-RegEx]. Only a Level 1 854 implementation is needed for the expressions below, which also 855 make reference to the Unicode Script definition [Unicode-Scripts] 856 and the Unicode Property Value Aliases list 857 [Unicode-PropertyValueAliases]. Note that in these regular 858 expressions, the label is taken to be an entire line, i.e., "^" 859 refers to the beginning of the label and "$" refers to the end of 860 the label. 862 These regular expressions are used as tests. The contextual 863 requirement is met if there is a match for the regular expression 864 and not met if there is no match. 866 [[anchor41: Patrik and I (JcK) would like to find a way to state 867 these rules that does not require the reader and implementer to 868 understand what we believe to be a fairly exotic element of the 869 Unicode specification. See the second Appendix for a possible 870 alternative. Suggestions welcome.]] 872 6. An optional comment preceded by "#" 874 Should there be any conflict between the two statements of a rule, 875 the regular expression form MUST be considered normative until the 876 registry can be corrected. 878 The rules for the characters listed in the Tables document as 879 exception cases or Join_Controls and for which rules are being 880 defined at this time appear below. 882 [[anchor42: Note in draft: This table is not complete and the rule 883 entries below are temporarily only examples.]] 885 002D; HYPHEN-MINUS; F; 886 Must not appear at the beginning or end of a label; 887 Regular expression: 888 [^^]\u002D|\u002D[^$] ; 889 # Note that there are some additional prohibitions in the 890 specification on consecutive hyphens in anything but a valid 891 A-label. 893 200C; ZERO WIDTH NON-JOINER; T; 894 Between two characters from the same script only. The script must 895 be one in which the use of this character causes significant 896 visual transformation of one or both of the adjacent characters; 897 Regular expression: 898 [\p(Script:Deva)\p(Script:Tamil)]\u200C[\p(Script:Deva)\p(Script: 899 Tamil)] ; 900 [[anchor43: That script list is _not_ complete and, in particular, 901 more Indic scripts certainly need to be listed. It also does not 902 correctly express the "same script" restriction mentioned in the 903 prose, since it only tests adjacent characters.]] This character 904 is also required for Arabic script. The minimal restriction is 905 \p(Joining_Type:L)\p(Joining_Type:T)*\u200C\p(Joining_Type: 906 T)*\p(Joining_Type:R) ; 907 ; more narrow restrictions may be suggested by the Arabic script 908 group. 910 200D; ZERO WIDTH JOINER; T; 911 Between two characters from the same script only. The script must 912 be one in which the use of this character causes significant 913 visual transformation of one or both of the adjacent characters; 914 Regular expression: 915 [\p(Script:Deva)\p(Script:Tamil)]+ 916 \u200D[\p(Script:Deva)\p(Script:Tamil)]+ ; 917 [[anchor44: That script list is _not_ complete and, in particular, 918 more Indic scripts certainly need to be listed. It also does not 919 correctly express the "same script" restriction mentioned in the 920 prose, since it only tests adjacent characters. This character is 921 not required for Arabic script.]] 923 00B7; MIDDLE DOT; F; 924 Between two 'l' (U+006C) characters only, used to permit the 925 Catalan character ela geminada to be expressed; 926 Regular expression: 927 \u006C\u00B7\u006C ; 929 0375; GREEK LOWER NUMERAL SIGN (KERAIA); F; 930 Greek script only. Might be further restricted to specific 931 following characters; 932 Regular expression: 933 \u0375\p(Script:Greek) ; 935 02B9; MODIFIER LETTER PRIME; F;;; 936 # Permitted only in contexts in which GREEK LOWER NUMERAL SIGN, 937 U+0375, is permitted. GREEK NUMERAL SIGN, U+0374, and the Lower 938 Numeral Sign (U+0375) are indicators for numeric use of letters in 939 older Greek writing systems. U+02B9 is relevant because 940 normalization maps U+0374 into it.; 941 Regular expression: 942 \p(Script:Greek)\u02B9\p(Script:Greek) ; 943 [[anchor45: The test is that the adjacent characters be in the 944 Greek script. It is not clear whether this is sufficient. The 945 requirement for a preceding Greek letter may not be necessary. 946 More input needed.]] 948 0483; COMBINING CYRILLIC TITLO; F; 949 Cyrillic script only. Might be further restricted to permit only 950 a preceding list of characters. 951 Regular expression: 952 \p(Script:Cyrillic)\u0483 ; 954 05F3; HEBREW PUNCTUATION GERESH; F; 955 The script of the preceding character and the subsequent 956 character, if any, MUST be Hebrew; 957 Regular expression: 958 \p(Script:Hebrew)\u05F3\p(Script:Hebrew)? ; 960 05F4; HEBREW PUNCTUATION GERSHAYIM; F 961 The script of the preceding character and the subsequent 962 character, if any, MUST be Hebrew; 963 Regular expression: 964 \p(Script:Hebrew)\u05F4\p(Script:Hebrew)? ; 966 3005; IDEOGRAPHIC ITERATION MARK; F; 967 MUST NOT be at the beginning of the label, and the previous 968 character MUST be in Han Script; 969 Regular expression: 970 \p(Script:Hani)\u3005 ; 972 303B; VERTICAL IDEOGRAPHIC ITERATION MARK; F; 973 MUST NOT be at the beginning of the label, and the previous 974 character MUST be in Han Script; 975 Regular expression: 976 \p(Script:Hani)\u303B ; 978 30FB; KATAKANA MIDDLE DOT; F; 979 Adjacent characters MUST be Katakana; 980 Regular expression: 981 \p(Script:Kana)\u30FB\p(Script:Kana) ; 983 While the information above is to be used to initialize the registry, 984 IANA should treat the table format in this Appendix simply as an 985 initial, tentative, suggestion. Subject to review and comment from 986 the IESG and any Expert Reviewers, IANA is responsible for, and 987 should develop, a format for that registry, or a copy of it 988 maintained in parallel, that is convenient for retrieval and machine 989 processing and publish the location of that version. 991 Appendix B. Contextual Rules Registry - Alternate Syntax 993 [[anchor46: This Appendix is temporary. It illustrates, for 994 discussion, a possible way of presenting the Contextual Rules as a 995 procedural pseudocode rule set rather than as a regular expression or 996 property list and also shows a bit of the layout suggested by Mark 997 Davis. Each entry consists of the name for identification, followed 998 by an informal description, the code point, and the rule set. Note 999 that the two appendices are alternate forms of the same information; 1000 only one should be moved to Tablss; the other will be deleted.]] 1002 [[anchor47: The grammatical rules and operations for the pseudocode 1003 below are left as an exercise for the reader in this draft. Note 1004 however that the "Before" and "After" operations, by themselves, 1005 match anything including null, i.e., BeforeScript would match any 1006 script if the character was the first one in the label. Obviously, 1007 if something satisfies all of the rules, then it is contextually 1008 valid. If any of them yield "False" than it isn't. If we decide to 1009 go in this direction, we should form a small ad hoc committee to 1010 either sort that out or possibly convert it to standard Prolog.]] 1012 B.1. HYPHEN-MINUS 1014 Code point: 002D 1016 Overview: Must appear at the beginning or end of a label. 1018 Lookup: False 1020 Rule Set: 1022 If FirstChar .eq. True Then False; 1023 If LastChar .eq. Then False; 1024 Else True; 1026 Comment: Note that there are some additional prohibitions in the 1027 specification on consecutive hyphens in anything but a valid 1028 A-label. 1030 B.2. ZERO WIDTH NON-JOINER 1032 Code point: 200C 1034 Overview: Between two characters from the same script only. The 1035 script must be one in which the use of this character causes 1036 significant visual transformation of one or both of the adjacent 1037 characters. 1039 Lookup: True 1040 Rule Set: 1042 If BeforeScript .eq. ( Deva | Tamil | Arabic ) Then 1043 If AfterScript .eq. ( Deva | Tamil | Arabic ) Then True; 1044 Else False; 1046 [[anchor50: That script list is _not_ complete and, in particular, 1047 more Indic scripts certainly need to be listed. It also does not 1048 correctly express the "same script" restriction mentioned in the 1049 prose, since it only tests adjacent characters.]] 1051 This character is also required for Arabic script. The minimal 1052 restriction (in regex form) is 1053 \p(Joining_Type:L)\p(Joining_Type:T)*\u200C\p(Joining_Type: 1054 T)*\p(Joining_Type:R) ; 1055 ; more narrow restrictions may be suggested by the Arabic script 1056 group. 1058 B.3. ZERO WIDTH JOINER 1060 Code point: 200D 1062 Overview: Between two characters from the same script only. The 1063 script must be one in which the use of this character causes 1064 significant visual transformation of one or both of the adjacent 1065 characters. 1067 Lookup: True 1069 Rule Set: 1071 If BeforeScript .eq. ( Deva | Tamil | Arabic ) Then 1072 If AfterScript .eq. ( Deva | Tamil | Arabic ) Then True; 1073 Else False; 1075 [[anchor52: The script list for this character is _not_ complete 1076 and, in particular, more Indic scripts certainly need to be 1077 listed. It also does not correctly express the "same script" 1078 restriction mentioned in the prose, since it only tests adjacent 1079 characters. This character is not required for Arabic script.]] 1081 B.4. MIDDLE DOT 1083 Code point: 00B7 1084 Overview: Between 'l' (U+006C) characters only, used to permit the 1085 Catalan character ela geminada to be expressed 1087 Lookup: False 1089 Rule Set: 1091 If BeforeChar .eq. \006C Then 1092 If AfterChar .eq. \006C Then True; 1093 Else False; 1095 B.5. GREEK LOWER NUMERAL SIGN (KERAIA) 1097 Code point: 0375 1099 Overview: Greek script only. Might be further restricted to 1100 specific following characters 1102 Lookup: False 1104 Rule Set: 1106 If AfterScript .eq. Greek Then True; 1107 Else False; 1109 B.6. MODIFIER LETTER PRIME 1111 Code point: 02B9 1113 Overview: Permitted only in contexts in which GREEK LOWER NUMERAL 1114 SIGN, U+0375, is permitted. GREEK NUMERAL SIGN, U+0374, and the 1115 Lower Numeral Sign (U+0375) are indicators for numeric use of 1116 letters in older Greek writing systems. U+02B9 is relevant 1117 because normalization maps U+0374 into it. 1119 Lookup: False 1121 Rule Set: 1123 BeforeScript If .eq. Greek Then 1124 If AfterScript .eq. Greek Then True; 1125 Else False; 1127 Comment: [[anchor56: The test is that the adjacent characters be in 1128 the Greek script. It is not clear whether this is sufficient. 1129 The requirement for a preceding Greek letter may not be necessary. 1130 More input needed.]] 1132 B.7. COMBINING CYRILLIC TITLO 1134 Code point: 0483 1136 Overview: Cyrillic script only. Might be further restricted to 1137 permit only a preceding list of characters. 1139 Lookup: False 1141 Rule Set: 1143 If BeforeScript .eq. Cyrillic Then 1144 If AfterScript .eq. Cyrillic Then True; 1145 Else False; 1147 B.8. HEBREW PUNCTUATION GERESH 1149 Code point: 05F3 1151 Overview: The script of the preceding character and the subsequent 1152 character, if any, MUST be Hebrew. 1154 Lookup: False 1156 Rule Set: 1158 If FirstChar .eq. True then False; 1159 Else If BeforeScript .eq. Hebrew Then 1160 If AfterScript .eq. Hebrew Then True; 1161 Else False; 1163 B.9. HEBREW PUNCTUATION GERSHAYIM 1165 Code point: 05F4 1167 Overview: The script of the preceding character and the subsequent 1168 character, if any, MUST be Hebrew. 1170 Lookup: False 1172 Rule Set: 1174 If FirstChar .eq. True then False; 1175 Else If BeforeScript .eq. Hebrew Then 1176 If AfterScript .eq. Hebrew Then True; 1177 Else False; 1179 B.10. IDEOGRAPHIC ITERATION MARK; 1181 Code point: 3005 1183 Overview: MUST NOT be at the beginning of the label, and the 1184 previous character MUST be in Han Script. 1186 Lookup: False 1188 Rule Set: 1190 If FirstChar .eq. True Then False; 1191 Else If BeforeScript .eq. Han Then True; 1192 Else False; 1194 B.11. VERTICAL IDEOGRAPHIC ITERATION MARK 1196 Code point: 303B 1198 Overview: MUST NOT be at the beginning of the label, and the 1199 previous character MUST be in Han Script. 1201 Lookup: False 1203 Rule Set: 1205 If FirstChar .eq. True Then False; 1206 Else If BeforeScript .eq. Han Then True; 1207 Else False; 1209 B.12. KATAKANA MIDDLE DOT 1211 Code point: 30FB 1213 Overview: Adjacent characters MUST be Katakana. 1215 Lookup: False 1217 Rule Set: 1219 If FirstChar .eq. True Then False; 1220 Else If BeforeScript .eq. Kana Then 1221 If AfterScript .eq. Kana Then True; 1222 Else False; 1224 Author's Address 1226 John C Klensin 1227 1770 Massachusetts Ave, Ste 322 1228 Cambridge, MA 02140 1229 USA 1231 Phone: +1 617 245 1457 1232 Email: john+ietf@jck.com 1234 Full Copyright Statement 1236 Copyright (C) The IETF Trust (2008). 1238 This document is subject to the rights, licenses and restrictions 1239 contained in BCP 78, and except as set forth therein, the authors 1240 retain all their rights. 1242 This document and the information contained herein are provided on an 1243 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 1244 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND 1245 THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS 1246 OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF 1247 THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 1248 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 1250 Intellectual Property 1252 The IETF takes no position regarding the validity or scope of any 1253 Intellectual Property Rights or other rights that might be claimed to 1254 pertain to the implementation or use of the technology described in 1255 this document or the extent to which any license under such rights 1256 might or might not be available; nor does it represent that it has 1257 made any independent effort to identify any such rights. Information 1258 on the procedures with respect to rights in RFC documents can be 1259 found in BCP 78 and BCP 79. 1261 Copies of IPR disclosures made to the IETF Secretariat and any 1262 assurances of licenses to be made available, or the result of an 1263 attempt made to obtain a general license or permission for the use of 1264 such proprietary rights by implementers or users of this 1265 specification can be obtained from the IETF on-line IPR repository at 1266 http://www.ietf.org/ipr. 1268 The IETF invites any interested party to bring to its attention any 1269 copyrights, patents or patent applications, or other proprietary 1270 rights that may cover technology that may be required to implement 1271 this standard. Please address the information to the IETF at 1272 ietf-ipr@ietf.org.