idnits 2.17.1
draft-ietf-idnabis-protocol-15.txt:
Checking boilerplate required by RFC 5378 and the IETF Trust (see
https://trustee.ietf.org/license-info):
----------------------------------------------------------------------------
** The document seems to lack a License Notice according IETF Trust
Provisions of 28 Dec 2009, Section 6.b.i or Provisions of 12 Sep 2009
Section 6.b -- however, there's a paragraph with a matching beginning.
Boilerplate error?
(You're using the IETF Trust Provisions' Section 6.b License Notice from
12 Feb 2009 rather than one of the newer Notices. See
https://trustee.ietf.org/license-info/.)
Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/checklist :
----------------------------------------------------------------------------
-- The draft header indicates that this document obsoletes RFC3490, but the
abstract doesn't seem to mention this, which it should.
-- The draft header indicates that this document updates RFC3492, but the
abstract doesn't seem to mention this, which it should.
Miscellaneous warnings:
----------------------------------------------------------------------------
== The copyright year in the IETF Trust and authors Copyright Line does not
match the current year
(Using the creation date from RFC3492, updated by this document, for
RFC5378 checks: 2002-01-10)
-- The document seems to contain a disclaimer for pre-RFC5378 work, and may
have content which was first submitted before 10 November 2008. The
disclaimer is necessary when there are original authors that you have
been unable to contact, or if some do not wish to grant the BCP78 rights
to the IETF Trust. If you are able to get all authors (current and
original) to grant those rights, you can and should remove the
disclaimer; otherwise, the disclaimer is needed and you can ignore this
comment. (See the Legal Provisions document at
https://trustee.ietf.org/license-info for more information.)
-- The document date (September 1, 2009) is 5352 days in the past. Is this
intentional?
Checking references for intended status: Proposed Standard
----------------------------------------------------------------------------
(See RFCs 3967 and 4897 for information about using normative references
to lower-maturity documents in RFCs)
== Unused Reference: 'RFC1123' is defined on line 620, but no explicit
reference was found in the text
== Unused Reference: 'Unicode-PropertyValueAliases' is defined on line 630,
but no explicit reference was found in the text
== Unused Reference: 'Unicode-RegEx' is defined on line 635, but no
explicit reference was found in the text
== Unused Reference: 'Unicode-Scripts' is defined on line 640, but no
explicit reference was found in the text
== Unused Reference: 'ASCII' is defined on line 652, but no explicit
reference was found in the text
== Unused Reference: 'RFC2136' is defined on line 671, but no explicit
reference was found in the text
== Unused Reference: 'RFC2181' is defined on line 675, but no explicit
reference was found in the text
== Unused Reference: 'RFC2535' is defined on line 678, but no explicit
reference was found in the text
-- Possible downref: Non-RFC (?) normative reference: ref. 'IDNA2008-BIDI'
-- Possible downref: Non-RFC (?) normative reference: ref.
'Unicode-PropertyValueAliases'
-- Possible downref: Non-RFC (?) normative reference: ref. 'Unicode-RegEx'
-- Possible downref: Non-RFC (?) normative reference: ref. 'Unicode-Scripts'
-- Possible downref: Non-RFC (?) normative reference: ref. 'Unicode-UAX15'
-- No information found for draft-ietf-idnabis-mapping - is the name
correct?
-- Obsolete informational reference (is this intentional?): RFC 2535
(Obsoleted by RFC 4033, RFC 4034, RFC 4035)
-- Obsolete informational reference (is this intentional?): RFC 2671
(Obsoleted by RFC 6891)
-- Obsolete informational reference (is this intentional?): RFC 3490
(Obsoleted by RFC 5890, RFC 5891)
-- Obsolete informational reference (is this intentional?): RFC 3491
(Obsoleted by RFC 5891)
-- Obsolete informational reference (is this intentional?): RFC 4952
(Obsoleted by RFC 6530)
Summary: 1 error (**), 0 flaws (~~), 9 warnings (==), 15 comments (--).
Run idnits with the --verbose option for more detailed information about
the items above.
--------------------------------------------------------------------------------
2 Network Working Group J. Klensin
3 Internet-Draft September 1, 2009
4 Obsoletes: 3490, 3491
5 (if approved)
6 Updates: 3492 (if approved)
7 Intended status: Standards Track
8 Expires: March 5, 2010
10 Internationalized Domain Names in Applications (IDNA): Protocol
11 draft-ietf-idnabis-protocol-15.txt
13 Status of this Memo
15 This Internet-Draft is submitted to IETF in full conformance with the
16 provisions of BCP 78 and BCP 79. This document may contain material
17 from IETF Documents or IETF Contributions published or made publicly
18 available before November 10, 2008. The person(s) controlling the
19 copyright in some of this material may not have granted the IETF
20 Trust the right to allow modifications of such material outside the
21 IETF Standards Process. Without obtaining an adequate license from
22 the person(s) controlling the copyright in such materials, this
23 document may not be modified outside the IETF Standards Process, and
24 derivative works of it may not be created outside the IETF Standards
25 Process, except to format it for publication as an RFC or to
26 translate it into languages other than English.
28 Internet-Drafts are working documents of the Internet Engineering
29 Task Force (IETF), its areas, and its working groups. Note that
30 other groups may also distribute working documents as Internet-
31 Drafts.
33 Internet-Drafts are draft documents valid for a maximum of six months
34 and may be updated, replaced, or obsoleted by other documents at any
35 time. It is inappropriate to use Internet-Drafts as reference
36 material or to cite them other than as "work in progress."
38 The list of current Internet-Drafts can be accessed at
39 http://www.ietf.org/ietf/1id-abstracts.txt.
41 The list of Internet-Draft Shadow Directories can be accessed at
42 http://www.ietf.org/shadow.html.
44 This Internet-Draft will expire on March 5, 2010.
46 Copyright Notice
48 Copyright (c) 2009 IETF Trust and the persons identified as the
49 document authors. All rights reserved.
51 This document is subject to BCP 78 and the IETF Trust's Legal
52 Provisions Relating to IETF Documents in effect on the date of
53 publication of this document (http://trustee.ietf.org/license-info).
54 Please review these documents carefully, as they describe your rights
55 and restrictions with respect to this document.
57 Abstract
59 This document is the revised protocol definition for
60 internationalized domain names (IDNs). The rationale for changes,
61 the relationship to the older specification, and important
62 terminology are provided in other documents. This document specifies
63 the protocol mechanism, called Internationalized Domain Names in
64 Applications (IDNA), for registering and looking up IDNs in a way
65 that does not require changes to the DNS itself. IDNA is only meant
66 for processing domain names, not free text.
68 Table of Contents
70 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5
71 1.1. Discussion Forum . . . . . . . . . . . . . . . . . . . . . 5
72 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
73 3. Requirements and Applicability . . . . . . . . . . . . . . . . 6
74 3.1. Requirements . . . . . . . . . . . . . . . . . . . . . . . 6
75 3.2. Applicability . . . . . . . . . . . . . . . . . . . . . . 6
76 3.2.1. DNS Resource Records . . . . . . . . . . . . . . . . . 7
77 3.2.2. Non-domain-name Data Types Stored in the DNS . . . . . 7
78 4. Registration Protocol . . . . . . . . . . . . . . . . . . . . 7
79 4.1. Input to IDNA Registration Process . . . . . . . . . . . . 8
80 4.2. Permitted Character and Label Validation . . . . . . . . . 8
81 4.2.1. Input Format . . . . . . . . . . . . . . . . . . . . . 8
82 4.2.2. Rejection of Characters that are not Permitted . . . . 8
83 4.2.3. Label Validation . . . . . . . . . . . . . . . . . . . 8
84 4.2.4. Registration Validation Summary . . . . . . . . . . . 9
85 4.3. Registry Restrictions . . . . . . . . . . . . . . . . . . 9
86 4.4. Punycode Conversion . . . . . . . . . . . . . . . . . . . 10
87 4.5. Insertion in the Zone . . . . . . . . . . . . . . . . . . 10
88 5. Domain Name Lookup Protocol . . . . . . . . . . . . . . . . . 10
89 5.1. Label String Input . . . . . . . . . . . . . . . . . . . . 11
90 5.2. Conversion to Unicode . . . . . . . . . . . . . . . . . . 11
91 5.3. A-label Input . . . . . . . . . . . . . . . . . . . . . . 11
92 5.4. Validation and Character List Testing . . . . . . . . . . 12
93 5.5. Punycode Conversion . . . . . . . . . . . . . . . . . . . 13
94 5.6. DNS Name Resolution . . . . . . . . . . . . . . . . . . . 13
95 6. Security Considerations . . . . . . . . . . . . . . . . . . . 13
96 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14
97 8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 14
98 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 14
99 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15
100 10.1. Normative References . . . . . . . . . . . . . . . . . . . 15
101 10.2. Informative References . . . . . . . . . . . . . . . . . . 16
102 Appendix A. Summary of Major Changes from IDNA2003 . . . . . . . 17
103 Appendix B. Change Log . . . . . . . . . . . . . . . . . . . . . 18
104 B.1. Changes between Version -00 and -01 of
105 draft-ietf-idnabis-protocol . . . . . . . . . . . . . . . 18
106 B.2. Version -02 . . . . . . . . . . . . . . . . . . . . . . . 18
107 B.3. Version -03 . . . . . . . . . . . . . . . . . . . . . . . 19
108 B.4. Version -04 . . . . . . . . . . . . . . . . . . . . . . . 19
109 B.5. Version -05 . . . . . . . . . . . . . . . . . . . . . . . 19
110 B.6. Version -06 . . . . . . . . . . . . . . . . . . . . . . . 19
111 B.7. Version -07 . . . . . . . . . . . . . . . . . . . . . . . 20
112 B.8. Version -08 . . . . . . . . . . . . . . . . . . . . . . . 20
113 B.9. Version -09 . . . . . . . . . . . . . . . . . . . . . . . 20
114 B.10. Version -10 . . . . . . . . . . . . . . . . . . . . . . . 21
115 B.11. Version -11 . . . . . . . . . . . . . . . . . . . . . . . 21
116 B.12. Version -12 . . . . . . . . . . . . . . . . . . . . . . . 21
117 B.13. Version -13 . . . . . . . . . . . . . . . . . . . . . . . 22
118 B.14. Version -14 . . . . . . . . . . . . . . . . . . . . . . . 22
119 B.15. Version -15 . . . . . . . . . . . . . . . . . . . . . . . 22
120 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 23
122 1. Introduction
124 This document supplies the protocol definition for internationalized
125 domain names. Essential definitions and terminology for
126 understanding this document and a road map of the collection of
127 documents that make up IDNA2008 appear in [IDNA2008-Defs].
128 Appendix A discusses the relationship between this specification and
129 the earlier version of IDNA (referred to here as "IDNA2003"). The
130 rationale for these changes, along with considerable explanatory
131 material and advice to zone administrators who support IDNs is
132 provided in another document, [IDNA2008-Rationale].
134 IDNA works by allowing applications to use certain ASCII string
135 labels (beginning with a special prefix) to represent non-ASCII name
136 labels. Lower-layer protocols need not be aware of this; therefore
137 IDNA does not change any infrastructure. In particular, IDNA does
138 not depend on any changes to DNS servers, resolvers, or protocol
139 elements, because the ASCII name service provided by the existing DNS
140 can be used for IDNA.
142 IDNA applies only to DNS labels. The base DNS standards [RFC1034]
143 [RFC1035] and their various updates specify how to combine labels
144 into fully-qualified domain names and parse labels out of those
145 names.
147 This document describes two separate protocols, one for IDN
148 registration (Section 4) and one for IDN lookup (Section 5), that
149 share some terminology, reference data and operations. [[anchor2:
150 Note in draft: See the note in the introduction to.]]Section 5
152 1.1. Discussion Forum
154 [[anchor4: RFC Editor: please remove this section.]]
156 This work is being discussed in the IETF IDNABIS WG and on the
157 mailing list idna-update@alvestrand.no
159 2. Terminology
161 Terminology used in IDNA, but also in Unicode or other character set
162 standards and the DNS, appears in [IDNA2008-Defs]. Terminology that
163 is required as part of the IDNA definition, including the definitions
164 of "ACE", appears in that document as well. Readers of this document
165 are assumed to be familiar with [IDNA2008-Defs] and with the DNS-
166 specific terminology in RFC 1034 [RFC1034].
168 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
169 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
170 document are to be interpreted as described in BCP 14, RFC 2119
171 [RFC2119].
173 3. Requirements and Applicability
175 3.1. Requirements
177 IDNA makes the following requirements:
179 1. Whenever a domain name is put into an IDN-unaware domain name
180 slot (see Section 2 and [IDNA2008-Defs]), it MUST contain only
181 ASCII characters (i.e., must be either an A-label or an NR-LDH-
182 label), unless the DNS application is not subject to historical
183 recommendations for "hostname"-style names (see [RFC1034] and
184 Section 3.2.1).
186 2. Labels MUST be compared using equivalent forms: either both
187 A-Label forms or both U-Label forms. Because A-labels and
188 U-labels can be transformed into each other without loss of
189 information, these comparisons are equivalent. A pair of
190 A-labels MUST be compared as case-insensitive ASCII (as with all
191 comparisons of ASCII DNS labels). U-labels must be compared
192 as-is, without case-folding or other intermediate steps. Note
193 that it is not necessary to validate labels in order to compare
194 them and that successful comparison does not imply validity. In
195 many cases, validation may be important for other reasons and
196 SHOULD be performed.
198 3. Labels being registered MUST conform to the requirements of
199 Section 4. Labels being looked up and the lookup process MUST
200 conform to the requirements of Section 5.
202 3.2. Applicability
204 IDNA applies to all domain names in all domain name slots in
205 protocols except where it is explicitly excluded. It does not apply
206 to domain name slots which do not use the Letter/Digit/Hyphen (LDH)
207 syntax rules.
209 Because it uses the DNS, IDNA applies to many protocols that were
210 specified before it was designed. IDNs occupying domain name slots
211 in those older protocols MUST be in A-label form until and unless
212 those protocols and implementations of them are explicitly upgraded
213 to be aware of IDNs in Unicode. IDNs actually appearing in DNS
214 queries or responses MUST be A-labels.
216 IDNA is not defined for extended label types (see RFC 2671, Section 3
217 [RFC2671]).
219 3.2.1. DNS Resource Records
221 IDNA applies only to domain names in the NAME and RDATA fields of DNS
222 resource records whose CLASS is IN. See RFC 1034 [RFC1034] for
223 precise definitions of these terms.
225 The application of IDNA to DNS resource records depends entirely on
226 the CLASS of the record, and not on the TYPE except as noted below.
227 This will remain true, even as new types are defined, unless a new
228 type defines type-specific rules. Special naming conventions for SRV
229 records (and "underscore names" more generally) are incompatible with
230 IDNA coding. The first two labels on a SRV type record (the ones
231 required to start in "_") MUST NOT be A-labels or U-labels, because
232 conversion to an A-label would lose information (since the underscore
233 is not a letter, digit, or hyphen and is consequently DISALLOWED in
234 IDNs). Of course, those labels may be part of a domain that uses IDN
235 labels at higher levels in the tree.
237 3.2.2. Non-domain-name Data Types Stored in the DNS
239 Although IDNA enables the representation of non-ASCII characters in
240 domain names, that does not imply that IDNA enables the
241 representation of non-ASCII characters in other data types that are
242 stored in domain names, specifically in the RDATA field for types
243 that have structured RDATA format. For example, an email address
244 local part is stored in a domain name in the RNAME field as part of
245 the RDATA of an SOA record (hostmaster@example.com would be
246 represented as hostmaster.example.com). IDNA does not update the
247 existing email standards, which allow only ASCII characters in local
248 parts. Even though work is in progress to define
249 internationalization for email addresses [RFC4952], changes to the
250 email address part of the SOA RDATA would require action in, or
251 updates to, other standards, specifically those that specify the
252 format of the SOA RR.
254 4. Registration Protocol
256 This section defines the procedure for registering an IDN. The
257 procedure is implementation independent; any sequence of steps that
258 produces exactly the same result for all labels is considered a valid
259 implementation.
261 Note that, while the registration and lookup protocols (Section 5)
262 are very similar in most respects, they are different and
263 implementers should carefully follow the appropriate steps.
265 4.1. Input to IDNA Registration Process
267 Registration processes, especially processing by entities, such as
268 "registrars" who deal with registrants before the request actually
269 reaches the zone manager ("registry") are outside the scope of these
270 protocols and may differ significantly depending on local needs. By
271 the time a string enters the IDNA registration process as described
272 in this specification, it MUST be in Unicode and in Normalization
273 Form C (NFC [Unicode-UAX15]). Entities responsible for zone files
274 ("registries") are expected to accept only the exact string for which
275 registration is requested, free of any mappings or local adjustments.
276 They SHOULD avoid any possible ambiguity by accepting registrations
277 only for A-labels, possibly paired with the relevant U-labels so that
278 they can verify the correspondence.
280 4.2. Permitted Character and Label Validation
282 4.2.1. Input Format
284 The registry SHOULD permit submission of labels in A-label form and
285 is encouraged to accept both the A-label form and the U-label one.
286 If both label forms are available, it MUST ensure that the A-label
287 form is in lower case, perform a conversion to a U-label, perform the
288 steps and tests described below on that U-label, and then verify that
289 the A-label produced by the step in Section 4.4 matches the one
290 provided as input. In addition, if a U-label was provided, that
291 U-label and the one obtained by conversion of the A-label MUST match
292 exactly. If, for some reason, these tests fail, the registration
293 MUST be rejected. If the conversion to a U-label is not performed,
294 the registry MUST still verify that the A-label is superficially
295 valid, i.e., that it does not violate any of the rules of Punycode
296 [RFC3492] encoding such as the prohibition on trailing hyphen-minus,
297 appearance of non-basic characters before the delimiter, and so on.
298 Fake A-labels, i.e., invalid strings that appear to be A-labels but
299 are not, MUST NOT be placed in DNS zones that support IDNA.
301 4.2.2. Rejection of Characters that are not Permitted
303 The candidate Unicode string MUST NOT contain characters that appear
304 in the "DISALLOWED" and "UNASSIGNED" lists specified in
305 [IDNA2008-Tables].
307 4.2.3. Label Validation
309 The proposed label (in the form of a Unicode string, i.e., a string
310 that at least superficially appears to be a U-label) is then
311 examined, performing tests that require examination of more than one
312 character. Character order is considered to be the on-the-wire
313 order, not the display order.
315 4.2.3.1. Hyphen Restrictions
317 The Unicode string MUST NOT contain "--" (two consecutive hyphens) in
318 the third and fourth character positions and MUST NOT start or end
319 with a "-" (hyphen).
321 4.2.3.2. Leading Combining Marks
323 The Unicode string MUST NOT begin with a combining mark or combining
324 character (see The Unicode Standard, Section 2.11 [Unicode] for an
325 exact definition).
327 4.2.3.3. Contextual Rules
329 The Unicode string MUST NOT contain any characters whose validity is
330 context-dependent, unless the validity is positively confirmed by a
331 contextual rule. To check this, each code-point marked as CONTEXTJ
332 and CONTEXTO in [IDNA2008-Tables] MUST have a non-null rule. If such
333 a code-point is missing a rule, it is invalid. If the rule exists
334 but the result of applying the rule is negative or inconclusive, the
335 proposed label is invalid.
337 4.2.3.4. Labels Containing Characters Written Right to Left
339 If the proposed label contains any characters that are written from
340 right to left it MUST meet the BIDI criteria [IDNA2008-BIDI].
342 4.2.4. Registration Validation Summary
344 Strings that contain at least one non-ASCII character, have been
345 produced by the steps above, whose contents pass all of the tests in
346 Section 4.2, and are 63 or fewer characters long in ACE form (see
347 Section 4.4), are U-labels.
349 To summarize, tests are made in Section 4.2 for invalid characters,
350 invalid combinations of characters, for labels that are invalid even
351 if the characters they contain are valid individually, and for labels
352 that do not conform to the restrictions for strings containing right
353 to left characters.
355 4.3. Registry Restrictions
357 In addition to the rules and tests above, there are many reasons why
358 a registry could reject a label. Registries at all levels of the
359 DNS, not just the top level, are expected to establish policies about
360 label registrations. Policies are likely to be informed by the local
361 languages and may depend on many factors including what characters
362 are in the label (for example, a label may be rejected based on other
363 labels already registered). See [IDNA2008-Rationale] for a
364 discussion and recommendations about registry policies.
366 The string produced by the steps in Section 4.2 is checked and
367 processed as appropriate to local registry restrictions. Application
368 of those registry restrictions may result in the rejection of some
369 labels or the application of special restrictions to others.
371 4.4. Punycode Conversion
373 The resulting U-label is converted to an A-label (defined in
374 [IDNA2008-Defs] [[anchor12: ?? Insert section number]]). The
375 A-label is the encoding of the U-label according to the Punycode
376 algorithm [RFC3492] with the ACE prefix "xn--" added at the beginning
377 of the string. The resulting string must, of course, conform to the
378 length limits imposed by the DNS. This document updates RFC 3492
379 only to the extent of replacing the reference to the discussion of
380 the ACE prefix. The ACE prefix is now specified in this document
381 rather than as part of RFC 3490 or Nameprep [RFC3491] but is the same
382 in both sets of documents.
384 The failure conditions identified in the Punycode encoding procedure
385 cannot occur if the input is a U-label as determined by the steps
386 above.
388 4.5. Insertion in the Zone
390 The A-label is registered in the DNS by insertion into a zone.
392 5. Domain Name Lookup Protocol
394 Lookup is different from registration and different tests are applied
395 on the client. Although some validity checks are necessary to avoid
396 serious problems with the protocol, the lookup-side tests are more
397 permissive and rely on the assumption that names that are present in
398 the DNS are valid. That assumption is, however, a weak one because
399 the presence of wild cards in the DNS might cause a string that is
400 not actually registered in the DNS to be successfully looked up.
402 The two steps described in Section 5.2 are required.
404 5.1. Label String Input
406 The user supplies a string in the local character set, typically by
407 typing it or clicking on, or copying and pasting, a resource
408 identifier, e.g., a URI [RFC3986] or IRI [RFC3987] from which the
409 domain name is extracted. Alternately, some process not directly
410 involving the user may read the string from a file or obtain it in
411 some other way. Processing in this step and the next two are local
412 matters, to be accomplished prior to actual invocation of IDNA.
414 5.2. Conversion to Unicode
416 The string is converted from the local character set into Unicode, if
417 it is not already Unicode. Depending on local needs, this conversion
418 may involve mapping some characters into other characters as well as
419 coding conversions. Those issues are discussed in [IDNA2008-Mapping]
420 and the mapping-related sections of [IDNA2008-Rationale].[[anchor13:
421 ?? Supply section number.]] A Unicode string may require
422 normalization as discussed in Section 4.1. The result MUST be a
423 Unicode string in NFC form.
425 5.3. A-label Input
427 If the input to this procedure appears to be an A-label (i.e., it
428 starts in "xn--"), the lookup application MAY attempt to convert it
429 to a U-label, first ensuring that the A-label is entirely in lower
430 case, and apply the tests of Section 5.4 and the conversion of
431 Section 5.5 to that form. If the label is converted to Unicode
432 (i.e., to U-label form) using the Punycode decoding algorithm, then
433 the processing specified in those two sections MUST be performed, and
434 the label MUST be rejected if the resulting label is not identical to
435 the original. See the Name Server Considerations section of
436 [IDNA2008-Rationale] for additional discussion on this topic.
438 That conversion and testing SHOULD be performed if the domain name
439 will later be presented to the user in native character form (this
440 requires that the lookup application be IDNA-aware). If those steps
441 are not performed, the lookup process SHOULD at least make tests to
442 determine that the string is actually an A-label, examining it for
443 the invalid formats specified in the Punycode decoding specification.
444 Applications that are not IDNA-aware will obviously omit that
445 testing; others MAY treat the string as opaque to avoid the
446 additional processing at the expense of providing less protection and
447 information to users.
449 5.4. Validation and Character List Testing
451 As with the registration procedure described in Section 4, the
452 Unicode string is checked to verify that all characters that appear
453 in it are valid as input to IDNA lookup processing. As discussed
454 above and in [IDNA2008-Rationale], the lookup check is more liberal
455 than the registration one. Labels that have not been fully evaluated
456 for conformance to the applicable rules are referred to as "putative"
457 labels as discussed in [IDNA2008-Defs][[anchor14: ??? Insert section
458 number -- 2.2.3 as of Defs-09]]. Putative labels with any of the
459 following characteristics MUST be rejected prior to DNS lookup:
461 o Labels containing code points that are unassigned in the version
462 of Unicode being used by the application, i.e.,in the UNASSIGNED
463 category of [IDNA2008-Tables].
465 o Labels that are not in NFC form as defined in [Unicode-UAX15].
467 o Labels containing "--" (two consecutive hyphens) in the third and
468 fourth character positions.
470 o Labels containing prohibited code points, i.e., those that are
471 assigned to the "DISALLOWED" category in the permitted character
472 table [IDNA2008-Tables].
474 o Labels containing code points that are identified in
475 [IDNA2008-Tables] as "CONTEXTJ", i.e., requiring exceptional
476 contextual rule processing on lookup, but that do not conform to
477 those rules. Note that this implies that a rule must be defined,
478 not null: a character that requires a contextual rule but for
479 which the rule is null is treated in this step as having failed to
480 conform to the rule.
482 o Labels containing code points that are identified in
483 [IDNA2008-Tables] as "CONTEXTO", but for which no such rule
484 appears in the table of rules. Applications resolving DNS names
485 or carrying out equivalent operations are not required to test
486 contextual rules for "CONTEXTO" characters, only to verify that a
487 rule is defined (although they MAY make such tests to provide
488 better protection or give better information to the user).
490 o Labels whose first character is a combining mark (see
491 Section 4.2.3.2).
493 In addition, the application SHOULD apply the following test.
495 o Verification that the string is compliant with the requirements
496 for right to left characters, specified in [IDNA2008-BIDI].
498 This test may be omitted in special circumstances, such as when the
499 lookup application knows that the conditions are enforced elsewhere,
500 because an attempt to look up and resolve such strings will almost
501 certainly lead to a DNS lookup failure except when wild cards are
502 present in the zone. However, applying the test is likely to give
503 much better information about the reason for a lookup failure --
504 information that may be usefully passed to the user when that is
505 feasible -- than DNS resolution failure information alone. In any
506 event, lookup applications should avoid attempting to resolve labels
507 that are invalid under that test.
509 For all other strings, the lookup application MUST rely on the
510 presence or absence of labels in the DNS to determine the validity of
511 those labels and the validity of the characters they contain. If
512 they are registered, they are presumed to be valid; if they are not,
513 their possible validity is not relevant. While a lookup application
514 may reasonably issue warnings about strings it believes may be
515 problematic, applications that decline to process a string that
516 conforms to the rules above (i.e., does not look it up in the DNS)
517 are not in conformance with this protocol.
519 5.5. Punycode Conversion
521 The string that has now been validated for lookup is converted to ACE
522 form using the Punycode algorithm (with the ACE prefix added). With
523 the understanding that this summary is not normative (the steps above
524 are), the string is either
526 o in Unicode NFC form that contains no leading combining marks,
527 contains no DISALLOWED or UNASSIGNED code points, has rules
528 associated with any code points in CONTEXTJ or CONTEXTO, and, for
529 those in CONTEXTJ, to satisfy the conditions of the rules; or
531 o in A-label form, was supplied under circumstances in which the
532 U-label conversions and tests have not been performed (see
533 Section 5.3).
535 5.6. DNS Name Resolution
537 That resulting validated string is looked up in the DNS, using normal
538 DNS resolver procedures. That lookup can obviously either succeed
539 (returning information) or fail.
541 6. Security Considerations
543 Security Considerations for this version of IDNA, except for the
544 special issues associated with right to left scripts and characters,
545 are described in [IDNA2008-Defs]. Specific issues for labels
546 containing characters associated with scripts written right to left
547 appear in [IDNA2008-BIDI].
549 7. IANA Considerations
551 IANA actions for this version of IDNA are specified in
552 [IDNA2008-Tables] and discussed informally in [IDNA2008-Rationale].
553 The components of IDNA described in this document do not require any
554 IANA actions.
556 8. Contributors
558 While the listed editor held the pen, the original versions of this
559 document represent the joint work and conclusions of an ad hoc design
560 team consisting of the editor and, in alphabetic order, Harald
561 Alvestrand, Tina Dam, Patrik Faltstrom, and Cary Karp. This document
562 draws significantly on the original version of IDNA [RFC3490] both
563 conceptually and for specific text. This second-generation version
564 would not have been possible without the work that went into that
565 first version and especially the contributions of its authors Patrik
566 Faltstrom, Paul Hoffman, and Adam Costello. While Faltstrom was
567 actively involved in the creation of this version, Hoffman and
568 Costello were not and should not be held responsible for any errors
569 or omissions.
571 9. Acknowledgments
573 This revision to IDNA would have been impossible without the
574 accumulated experience since RFC 3490 was published and resulting
575 comments and complaints of many people in the IETF, ICANN, and other
576 communities, too many people to list here. Nor would it have been
577 possible without RFC 3490 itself and the efforts of the Working Group
578 that defined it. Those people whose contributions are acknowledged
579 in RFC 3490, [RFC4690], and [IDNA2008-Rationale] were particularly
580 important.
582 Specific textual changes were incorporated into this document after
583 suggestions from the other contributors, Stephane Bortzmeyer, Vint
584 Cerf, Lisa Dusseault, Paul Hoffman, Kent Karlsson, James Mitchell,
585 Erik van der Poel, Marcos Sanz, Andrew Sullivan, Wil Tan, Ken
586 Whistler, Chris Wright, and other WG participants. Special thanks
587 are due to Paul Hoffman for permission to extract material from his
588 Internet-Draft to form the basis for Appendix A.
590 10. References
592 10.1. Normative References
594 [IDNA2008-BIDI]
595 Alvestrand, H. and C. Karp, "An updated IDNA criterion for
596 right-to-left scripts", August 2009, .
599 [IDNA2008-Defs]
600 Klensin, J., "Internationalized Domain Names for
601 Applications (IDNA): Definitions and Document Framework",
602 August 2009, .
605 [IDNA2008-Tables]
606 Faltstrom, P., "The Unicode Codepoints and IDNA",
607 August 2009, .
610 A version of this document is available in HTML format at
611 http://stupid.domain.name/idnabis/
612 draft-ietf-idnabis-tables-06.html
614 [RFC1034] Mockapetris, P., "Domain names - concepts and facilities",
615 STD 13, RFC 1034, November 1987.
617 [RFC1035] Mockapetris, P., "Domain names - implementation and
618 specification", STD 13, RFC 1035, November 1987.
620 [RFC1123] Braden, R., "Requirements for Internet Hosts - Application
621 and Support", STD 3, RFC 1123, October 1989.
623 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
624 Requirement Levels", BCP 14, RFC 2119, March 1997.
626 [RFC3492] Costello, A., "Punycode: A Bootstring encoding of Unicode
627 for Internationalized Domain Names in Applications
628 (IDNA)", RFC 3492, March 2003.
630 [Unicode-PropertyValueAliases]
631 The Unicode Consortium, "Unicode Character Database:
632 PropertyValueAliases", March 2008, .
635 [Unicode-RegEx]
636 The Unicode Consortium, "Unicode Technical Standard #18:
637 Unicode Regular Expressions", May 2005,
638 .
640 [Unicode-Scripts]
641 The Unicode Consortium, "Unicode Standard Annex #24:
642 Unicode Script Property", February 2008,
643 .
645 [Unicode-UAX15]
646 The Unicode Consortium, "Unicode Standard Annex #15:
647 Unicode Normalization Forms", 2006,
648 .
650 10.2. Informative References
652 [ASCII] American National Standards Institute (formerly United
653 States of America Standards Institute), "USA Code for
654 Information Interchange", ANSI X3.4-1968, 1968.
656 ANSI X3.4-1968 has been replaced by newer versions with
657 slight modifications, but the 1968 version remains
658 definitive for the Internet.
660 [IDNA2008-Mapping]
661 Resnick, P., "Mapping Characters in IDNA", August 2009, .
665 [IDNA2008-Rationale]
666 Klensin, J., Ed., "Internationalized Domain Names for
667 Applications (IDNA): Issues, Explanation, and Rationale",
668 February 2009, .
671 [RFC2136] Vixie, P., Thomson, S., Rekhter, Y., and J. Bound,
672 "Dynamic Updates in the Domain Name System (DNS UPDATE)",
673 RFC 2136, April 1997.
675 [RFC2181] Elz, R. and R. Bush, "Clarifications to the DNS
676 Specification", RFC 2181, July 1997.
678 [RFC2535] Eastlake, D., "Domain Name System Security Extensions",
679 RFC 2535, March 1999.
681 [RFC2671] Vixie, P., "Extension Mechanisms for DNS (EDNS0)",
682 RFC 2671, August 1999.
684 [RFC3490] Faltstrom, P., Hoffman, P., and A. Costello,
685 "Internationalizing Domain Names in Applications (IDNA)",
686 RFC 3490, March 2003.
688 [RFC3491] Hoffman, P. and M. Blanchet, "Nameprep: A Stringprep
689 Profile for Internationalized Domain Names (IDN)",
690 RFC 3491, March 2003.
692 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
693 Resource Identifier (URI): Generic Syntax", STD 66,
694 RFC 3986, January 2005.
696 [RFC3987] Duerst, M. and M. Suignard, "Internationalized Resource
697 Identifiers (IRIs)", RFC 3987, January 2005.
699 [RFC4690] Klensin, J., Faltstrom, P., Karp, C., and IAB, "Review and
700 Recommendations for Internationalized Domain Names
701 (IDNs)", RFC 4690, September 2006.
703 [RFC4952] Klensin, J. and Y. Ko, "Overview and Framework for
704 Internationalized Email", RFC 4952, July 2007.
706 [Unicode] The Unicode Consortium, "The Unicode Standard, Version
707 5.0", 2007.
709 Boston, MA, USA: Addison-Wesley. ISBN 0-321-48091-0
711 Appendix A. Summary of Major Changes from IDNA2003
713 1. Update base character set from Unicode 3.2 to Unicode version-
714 agnostic.
716 2. Separate the definitions for the "registration" and "lookup"
717 activities.
719 3. Disallow symbol and punctuation characters except where special
720 exceptions are necessary.
722 4. Remove the mapping and normalization steps from the protocol and
723 have them instead done by the applications themselves, possibly
724 in a local fashion, before invoking the protocol.
726 5. Change the way that the protocol specifies which characters are
727 allowed in labels from "humans decide what the table of
728 codepoints contains" to "decision about codepoints are based on
729 Unicode properties plus a small exclusion list created by
730 humans".
732 6. Introduce the new concept of characters that can be used only in
733 specific contexts.
735 7. Allow typical words and names in languages such as Dhivehi and
736 Yiddish to be expressed.
738 8. Make bidirectional domain names (delimited strings of labels,
739 not just labels standing on their own) display in a less
740 surprising fashion whether they appear in obvious domain name
741 contexts or as part of running text in paragraphs.
743 9. Remove the dot separator from the mandatory part of the
744 protocol.
746 10. Make some currently-valid labels that are not actually IDNA
747 labels invalid.
749 Appendix B. Change Log
751 [[anchor21: RFC Editor: Please remove this appendix.]]
753 B.1. Changes between Version -00 and -01 of draft-ietf-idnabis-protocol
755 o Corrected discussion of SRV records.
757 o Several small corrections for clarity.
759 o Inserted more "open issue" placeholders.
761 B.2. Version -02
763 o Rewrote the "conversion to Unicode" text in Section 5.2 as
764 requested on-list.
766 o Added a comment (and reference) about EDNS0 to the "DNS Server
767 Conventions" section, which was also retitled.
769 o Made several editorial corrections and improvements in response to
770 various comments.
772 o Added several new discussion placeholder anchors and updated some
773 older ones.
775 B.3. Version -03
777 o Trimmed change log, removing information about pre-WG drafts.
779 o Incorporated a number of changes suggested by Marcos Sanz in his
780 note of 2008.07.17 and added several more placeholder anchors.
782 o Several minor editorial corrections and improvements.
784 o "Editor" designation temporarily removed because the automatic
785 posting machinery does not accept it.
787 B.4. Version -04
789 o Removed Contextual Rule appendices for transfer to Tables.
791 o Several changes, including removal of discussion anchors, based on
792 discussions at IETF 72 (Dublin)
794 o Rewrote the preprocessing material (former Section 5.3) somewhat
795 -- see Appendix B.14.
797 B.5. Version -05
799 o Updated part of the A-label input explanation (Section 5.3) per
800 note from Erik van der Poel.
802 B.6. Version -06
804 o Corrected a few typographical errors.
806 o Incorporated the material (formerly in Rationale) on the
807 relationship between IDNA2003 and IDNA2008 as an appendix and
808 pointed to the new definitions document.
810 o Text modified in several places to recognize the dangers of
811 interaction between DNS wild cards and IDNs.
813 o Text added to be explicit about the handling of edge and failure
814 cases in Punycode encoding and decoding.
816 o Revised for consistency with the new Definitions document and to
817 make the text read more smoothly.
819 B.7. Version -07
821 o Multiple small textual and editorial changes and clarifications.
823 o Requirement for normalization clarified to apply to all cases and
824 conditions for preprocessing further clarified.
826 o Substantive change to Section 4.2.1, turning a SHOULD to a MUST
827 (see note from Mark Davis, 19 November, 2008 18:14 -0800).
829 B.8. Version -08
831 o Added some references and altered text to improve clarity.
833 o Changed the description of CONTEXTJ/CONTEXTO to conform to that in
834 Tables. In other words, these are now treated as distinction
835 categories (again), rather than as specially-flagged subsets of
836 PROTOCOL VALID.
838 o The discussion of label comparisons has been rewritten to make it
839 more precise and to clarify that one does not need to verify that
840 a string is a [valid] A-label or U-label in order to test it for
841 equality with another string. The WG should verify that the
842 current text is what is desired.
844 o Other changes to reflect post-IETF discussions or editorial
845 improvements.
847 B.9. Version -09
849 o Removed Security Considerations material to Defs document.
851 o Removed the Name Server Considerations material to Rationale.
852 That material is not normative and not needed to implement the
853 protocol itself.
855 o Adjusted terminology to match new version of Defs.
857 o Removed all discussion of local mapping and option for it from
858 registration protocol. Such mapping is now completely prohibited
859 on Registration.
861 o Removed some old placeholders and inquiries because no comments
862 have been received.
864 o Small editorial corrections.
866 B.10. Version -10
868 o Rewrote the registration input material slightly to further
869 clarify the "no mapping on registration" principle.
871 o Added placeholder notes about several tasks, notably reorganizing
872 Section 4 and Section 5 so that subsection numbers are parallel.
874 o Cleaned up an incorrect use of the terms "A-label" and "U-label"
875 in the lookup phase that was spotted by Mark Davis. Inserted a
876 note there about alternate ways to deal with the resulting
877 terminology problem.
879 o Added a temporarily appendix (above) to document alternate
880 strategies for possible replacements for the former Section 5.3
881 (see Appendix B.14).
883 B.11. Version -11
885 o Removed dangling reference to "C-label" (editing error in prior
886 draft).
888 o Recast the last steps of the Lookup description to eliminate
889 "apparent" (previously "putative") terminology.
891 o Rewrote major portions of the temporary appendix that describes
892 transitional mappings to improve clarity and add context.
894 o Did some fine-tuning of terminology, notably in Section 3.2.1.
896 B.12. Version -12
898 o Extensive editorial improvements, mostly due to suggestions from
899 Lisa Dusseault.
901 o Conformance statements have been made consistent, especially in
902 Section 4.2.1 and subsequent text, which said "SHOULD" in one
903 place and then said "MAY" as the result of incomplete removal of
904 registration-time mapping. Also clarified the definition of
905 "registration processes" in Section 4.1 -- the previous text had
906 confused several people.
908 o A few new "question to the WG notes have been added about
909 appropriateness or placement of text. If there are no comments on
910 the mailing list, the editor will apply his own judgment.
912 o Several of the usual small typos and other editorial errors have
913 been corrected.
915 o Section 5 has still not been reorganized to match Section 4 in
916 structure and subsection numbering -- will be done as soon as the
917 mapping decisions and references are final.
919 B.13. Version -13
921 o Modified the "putative label" text to better explain the term and
922 explicitly point back to Defs.
924 o Slight rewrite of former section 5.3 to clarify the NFC
925 requirement and to start the transition toward having some of the
926 explanation in the Mapping document. That whole section has been
927 removed in -14, see Appendix B.14 for more information.
929 B.14. Version -14
931 o Fixed substantive typographical error caught by Wil Tan.
933 o Added a check for consecutive hyphens in positions 3 and 4 to
934 Lookup.
936 o Reflected several changes suggested by Andrew Sullivan.
938 o Rearranged and rewrote material to reflect the mapping document
939 and its status.
941 o The former Section 5.3 and Appendix A, which discussed mapping
942 alternatives, have been dropped entirely. Such discussion now
943 belongs in the Mapping document, the portion of Rationale that
944 supports it, or not at all. Section 5.2 has been rewritten
945 slightly to point to Mapping for those issues.
947 o Note: With the revised mapping material inserted, I've just about
948 given up on the idea of having the subsections of Sections 4 and 5
949 exactly parallel each other. Anyone who still feels strongly
950 about this should be prepared to make very specific suggestions.
951 --JcK
953 B.15. Version -15
955 o Corrected name of protocol in the abstract ("Internationalization"
956 to "Internationalized") and a few other instances of that error.
958 o Corrected the hyphen test (Section 4.2.3.1).
960 o Added text to deal with the "upper case in A-labels" problem.
962 o Adjusted Acknowledgments to remove Mark Davis's name, per his
963 request and advice from IETF Trust Counsel.
965 o Incorporated other changes from WG Last Call.
967 o Small typographical and editorial corrections.
969 Author's Address
971 John C Klensin
972 1770 Massachusetts Ave, Ste 322
973 Cambridge, MA 02140
974 USA
976 Phone: +1 617 245 1457
977 Email: john+ietf@jck.com