idnits 2.17.1
draft-ietf-idnabis-protocol-14.txt:
Checking boilerplate required by RFC 5378 and the IETF Trust (see
https://trustee.ietf.org/license-info):
----------------------------------------------------------------------------
** The document seems to lack a License Notice according IETF Trust
Provisions of 28 Dec 2009, Section 6.b.i or Provisions of 12 Sep 2009
Section 6.b -- however, there's a paragraph with a matching beginning.
Boilerplate error?
(You're using the IETF Trust Provisions' Section 6.b License Notice from
12 Feb 2009 rather than one of the newer Notices. See
https://trustee.ietf.org/license-info/.)
Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/checklist :
----------------------------------------------------------------------------
-- The draft header indicates that this document obsoletes RFC3490, but the
abstract doesn't seem to mention this, which it should.
-- The draft header indicates that this document updates RFC3492, but the
abstract doesn't seem to mention this, which it should.
Miscellaneous warnings:
----------------------------------------------------------------------------
== The copyright year in the IETF Trust and authors Copyright Line does not
match the current year
(Using the creation date from RFC3492, updated by this document, for
RFC5378 checks: 2002-01-10)
-- The document seems to contain a disclaimer for pre-RFC5378 work, and may
have content which was first submitted before 10 November 2008. The
disclaimer is necessary when there are original authors that you have
been unable to contact, or if some do not wish to grant the BCP78 rights
to the IETF Trust. If you are able to get all authors (current and
original) to grant those rights, you can and should remove the
disclaimer; otherwise, the disclaimer is needed and you can ignore this
comment. (See the Legal Provisions document at
https://trustee.ietf.org/license-info for more information.)
-- The document date (August 9, 2009) is 5371 days in the past. Is this
intentional?
Checking references for intended status: Proposed Standard
----------------------------------------------------------------------------
(See RFCs 3967 and 4897 for information about using normative references
to lower-maturity documents in RFCs)
== Unused Reference: 'RFC1123' is defined on line 618, but no explicit
reference was found in the text
== Unused Reference: 'Unicode-PropertyValueAliases' is defined on line 628,
but no explicit reference was found in the text
== Unused Reference: 'Unicode-RegEx' is defined on line 633, but no
explicit reference was found in the text
== Unused Reference: 'Unicode-Scripts' is defined on line 638, but no
explicit reference was found in the text
== Unused Reference: 'ASCII' is defined on line 650, but no explicit
reference was found in the text
== Unused Reference: 'RFC2136' is defined on line 669, but no explicit
reference was found in the text
== Unused Reference: 'RFC2181' is defined on line 673, but no explicit
reference was found in the text
== Unused Reference: 'RFC2535' is defined on line 676, but no explicit
reference was found in the text
-- Possible downref: Non-RFC (?) normative reference: ref. 'IDNA2008-BIDI'
-- Possible downref: Non-RFC (?) normative reference: ref.
'Unicode-PropertyValueAliases'
-- Possible downref: Non-RFC (?) normative reference: ref. 'Unicode-RegEx'
-- Possible downref: Non-RFC (?) normative reference: ref. 'Unicode-Scripts'
-- Possible downref: Non-RFC (?) normative reference: ref. 'Unicode-UAX15'
-- No information found for draft-ietf-idnabis-mapping - is the name
correct?
-- Obsolete informational reference (is this intentional?): RFC 2535
(Obsoleted by RFC 4033, RFC 4034, RFC 4035)
-- Obsolete informational reference (is this intentional?): RFC 2671
(Obsoleted by RFC 6891)
-- Obsolete informational reference (is this intentional?): RFC 3490
(Obsoleted by RFC 5890, RFC 5891)
-- Obsolete informational reference (is this intentional?): RFC 3491
(Obsoleted by RFC 5891)
-- Obsolete informational reference (is this intentional?): RFC 4952
(Obsoleted by RFC 6530)
Summary: 1 error (**), 0 flaws (~~), 9 warnings (==), 15 comments (--).
Run idnits with the --verbose option for more detailed information about
the items above.
--------------------------------------------------------------------------------
2 Network Working Group J. Klensin
3 Internet-Draft August 9, 2009
4 Obsoletes: 3490, 3491
5 (if approved)
6 Updates: 3492 (if approved)
7 Intended status: Standards Track
8 Expires: February 10, 2010
10 Internationalized Domain Names in Applications (IDNA): Protocol
11 draft-ietf-idnabis-protocol-14.txt
13 Status of this Memo
15 This Internet-Draft is submitted to IETF in full conformance with the
16 provisions of BCP 78 and BCP 79. This document may contain material
17 from IETF Documents or IETF Contributions published or made publicly
18 available before November 10, 2008. The person(s) controlling the
19 copyright in some of this material may not have granted the IETF
20 Trust the right to allow modifications of such material outside the
21 IETF Standards Process. Without obtaining an adequate license from
22 the person(s) controlling the copyright in such materials, this
23 document may not be modified outside the IETF Standards Process, and
24 derivative works of it may not be created outside the IETF Standards
25 Process, except to format it for publication as an RFC or to
26 translate it into languages other than English.
28 Internet-Drafts are working documents of the Internet Engineering
29 Task Force (IETF), its areas, and its working groups. Note that
30 other groups may also distribute working documents as Internet-
31 Drafts.
33 Internet-Drafts are draft documents valid for a maximum of six months
34 and may be updated, replaced, or obsoleted by other documents at any
35 time. It is inappropriate to use Internet-Drafts as reference
36 material or to cite them other than as "work in progress."
38 The list of current Internet-Drafts can be accessed at
39 http://www.ietf.org/ietf/1id-abstracts.txt.
41 The list of Internet-Draft Shadow Directories can be accessed at
42 http://www.ietf.org/shadow.html.
44 This Internet-Draft will expire on February 10, 2010.
46 Copyright Notice
48 Copyright (c) 2009 IETF Trust and the persons identified as the
49 document authors. All rights reserved.
51 This document is subject to BCP 78 and the IETF Trust's Legal
52 Provisions Relating to IETF Documents in effect on the date of
53 publication of this document (http://trustee.ietf.org/license-info).
54 Please review these documents carefully, as they describe your rights
55 and restrictions with respect to this document.
57 Abstract
59 This document is the revised protocol definition for
60 internationalized domain names (IDNs). The rationale for changes,
61 the relationship to the older specification, and important
62 terminology are provided in other documents. This document specifies
63 the protocol mechanism, called Internationalizing Domain Names in
64 Applications (IDNA), for registering and looking up IDNs in a way
65 that does not require changes to the DNS itself. IDNA is only meant
66 for processing domain names, not free text.
68 Table of Contents
70 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5
71 1.1. Discussion Forum . . . . . . . . . . . . . . . . . . . . . 5
72 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
73 3. Requirements and Applicability . . . . . . . . . . . . . . . . 6
74 3.1. Requirements . . . . . . . . . . . . . . . . . . . . . . . 6
75 3.2. Applicability . . . . . . . . . . . . . . . . . . . . . . 6
76 3.2.1. DNS Resource Records . . . . . . . . . . . . . . . . . 7
77 3.2.2. Non-domain-name Data Types Stored in the DNS . . . . . 7
78 4. Registration Protocol . . . . . . . . . . . . . . . . . . . . 7
79 4.1. Input to IDNA Registration Process . . . . . . . . . . . . 8
80 4.2. Permitted Character and Label Validation . . . . . . . . . 8
81 4.2.1. Input Format . . . . . . . . . . . . . . . . . . . . . 8
82 4.2.2. Rejection of Characters that are not Permitted . . . . 8
83 4.2.3. Label Validation . . . . . . . . . . . . . . . . . . . 8
84 4.2.4. Registration Validation Summary . . . . . . . . . . . 9
85 4.3. Registry Restrictions . . . . . . . . . . . . . . . . . . 9
86 4.4. Punycode Conversion . . . . . . . . . . . . . . . . . . . 10
87 4.5. Insertion in the Zone . . . . . . . . . . . . . . . . . . 10
88 5. Domain Name Lookup Protocol . . . . . . . . . . . . . . . . . 10
89 5.1. Label String Input . . . . . . . . . . . . . . . . . . . . 10
90 5.2. Conversion to Unicode . . . . . . . . . . . . . . . . . . 11
91 5.3. A-label Input . . . . . . . . . . . . . . . . . . . . . . 11
92 5.4. Validation and Character List Testing . . . . . . . . . . 11
93 5.5. Punycode Conversion . . . . . . . . . . . . . . . . . . . 13
94 5.6. DNS Name Resolution . . . . . . . . . . . . . . . . . . . 13
95 6. Security Considerations . . . . . . . . . . . . . . . . . . . 13
96 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
97 8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 14
98 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 14
99 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14
100 10.1. Normative References . . . . . . . . . . . . . . . . . . . 14
101 10.2. Informative References . . . . . . . . . . . . . . . . . . 16
102 Appendix A. Summary of Major Changes from IDNA2003 . . . . . . . 17
103 Appendix B. Change Log . . . . . . . . . . . . . . . . . . . . . 18
104 B.1. Changes between Version -00 and -01 of
105 draft-ietf-idnabis-protocol . . . . . . . . . . . . . . . 18
106 B.2. Version -02 . . . . . . . . . . . . . . . . . . . . . . . 18
107 B.3. Version -03 . . . . . . . . . . . . . . . . . . . . . . . 18
108 B.4. Version -04 . . . . . . . . . . . . . . . . . . . . . . . 19
109 B.5. Version -05 . . . . . . . . . . . . . . . . . . . . . . . 19
110 B.6. Version -06 . . . . . . . . . . . . . . . . . . . . . . . 19
111 B.7. Version -07 . . . . . . . . . . . . . . . . . . . . . . . 19
112 B.8. Version -08 . . . . . . . . . . . . . . . . . . . . . . . 19
113 B.9. Version -09 . . . . . . . . . . . . . . . . . . . . . . . 20
114 B.10. Version -10 . . . . . . . . . . . . . . . . . . . . . . . 20
115 B.11. Version -11 . . . . . . . . . . . . . . . . . . . . . . . 21
116 B.12. Version -12 . . . . . . . . . . . . . . . . . . . . . . . 21
117 B.13. Version -13 . . . . . . . . . . . . . . . . . . . . . . . 21
118 B.14. Version -14 . . . . . . . . . . . . . . . . . . . . . . . 22
119 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 22
121 1. Introduction
123 This document supplies the protocol definition for internationalized
124 domain names. Essential definitions and terminology for
125 understanding this document and a road map of the collection of
126 documents that make up IDNA2008 appear in [IDNA2008-Defs].
127 Appendix A discusses the relationship between this specification and
128 the earlier version of IDNA (referred to here as "IDNA2003") and the
129 rationale for these changes, along with considerable explanatory
130 material and advice to zone administrators who support IDNs is
131 provided in another document, [IDNA2008-Rationale].
133 IDNA works by allowing applications to use certain ASCII string
134 labels (beginning with a special prefix) to represent non-ASCII name
135 labels. Lower-layer protocols need not be aware of this; therefore
136 IDNA does not changes any infrastructure. In particular, IDNA does
137 not depend on any changes to DNS servers, resolvers, or protocol
138 elements, because the ASCII name service provided by the existing DNS
139 can be used for IDNA.
141 IDNA applies only to DNS labels. The base DNS standards [RFC1034]
142 [RFC1035] and their various updates specify how to combine labels
143 into fully-qualified domain names and parse labels out of those
144 names.
146 This document describes two separate protocols, one for IDN
147 registration (Section 4) and one for IDN lookup (Section 5), that
148 share some terminology, reference data and operations. [[anchor2:
149 Note in draft: See the note in the introduction to.]]Section 5
151 1.1. Discussion Forum
153 [[anchor4: RFC Editor: please remove this section.]]
155 This work is being discussed in the IETF IDNABIS WG and on the
156 mailing list idna-update@alvestrand.no
158 2. Terminology
160 Terminology used in IDNA, but also in Unicode or other character set
161 standards and the DNS, appears in [IDNA2008-Defs]. Terminology that
162 is required as part of the IDNA definition, including the definitions
163 of "ACE", appears in that document as well. Readers of this document
164 are assumed to be familiar with [IDNA2008-Defs] and with the DNS-
165 specific terminology in RFC 1034 [RFC1034].
167 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
168 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
169 document are to be interpreted as described in BCP 14, RFC 2119
170 [RFC2119].
172 3. Requirements and Applicability
174 3.1. Requirements
176 IDNA makes the following requirements:
178 1. Whenever a domain name is put into an IDN-unaware domain name
179 slot (see Section 2 and [IDNA2008-Defs]), it MUST contain only
180 ASCII characters (i.e., must be either an A-label or an NR-LDH-
181 label), unless the DNS application is not subject to historical
182 recommendations for "hostname"-style names (see [RFC1034] and
183 Section 3.2.1).
185 2. Labels MUST be compared using equivalent forms: either both
186 A-Label forms or both U-Label forms. Because A-labels and
187 U-labels can be transformed into each other without loss of
188 information, these comparisons are equivalent. A pair of
189 A-labels MUST be compared as case-insensitive ASCII (as with all
190 comparisons of ASCII DNS labels). U-labels must be compared
191 as-is, without case-folding or other intermediate steps. Note
192 that it is not necessary to validate labels in order to compare
193 them. In many cases, validation may be important for other
194 reasons and SHOULD be performed.
196 3. Labels being registered MUST conform to the requirements of
197 Section 4. Labels being looked up and the lookup process MUST
198 conform to the requirements of Section 5.
200 3.2. Applicability
202 IDNA applies to all domain names in all domain name slots in
203 protocols except where it is explicitly excluded. It does not apply
204 to domain name slots which do not use the Letter/Digit/Hyphen (LDH)
205 syntax rules.
207 Because it uses the DNS, IDNA applies to many protocols that were
208 specified before it was designed. IDNs occupying domain name slots
209 in those older protocols MUST be in A-label form until and unless
210 those protocols and implementations of them are explicitly upgraded
211 to be aware of IDNs in Unicode. IDNs actually appearing in DNS
212 queries or responses MUST be A-labels.
214 IDNA is not defined for extended label types (see RFC 2671, Section 3
216 [RFC2671]).
218 3.2.1. DNS Resource Records
220 IDNA applies only to domain names in the NAME and RDATA fields of DNS
221 resource records whose CLASS is IN. See RFC 1034 [RFC1034] for
222 precise definitions of these terms.
224 The application of IDNA to DNS resource records depends entirely on
225 the CLASS of the record, and not on the TYPE except as noted below.
226 This will remain true, even as new types are defined, unless a new
227 type defines type-specific rules. Special naming conventions for SRV
228 records (and "underscore names" more generally) are incompatible with
229 IDNA coding. The first two labels on a SRV type record (the ones
230 required to start in "_") MUST NOT be A-labels or U-labels, because
231 conversion to an A-label would lose information (since the underscore
232 is not a letter, digit, or hyphen and is consequently DISALLOWED in
233 IDNs). Of course, those labels may be part of a domain that uses IDN
234 labels at higher levels in the tree.
236 3.2.2. Non-domain-name Data Types Stored in the DNS
238 Although IDNA enables the representation of non-ASCII characters in
239 domain names, that does not imply that IDNA enables the
240 representation of non-ASCII characters in other data types that are
241 stored in domain names, specifically in the RDATA field for types
242 that have structured RDATA format. For example, an email address
243 local part is stored in a domain name in the RNAME field as part of
244 the RDATA of an SOA record (hostmaster@example.com would be
245 represented as hostmaster.example.com). IDNA does not update the
246 existing email standards, which allow only ASCII characters in local
247 parts. Even though work is in progress to define
248 internationalization for email addresses [RFC4952], changes to the
249 email address part of the SOA RDATA would require action in, or
250 updates to, other standards, specifically those that specify the
251 format of the SOA RR.
253 4. Registration Protocol
255 This section defines the procedure for registering an IDN. The
256 procedure is implementation independent; any sequence of steps that
257 produces exactly the same result for all labels is considered a valid
258 implementation.
260 Note that, while the registration and lookup protocols (Section 5)
261 are very similar in most respects, they are different and
262 implementers should carefully follow the appropriate steps.
264 4.1. Input to IDNA Registration Process
266 Registration processes, especially processing by entities, such as
267 "registrars" who deal with registrants before the request actually
268 reaches the zone manager ("registry") are outside the scope of these
269 protocols and may differ significantly depending on local needs. By
270 the time a string enters the IDNA registration process as described
271 in this specification, it is expected to be in Unicode and MUST be in
272 Unicode Normalization Form C (NFC [Unicode-UAX15]). Entities
273 responsible for zone files ("registries") are expected to accept only
274 the exact string for which registration is requested, free of any
275 mappings or local adjustments. They SHOULD avoid any possible
276 ambiguity by accepting registrations only for A-labels, possibly
277 paired with the relevant U-labels so that they can verify the
278 correspondence.
280 4.2. Permitted Character and Label Validation
282 4.2.1. Input Format
284 The registry SHOULD permit submission of labels in A-label form and
285 is encouraged to accept both the A-label form and the U-label one.
286 If it does so, it MUST perform a conversion to a U-label, perform the
287 steps and tests described below, and verify that the A-label produced
288 by the step in Section 4.4 matches the one provided as input. In
289 addition, if a U-label was provided, that U-label and the one
290 obtained by conversion of the A-label MUST match exactly. If, for
291 some reason, these tests fail, the registration MUST be rejected. If
292 the conversion to a U-label is not performed, the registry MUST still
293 verify that the A-label is superficially valid, i.e., that it does
294 not violate any of the rules of Punycode [RFC3492] encoding such as
295 the prohibition on trailing hyphen-minus, appearance of non-basic
296 characters before the delimiter, and so on. Fake A-labels, i.e.,
297 invalid strings that appear to be A-labels but are not, MUST NOT be
298 placed in DNS zones that support IDNA.
300 4.2.2. Rejection of Characters that are not Permitted
302 The candidate Unicode string MUST NOT contain characters in the
303 "DISALLOWED" and "UNASSIGNED" lists specified in [IDNA2008-Tables].
305 4.2.3. Label Validation
307 The proposed label (in the form of a Unicode string, i.e., a string
308 that at least superficially appears to be a U-label) is then
309 examined, performing tests that require examination of more than one
310 character. Character order is considered to be the on-the-wire
311 order, not the display order.
313 4.2.3.1. Consecutive Hyphens
315 The Unicode string MUST NOT contain "--" (two consecutive hyphens) in
316 the third and fourth character positions.
318 4.2.3.2. Leading Combining Marks
320 The Unicode string MUST NOT begin with a combining mark or combining
321 character (see The Unicode Standard, Section 2.11 [Unicode] for an
322 exact definition).
324 4.2.3.3. Contextual Rules
326 The Unicode string MUST NOT contain any characters whose validity is
327 context-dependent, unless the validity is positively confirmed by a
328 contextual rule. To check this, each code-point marked as CONTEXTJ
329 and CONTEXTO in [IDNA2008-Tables] MUST have a non-null rule. If such
330 a code-point is missing a rule, it is invalid. If the rule exists
331 but the result of applying the rule is negative or inconclusive, the
332 proposed label is invalid.
334 4.2.3.4. Labels Containing Characters Written Right to Left
336 If the proposed label contains any characters that are written from
337 right to left it MUST meet the "bidi" criteria [IDNA2008-BIDI].
339 4.2.4. Registration Validation Summary
341 Strings that contain at least one non-ASCII character, have been
342 produced by the steps above, whose contents pass all of the tests in
343 Section 4.2, and are 63 or fewer characters long in ACE form (see
344 Section 4.4), are U-labels.
346 To summarize, tests are made in Section 4.2 for invalid characters,
347 invalid combinations of characters, for labels that are invalid even
348 if the characters they contain are valid individually, and for labels
349 that do not conform to the restrictions for strings containing right
350 to left characters.
352 4.3. Registry Restrictions
354 In addition to the rules and tests above, there are many reasons why
355 a registry could reject a label. Registries at all levels of the
356 DNS, not just the top level, establish policies about label
357 registrations. Policies are likely to be informed by the local
358 languages and may depend on many factors including what characters
359 are in the label (for example, a label may be rejected based on other
360 labels already registered). See [IDNA2008-Rationale] for a
361 discussion and recommendations about registry policies.
363 The string produced by the steps in Section 4.2 is checked and
364 processed as appropriate to local registry restrictions. Application
365 of those registry restrictions may result in the rejection of some
366 labels or the application of special restrictions to others.
368 4.4. Punycode Conversion
370 The resulting U-label is converted to an A-label (defined in
371 [IDNA2008-Defs] [[anchor13: Insert section number]]). The A-label is
372 the encoding of the U-label according to the Punycode algorithm
373 [RFC3492] with the ACE prefix "xn--" added at the beginning of the
374 string. The resulting string must, of course, conform to the length
375 limits imposed by the DNS. This document updates RFC 3492 only to
376 the extent of replacing the reference to the discussion of the ACE
377 prefix. The ACE prefix is now specified in this document rather than
378 as part of RFC 3490 or Nameprep [RFC3491] but is the same in both
379 sets of documents.
381 The failure conditions identified in the Punycode encoding procedure
382 cannot occur if the input is a U-label as determined by the steps
383 above.
385 4.5. Insertion in the Zone
387 The A-label is registered in the DNS by insertion into a zone.
389 5. Domain Name Lookup Protocol
391 Lookup is different from registration and different tests are applied
392 on the client. Although some validity checks are necessary to avoid
393 serious problems with the protocol, the lookup-side tests are more
394 permissive and rely on the assumption that names that are present in
395 the DNS are valid. That assumption is, however, a weak one because
396 the presence of wild cards in the DNS might cause a string that is
397 not actually registered in the DNS to be successfully looked up.
399 The two steps described in Section 5.2 are required.
401 5.1. Label String Input
403 The user supplies a string in the local character set, typically by
404 typing it or clicking on, or copying and pasting, a resource
405 identifier, e.g., a URI [RFC3986] or IRI [RFC3987] from which the
406 domain name is extracted. Alternately, some process not directly
407 involving the user may read the string from a file or obtain it in
408 some other way. Processing in this step and the next two are local
409 matters, to be accomplished prior to actual invocation of IDNA.
411 5.2. Conversion to Unicode
413 The string is converted from the local character set into Unicode, if
414 it is not already Unicode. Depending on local needs, this conversion
415 may involve mapping some characters into other characters as well as
416 coding conversions. Those issues are discussed in [IDNA2008-Mapping]
417 and the mapping-related sections of [IDNA2008-Rationale]. [[anchor14:
418 Supply section number.]] A Unicode string may require normalization
419 as discussed in Section 4.1. The result MUST be a Unicode string in
420 NFC form.
422 5.3. A-label Input
424 If the input to this procedure appears to be an A-label (i.e., it
425 starts in "xn--"), the lookup application MAY attempt to convert it
426 to a U-label and apply the tests of Section 5.4 and the conversion of
427 Section 5.5 to that form. If the label is converted to Unicode
428 (i.e., to U-label form) using the Punycode decoding algorithm, then
429 the processing specified in those two sections MUST be performed, and
430 the label MUST be rejected if the resulting label is not identical to
431 the original. See the Name Server Considerations section of
432 [IDNA2008-Rationale] for additional discussion on this topic.
434 That conversion and testing SHOULD be performed if the domain name
435 will later be presented to the user in native character form (this
436 requires that the lookup application be IDNA-aware). If those steps
437 are not performed, the lookup process SHOULD at least make tests to
438 determine that the string is actually an A-label, examining it for
439 the invalid formats specified in the Punycode decoding specification.
440 Applications that are not IDNA-aware will obviously omit that
441 testing; others MAY treat the string as opaque to avoid the
442 additional processing at the expense of providing less protection and
443 information to users.
445 5.4. Validation and Character List Testing
447 As with the registration procedure described in Section 4, the
448 Unicode string is checked to verify that all characters that appear
449 in it are valid as input to IDNA lookup processing. As discussed
450 above and in [IDNA2008-Rationale], the lookup check is more liberal
451 than the registration one. Labels that have not been fully evaluated
452 for conformance to the applicable rules are referred to as "putative"
453 labels as discussed in [IDNA2008-Defs][[anchor15: ??? Insert section
454 number -- 2.2.3 as of Defs-09]]. Putative labels with any of the
455 following characteristics MUST BE rejected prior to DNS lookup:
457 o Labels containing code points that are unassigned in the version
458 of Unicode being used by the application, i.e.,in the UNASSIGNED
459 category of [IDNA2008-Tables].
461 o Labels that are not in NFC form as defined in [Unicode-UAX15].
463 o Labels containing "--" (two consecutive hyphens) in the third and
464 fourth character positions.
466 o Labels containing prohibited code points, i.e., those that are
467 assigned to the "DISALLOWED" category in the permitted character
468 table [IDNA2008-Tables].
470 o Labels containing code points that are identified in
471 [IDNA2008-Tables] as "CONTEXTJ", i.e., requiring exceptional
472 contextual rule processing on lookup, but that do not conform to
473 that rule. Note that this implies that a rule must be defined,
474 not null: a character that requires a contextual rule but for
475 which the rule is null is treated in this step as having failed to
476 conform to the rule.
478 o Labels containing code points that are identified in
479 [IDNA2008-Tables] as "CONTEXTO", but for which no such rule
480 appears in the table of rules. Applications resolving DNS names
481 or carrying out equivalent operations are not required to test
482 contextual rules for "CONTEXTO" characters, only to verify that a
483 rule is defined (although they MAY make such tests to provide
484 better protection or give better information to the user).
486 o Labels whose first character is a combining mark (see
487 Section 4.2.3.2).
489 In addition, the application SHOULD apply the following test.
491 o Verification that the string is compliant with the requirements
492 for right to left characters, specified in [IDNA2008-BIDI].
494 This test may be omitted in special circumstances, such as when the
495 lookup application knows that the conditions are enforced elsewhere,
496 because an attempt to look up and resolve such strings will almost
497 certainly lead to a DNS lookup failure except when wildcards are
498 present in the zone. However, applying the test is likely to give
499 much better information about the reason for a lookup failure --
500 information that may be usefully passed to the user when that is
501 feasible -- than DNS resolution failure information alone. In any
502 event, lookup applications should avoid attempting to resolve labels
503 that are invalid under that test.
505 For all other strings, the lookup application MUST rely on the
506 presence or absence of labels in the DNS to determine the validity of
507 those labels and the validity of the characters they contain. If
508 they are registered, they are presumed to be valid; if they are not,
509 their possible validity is not relevant. While a lookup application
510 may reasonably issue warnings about strings it believes may be
511 problematic, applications that decline to process a string that
512 conforms to the rules above (i.e., does not look it up in the DNS)
513 are not in conformance with this protocol.
515 5.5. Punycode Conversion
517 The string that has now been validated for lookup is converted to ACE
518 form using the Punycode algorithm (with the ACE prefix added). With
519 the understanding that this summary is not normative (the steps above
520 are), the string is either
522 o in Unicode NFC form that contains no leading combining marks,
523 contains no DISALLOWED or UNASSIGNED code points, has rules
524 associated with any code points in CONTEXTJ or CONTEXTO, and, for
525 those in CONTEXTJ, to satisfies the conditions of the rules; or
527 o in A-label form, was supplied under circumstances in which the
528 U-label conversions and tests have not been performed (see
529 Section 5.3).
531 5.6. DNS Name Resolution
533 That resulting validated string is looked up in the DNS, using normal
534 DNS resolver procedures. That lookup can obviously either succeed
535 (returning information) or fail.
537 6. Security Considerations
539 Security Considerations for this version of IDNA, except for the
540 special issues associated with right to left scripts and characters,
541 are described in [IDNA2008-Defs]. Specific issues for labels
542 containing characters associated with scripts written right to left
543 appear in [IDNA2008-BIDI].
545 7. IANA Considerations
547 IANA actions for this version of IDNA are specified in
548 [IDNA2008-Tables] and discussed informally in [IDNA2008-Rationale].
549 The components of IDNA described in this document do not require any
550 IANA actions.
552 8. Contributors
554 While the listed editor held the pen, the original versions of this
555 document represent the joint work and conclusions of an ad hoc design
556 team consisting of the editor and, in alphabetic order, Harald
557 Alvestrand, Tina Dam, Patrik Faltstrom, and Cary Karp. This document
558 draws significantly on the original version of IDNA [RFC3490] both
559 conceptually and for specific text. This second-generation version
560 would not have been possible without the work that went into that
561 first version and its authors, Patrik Faltstrom, Paul Hoffman, and
562 Adam Costello. While Faltstrom was actively involved in the creation
563 of this version, Hoffman and Costello were not and should not be held
564 responsible for any errors or omissions.
566 9. Acknowledgments
568 This revision to IDNA would have been impossible without the
569 accumulated experience since RFC 3490 was published and resulting
570 comments and complaints of many people in the IETF, ICANN, and other
571 communities, too many people to list here. Nor would it have been
572 possible without RFC 3490 itself and the efforts of the Working Group
573 that defined it. Those people whose contributions are acknowledged
574 in RFC 3490, [RFC4690], and [IDNA2008-Rationale] were particularly
575 important.
577 Specific textual changes were incorporated into this document after
578 suggestions from the other contributors, Stephane Bortzmeyer, Vint
579 Cerf, Lisa Dusseault, Mark Davis, Paul Hoffman, Kent Karlsson, Erik
580 van der Poel, Marcos Sanz, Andrew Sullivan, Wil Tan, Ken Whistler,
581 and other WG participants. As is usual with IETF specifications,
582 while the document represents rough consensus, it should not be
583 assumed that all participants and contributors agree with all
584 provisions. Special thanks are due to Paul Hoffman for permission to
585 extract material from his Internet-Draft to form the basis for
586 Appendix A.
588 10. References
590 10.1. Normative References
592 [IDNA2008-BIDI]
593 Alvestrand, H. and C. Karp, "An updated IDNA criterion for
594 right-to-left scripts", August 2009, .
597 [IDNA2008-Defs]
598 Klensin, J., "Internationalized Domain Names for
599 Applications (IDNA): Definitions and Document Framework",
600 August 2009, .
603 [IDNA2008-Tables]
604 Faltstrom, P., "The Unicode Codepoints and IDNA",
605 August 2009, .
608 A version of this document is available in HTML format at
609 http://stupid.domain.name/idnabis/
610 draft-ietf-idnabis-tables-02.html
612 [RFC1034] Mockapetris, P., "Domain names - concepts and facilities",
613 STD 13, RFC 1034, November 1987.
615 [RFC1035] Mockapetris, P., "Domain names - implementation and
616 specification", STD 13, RFC 1035, November 1987.
618 [RFC1123] Braden, R., "Requirements for Internet Hosts - Application
619 and Support", STD 3, RFC 1123, October 1989.
621 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
622 Requirement Levels", BCP 14, RFC 2119, March 1997.
624 [RFC3492] Costello, A., "Punycode: A Bootstring encoding of Unicode
625 for Internationalized Domain Names in Applications
626 (IDNA)", RFC 3492, March 2003.
628 [Unicode-PropertyValueAliases]
629 The Unicode Consortium, "Unicode Character Database:
630 PropertyValueAliases", March 2008, .
633 [Unicode-RegEx]
634 The Unicode Consortium, "Unicode Technical Standard #18:
635 Unicode Regular Expressions", May 2005,
636 .
638 [Unicode-Scripts]
639 The Unicode Consortium, "Unicode Standard Annex #24:
640 Unicode Script Property", February 2008,
641 .
643 [Unicode-UAX15]
644 The Unicode Consortium, "Unicode Standard Annex #15:
645 Unicode Normalization Forms", 2006,
646 .
648 10.2. Informative References
650 [ASCII] American National Standards Institute (formerly United
651 States of America Standards Institute), "USA Code for
652 Information Interchange", ANSI X3.4-1968, 1968.
654 ANSI X3.4-1968 has been replaced by newer versions with
655 slight modifications, but the 1968 version remains
656 definitive for the Internet.
658 [IDNA2008-Mapping]
659 Resnick, P., "Mapping Characters in IDNA", August 2009, .
663 [IDNA2008-Rationale]
664 Klensin, J., Ed., "Internationalizing Domain Names for
665 Applications (IDNA): Issues, Explanation, and Rationale",
666 February 2009, .
669 [RFC2136] Vixie, P., Thomson, S., Rekhter, Y., and J. Bound,
670 "Dynamic Updates in the Domain Name System (DNS UPDATE)",
671 RFC 2136, April 1997.
673 [RFC2181] Elz, R. and R. Bush, "Clarifications to the DNS
674 Specification", RFC 2181, July 1997.
676 [RFC2535] Eastlake, D., "Domain Name System Security Extensions",
677 RFC 2535, March 1999.
679 [RFC2671] Vixie, P., "Extension Mechanisms for DNS (EDNS0)",
680 RFC 2671, August 1999.
682 [RFC3490] Faltstrom, P., Hoffman, P., and A. Costello,
683 "Internationalizing Domain Names in Applications (IDNA)",
684 RFC 3490, March 2003.
686 [RFC3491] Hoffman, P. and M. Blanchet, "Nameprep: A Stringprep
687 Profile for Internationalized Domain Names (IDN)",
688 RFC 3491, March 2003.
690 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
691 Resource Identifier (URI): Generic Syntax", STD 66,
692 RFC 3986, January 2005.
694 [RFC3987] Duerst, M. and M. Suignard, "Internationalized Resource
695 Identifiers (IRIs)", RFC 3987, January 2005.
697 [RFC4690] Klensin, J., Faltstrom, P., Karp, C., and IAB, "Review and
698 Recommendations for Internationalized Domain Names
699 (IDNs)", RFC 4690, September 2006.
701 [RFC4952] Klensin, J. and Y. Ko, "Overview and Framework for
702 Internationalized Email", RFC 4952, July 2007.
704 [Unicode] The Unicode Consortium, "The Unicode Standard, Version
705 5.0", 2007.
707 Boston, MA, USA: Addison-Wesley. ISBN 0-321-48091-0
709 Appendix A. Summary of Major Changes from IDNA2003
711 1. Update base character set from Unicode 3.2 to Unicode version-
712 agnostic.
714 2. Separate the definitions for the "registration" and "lookup"
715 activities.
717 3. Disallow symbol and punctuation characters except where special
718 exceptions are necessary.
720 4. Remove the mapping and normalization steps from the protocol and
721 have them instead done by the applications themselves, possibly
722 in a local fashion, before invoking the protocol.
724 5. Change the way that the protocol specifies which characters are
725 allowed in labels from "humans decide what the table of
726 codepoints contains" to "decision about codepoints are based on
727 Unicode properties plus a small exclusion list created by
728 humans".
730 6. Introduce the new concept of characters that can be used only in
731 specific contexts.
733 7. Allow typical words and names in languages such as Dhivehi and
734 Yiddish to be expressed.
736 8. Make bidirectional domain names (delimited strings of labels,
737 not just labels standing on their own) display in a less
738 surprising fashion whether they appear in obvious domain name
739 contexts or as part of running text in paragraphs.
741 9. Remove the dot separator from the mandatory part of the
742 protocol.
744 10. Make some currently-valid labels that are not actually IDNA
745 labels invalid.
747 Appendix B. Change Log
749 [[anchor22: RFC Editor: Please remove this appendix.]]
751 B.1. Changes between Version -00 and -01 of draft-ietf-idnabis-protocol
753 o Corrected discussion of SRV records.
755 o Several small corrections for clarity.
757 o Inserted more "open issue" placeholders.
759 B.2. Version -02
761 o Rewrote the "conversion to Unicode" text in Section 5.2 as
762 requested on-list.
764 o Added a comment (and reference) about EDNS0 to the "DNS Server
765 Conventions" section, which was also retitled.
767 o Made several editorial corrections and improvements in response to
768 various comments.
770 o Added several new discussion placeholder anchors and updated some
771 older ones.
773 B.3. Version -03
775 o Trimmed change log, removing information about pre-WG drafts.
777 o Incorporated a number of changes suggested by Marcos Sanz in his
778 note of 2008.07.17 and added several more placeholder anchors.
780 o Several minor editorial corrections and improvements.
782 o "Editor" designation temporarily removed because the automatic
783 posting machinery does not accept it.
785 B.4. Version -04
787 o Removed Contextual Rule appendices for transfer to Tables.
789 o Several changes, including removal of discussion anchors, based on
790 discussions at IETF 72 (Dublin)
792 o Rewrote the preprocessing material (former Section 5.3 -- see
793 Appendix B.14) somewhat.
795 B.5. Version -05
797 o Updated part of the A-label input explanation (Section 5.3) per
798 note from Erik van der Poel.
800 B.6. Version -06
802 o Corrected a few typographical errors.
804 o Incorporated the material (formerly in Rationale) on the
805 relationship between IDNA2003 and IDNA2008 as an appendix and
806 pointed to the new definitions document.
808 o Text modified in several places to recognize the dangers of
809 interaction between DNS wildcards and IDNs.
811 o Text added to be explicit about the handling of edge and failure
812 cases in Punycode encoding and decoding.
814 o Revised for consistency with the new Definitions document and to
815 make the text read more smoothly.
817 B.7. Version -07
819 o Multiple small textual and editorial changes and clarifications.
821 o Requirement for normalization clarified to apply to all cases and
822 conditions for preprocessing further clarified.
824 o Substantive change to Section 4.2.1, turning a SHOULD to a MUST
825 (see note from Mark Davis, 19 November, 2008 18:14 -0800).
827 B.8. Version -08
829 o Added some references and altered text to improve clarity.
831 o Changed the description of CONTEXTJ/CONTEXTO to conform to that in
832 Tables. In other words, these are now treated as distinction
833 categories (again), rather than as specially-flagged subsets of
834 PROTOCOL VALID.
836 o The discussion of label comparisons has been rewritten to make it
837 more precise and to clarify that one does not need to verify that
838 a string is a [valid] A-label or U-label in order to test it for
839 equality with another string. The WG should verify that the
840 current text is what is desired.
842 o Other changes to reflect post-IETF discussions or editorial
843 improvements.
845 B.9. Version -09
847 o Removed Security Considerations material to Defs document.
849 o Removed the Name Server Considerations material to Rationale.
850 That material is not normative and not needed to implement the
851 protocol itself.
853 o Adjusted terminology to match new version of Defs.
855 o Removed all discussion of local mapping and option for it from
856 registration protocol. Such mapping is now completely prohibited
857 on Registration.
859 o Removed some old placeholders and inquiries because no comments
860 have been received.
862 o Small editorial corrections.
864 B.10. Version -10
866 o Rewrote the registration input material slightly to further
867 clarify the "no mapping on registration" principle.
869 o Added placeholder notes about several tasks, notably reorganizing
870 Section 4 and Section 5 so that subsection numbers are parallel.
872 o Cleaned up an incorrect use of the terms "A-label" and "U-label"
873 in the lookup phase that was spotted by Mark Davis. Inserted a
874 note there about alternate ways to deal with the resulting
875 terminology problem.
877 o Added a temporarily appendix (above) to document alternate
878 strategies for possible replacements for former section 5.3 (see
879 Appendix B.14.
881 B.11. Version -11
883 o Removed dangling reference to "C-label" (editing error in prior
884 draft).
886 o Recast the last steps of the Lookup description to eliminate
887 "apparent" (previously "putative") terminology.
889 o Rewrote major portions of the temporary appendix that describes
890 transitional mappings to improve clarity and add context.
892 o Did some fine-tuning of terminology, notably in Section 3.2.1.
894 B.12. Version -12
896 o Extensive editorial improvements, mostly due to suggestions from
897 Lisa Dusseault.
899 o Conformance statements have been made consistent, especially in
900 Section 4.2.1 and subsequent text, which said "SHOULD" in one
901 place and then said "MAY" as the result of incomplete removal of
902 registration-time mapping. Also clarified the definition of
903 "registration processes" in Section 4.1 -- the previous text had
904 confused several people.
906 o A few new "question to the WG notes have been added about
907 appropriateness or placement of text. If there are no comments on
908 the mailing list, the editor will apply his own judgment.
910 o Several of the usual small typos and other editorial errors have
911 been corrected.
913 o Section 5 has still not been reorganized to match Section 4 in
914 structure and subsection numbering -- will be done as soon as the
915 mapping decisions and references are final.
917 B.13. Version -13
919 o Modified the "putative label" text to better explain the term and
920 explicitly point back to Defs.
922 o Slight rewrite of former section 5.3 to clarify the NFC
923 requirement and to start the transition toward having some of the
924 explanation in the Mapping document. That whole section has been
925 removed in -14, see Appendix B.14 for more information.
927 B.14. Version -14
929 o Fixed substantive typographical error caught by Wil Tan.
931 o Added a check for consecutive hyphens in positions 3 and 4 to
932 Lookup.
934 o Reflected several changes suggested by Andrew Sullivan.
936 o Rearranged and rewrote material to reflect the mapping document
937 and its status.
939 o The former Section 5.3 and Appendix A, which discussed mapping
940 alternatives, have been dropped entirely. Such discussion now
941 belongs in the Mapping document, the portion of Rationale that
942 supports it, or not at all. Section 5.2 has been rewritten
943 slightly to point to Mapping for those issues.
945 o Note: With the revised mapping material inserted, I've just about
946 given up on the idea of having the subsections of Sections 4 and 5
947 exactly parallel each other. Anyone who still feels strongly
948 about this should be prepared to make very specific suggestions.
949 --JcK
951 Author's Address
953 John C Klensin
954 1770 Massachusetts Ave, Ste 322
955 Cambridge, MA 02140
956 USA
958 Phone: +1 617 245 1457
959 Email: john+ietf@jck.com