idnits 2.17.1
draft-ietf-idnabis-protocol-17.txt:
Checking boilerplate required by RFC 5378 and the IETF Trust (see
https://trustee.ietf.org/license-info):
----------------------------------------------------------------------------
** The document seems to lack a License Notice according IETF Trust
Provisions of 28 Dec 2009, Section 6.b.i or Provisions of 12 Sep 2009
Section 6.b -- however, there's a paragraph with a matching beginning.
Boilerplate error?
(You're using the IETF Trust Provisions' Section 6.b License Notice from
12 Feb 2009 rather than one of the newer Notices. See
https://trustee.ietf.org/license-info/.)
Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/checklist :
----------------------------------------------------------------------------
== There are 2 instances of lines with non-RFC6890-compliant IPv4 addresses
in the document. If these are example addresses, they should be changed.
-- The draft header indicates that this document obsoletes RFC3490, but the
abstract doesn't seem to mention this, which it should.
-- The draft header indicates that this document updates RFC3492, but the
abstract doesn't seem to mention this, which it should.
Miscellaneous warnings:
----------------------------------------------------------------------------
== The copyright year in the IETF Trust and authors Copyright Line does not
match the current year
(Using the creation date from RFC3492, updated by this document, for
RFC5378 checks: 2002-01-10)
-- The document seems to contain a disclaimer for pre-RFC5378 work, and may
have content which was first submitted before 10 November 2008. The
disclaimer is necessary when there are original authors that you have
been unable to contact, or if some do not wish to grant the BCP78 rights
to the IETF Trust. If you are able to get all authors (current and
original) to grant those rights, you can and should remove the
disclaimer; otherwise, the disclaimer is needed and you can ignore this
comment. (See the Legal Provisions document at
https://trustee.ietf.org/license-info for more information.)
-- The document date (October 25, 2009) is 5296 days in the past. Is this
intentional?
Checking references for intended status: Proposed Standard
----------------------------------------------------------------------------
(See RFCs 3967 and 4897 for information about using normative references
to lower-maturity documents in RFCs)
== Unused Reference: 'RFC1123' is defined on line 644, but no explicit
reference was found in the text
== Unused Reference: 'Unicode-PropertyValueAliases' is defined on line 654,
but no explicit reference was found in the text
== Unused Reference: 'Unicode-RegEx' is defined on line 659, but no
explicit reference was found in the text
== Unused Reference: 'Unicode-Scripts' is defined on line 664, but no
explicit reference was found in the text
== Unused Reference: 'ASCII' is defined on line 676, but no explicit
reference was found in the text
== Unused Reference: 'RFC2136' is defined on line 695, but no explicit
reference was found in the text
== Unused Reference: 'RFC2181' is defined on line 699, but no explicit
reference was found in the text
== Unused Reference: 'RFC3491' is defined on line 709, but no explicit
reference was found in the text
-- Possible downref: Non-RFC (?) normative reference: ref. 'IDNA2008-BIDI'
-- Possible downref: Non-RFC (?) normative reference: ref.
'Unicode-PropertyValueAliases'
-- Possible downref: Non-RFC (?) normative reference: ref. 'Unicode-RegEx'
-- Possible downref: Non-RFC (?) normative reference: ref. 'Unicode-Scripts'
-- Possible downref: Non-RFC (?) normative reference: ref. 'Unicode-UAX15'
-- No information found for draft-ietf-idnabis-mapping - is the name
correct?
-- Obsolete informational reference (is this intentional?): RFC 2671
(Obsoleted by RFC 6891)
-- Obsolete informational reference (is this intentional?): RFC 3490
(Obsoleted by RFC 5890, RFC 5891)
-- Obsolete informational reference (is this intentional?): RFC 3491
(Obsoleted by RFC 5891)
-- Obsolete informational reference (is this intentional?): RFC 4952
(Obsoleted by RFC 6530)
Summary: 1 error (**), 0 flaws (~~), 10 warnings (==), 14 comments (--).
Run idnits with the --verbose option for more detailed information about
the items above.
--------------------------------------------------------------------------------
2 Network Working Group J. Klensin
3 Internet-Draft October 25, 2009
4 Obsoletes: 3490, 3491
5 (if approved)
6 Updates: 3492 (if approved)
7 Intended status: Standards Track
8 Expires: April 28, 2010
10 Internationalized Domain Names in Applications (IDNA): Protocol
11 draft-ietf-idnabis-protocol-17.txt
13 Status of this Memo
15 This Internet-Draft is submitted to IETF in full conformance with the
16 provisions of BCP 78 and BCP 79. This document may contain material
17 from IETF Documents or IETF Contributions published or made publicly
18 available before November 10, 2008. The person(s) controlling the
19 copyright in some of this material may not have granted the IETF
20 Trust the right to allow modifications of such material outside the
21 IETF Standards Process. Without obtaining an adequate license from
22 the person(s) controlling the copyright in such materials, this
23 document may not be modified outside the IETF Standards Process, and
24 derivative works of it may not be created outside the IETF Standards
25 Process, except to format it for publication as an RFC or to
26 translate it into languages other than English.
28 Internet-Drafts are working documents of the Internet Engineering
29 Task Force (IETF), its areas, and its working groups. Note that
30 other groups may also distribute working documents as Internet-
31 Drafts.
33 Internet-Drafts are draft documents valid for a maximum of six months
34 and may be updated, replaced, or obsoleted by other documents at any
35 time. It is inappropriate to use Internet-Drafts as reference
36 material or to cite them other than as "work in progress."
38 The list of current Internet-Drafts can be accessed at
39 http://www.ietf.org/ietf/1id-abstracts.txt.
41 The list of Internet-Draft Shadow Directories can be accessed at
42 http://www.ietf.org/shadow.html.
44 This Internet-Draft will expire on April 28, 2010.
46 Copyright Notice
48 Copyright (c) 2009 IETF Trust and the persons identified as the
49 document authors. All rights reserved.
51 This document is subject to BCP 78 and the IETF Trust's Legal
52 Provisions Relating to IETF Documents in effect on the date of
53 publication of this document (http://trustee.ietf.org/license-info).
54 Please review these documents carefully, as they describe your rights
55 and restrictions with respect to this document.
57 Abstract
59 This document is the revised protocol definition for
60 internationalized domain names (IDNs). The rationale for changes,
61 the relationship to the older specification, and important
62 terminology are provided in other documents. This document specifies
63 the protocol mechanism, called Internationalized Domain Names in
64 Applications (IDNA), for registering and looking up IDNs in a way
65 that does not require changes to the DNS itself. IDNA is only meant
66 for processing domain names, not free text.
68 Table of Contents
70 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5
71 1.1. Discussion Forum . . . . . . . . . . . . . . . . . . . . . 5
72 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
73 3. Requirements and Applicability . . . . . . . . . . . . . . . . 6
74 3.1. Requirements . . . . . . . . . . . . . . . . . . . . . . . 6
75 3.2. Applicability . . . . . . . . . . . . . . . . . . . . . . 6
76 3.2.1. DNS Resource Records . . . . . . . . . . . . . . . . . 7
77 3.2.2. Non-domain-name Data Types Stored in the DNS . . . . . 7
78 4. Registration Protocol . . . . . . . . . . . . . . . . . . . . 7
79 4.1. Input to IDNA Registration . . . . . . . . . . . . . . . . 8
80 4.2. Permitted Character and Label Validation . . . . . . . . . 8
81 4.2.1. Input Format . . . . . . . . . . . . . . . . . . . . . 8
82 4.2.2. Rejection of Characters that are not Permitted . . . . 9
83 4.2.3. Label Validation . . . . . . . . . . . . . . . . . . . 9
84 4.2.4. Registration Validation Requirements . . . . . . . . . 9
85 4.3. Registry Restrictions . . . . . . . . . . . . . . . . . . 10
86 4.4. Punycode Conversion . . . . . . . . . . . . . . . . . . . 10
87 4.5. Insertion in the Zone . . . . . . . . . . . . . . . . . . 11
88 5. Domain Name Lookup Protocol . . . . . . . . . . . . . . . . . 11
89 5.1. Label String Input . . . . . . . . . . . . . . . . . . . . 11
90 5.2. Conversion to Unicode . . . . . . . . . . . . . . . . . . 11
91 5.3. A-label Input . . . . . . . . . . . . . . . . . . . . . . 11
92 5.4. Validation and Character List Testing . . . . . . . . . . 12
93 5.5. Punycode Conversion . . . . . . . . . . . . . . . . . . . 13
94 5.6. DNS Name Resolution . . . . . . . . . . . . . . . . . . . 14
95 6. Security Considerations . . . . . . . . . . . . . . . . . . . 14
96 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14
97 8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 14
98 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 15
99 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15
100 10.1. Normative References . . . . . . . . . . . . . . . . . . . 15
101 10.2. Informative References . . . . . . . . . . . . . . . . . . 16
102 Appendix A. Summary of Major Changes from IDNA2003 . . . . . . . 18
103 Appendix B. Change Log . . . . . . . . . . . . . . . . . . . . . 18
104 B.1. Changes between Version -00 and -01 of
105 draft-ietf-idnabis-protocol . . . . . . . . . . . . . . . 18
106 B.2. Version -02 . . . . . . . . . . . . . . . . . . . . . . . 19
107 B.3. Version -03 . . . . . . . . . . . . . . . . . . . . . . . 19
108 B.4. Version -04 . . . . . . . . . . . . . . . . . . . . . . . 19
109 B.5. Version -05 . . . . . . . . . . . . . . . . . . . . . . . 19
110 B.6. Version -06 . . . . . . . . . . . . . . . . . . . . . . . 20
111 B.7. Version -07 . . . . . . . . . . . . . . . . . . . . . . . 20
112 B.8. Version -08 . . . . . . . . . . . . . . . . . . . . . . . 20
113 B.9. Version -09 . . . . . . . . . . . . . . . . . . . . . . . 21
114 B.10. Version -10 . . . . . . . . . . . . . . . . . . . . . . . 21
115 B.11. Version -11 . . . . . . . . . . . . . . . . . . . . . . . 21
116 B.12. Version -12 . . . . . . . . . . . . . . . . . . . . . . . 22
117 B.13. Version -13 . . . . . . . . . . . . . . . . . . . . . . . 22
118 B.14. Version -14 . . . . . . . . . . . . . . . . . . . . . . . 22
119 B.15. Version -15 . . . . . . . . . . . . . . . . . . . . . . . 23
120 B.16. Version -16 . . . . . . . . . . . . . . . . . . . . . . . 23
121 B.17. Version -17 . . . . . . . . . . . . . . . . . . . . . . . 23
122 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 24
124 1. Introduction
126 This document supplies the protocol definition for internationalized
127 domain names. Essential definitions and terminology for
128 understanding this document and a road map of the collection of
129 documents that make up IDNA2008 appear in [IDNA2008-Defs].
130 Appendix A discusses the relationship between this specification and
131 the earlier version of IDNA (referred to here as "IDNA2003"). The
132 rationale for these changes, along with considerable explanatory
133 material and advice to zone administrators who support IDNs is
134 provided in another document, [IDNA2008-Rationale].
136 IDNA works by allowing applications to use certain ASCII string
137 labels (beginning with a special prefix) to represent non-ASCII name
138 labels. Lower-layer protocols need not be aware of this; therefore
139 IDNA does not change any infrastructure. In particular, IDNA does
140 not depend on any changes to DNS servers, resolvers, or DNS protocol
141 elements, because the ASCII name service provided by the existing DNS
142 can be used for IDNA.
144 IDNA applies only to a specific subset of DNS labels. The base DNS
145 standards [RFC1034] [RFC1035] and their various updates specify how
146 to combine labels into fully-qualified domain names and parse labels
147 out of those names.
149 This document describes two separate protocols, one for IDN
150 registration (Section 4) and one for IDN lookup (Section 5). These
151 two protocols share some terminology, reference data and operations.
153 1.1. Discussion Forum
155 [[ RFC Editor: please remove this section. ]]
157 This work is being discussed in the IETF IDNABIS WG and on the
158 mailing list idna-update@alvestrand.no
160 2. Terminology
162 Terminology used as part of the definition of IDNA appears in
163 [IDNA2008-Defs]. It is worth noting that some of this terminology
164 overlaps with, and is consistent with, that used in Unicode or other
165 character set standards and the DNS. Readers of this document are
166 assumed to be familiar with [IDNA2008-Defs] and with the DNS-specific
167 terminology in RFC 1034 [RFC1034].
169 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
170 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
171 document are to be interpreted as described in BCP 14, RFC 2119
172 [RFC2119].
174 3. Requirements and Applicability
176 3.1. Requirements
178 IDNA makes the following requirements:
180 1. Whenever a domain name is put into an IDN-unaware domain name
181 slot (see Section 2 and [IDNA2008-Defs]), it MUST contain only
182 ASCII characters (i.e., its labels must be either A-labels or NR-
183 LDH-labels), unless the DNS application is not subject to
184 historical recommendations for "hostname"-style names (see
185 [RFC1034] and Section 3.2.1).
187 2. Labels MUST be compared using equivalent forms: either both
188 A-Label forms or both U-Label forms. Because A-labels and
189 U-labels can be transformed into each other without loss of
190 information, these comparisons are equivalent. A pair of
191 A-labels MUST be compared as case-insensitive ASCII (as with all
192 comparisons of ASCII DNS labels). U-labels must be compared
193 as-is, without case-folding or other intermediate steps. Note
194 that it is not necessary to validate labels in order to compare
195 them and that successful comparison does not imply validity. In
196 many cases, not limited to comparison, validation may be
197 important for other reasons and SHOULD be performed.
199 3. Labels being registered MUST conform to the requirements of
200 Section 4. Labels being looked up and the lookup process MUST
201 conform to the requirements of Section 5.
203 3.2. Applicability
205 IDNA applies to all domain names in all domain name slots in
206 protocols except where it is explicitly excluded. It does not apply
207 to domain name slots which do not use the Letter/Digit/Hyphen (LDH)
208 syntax rules.
210 Because IDNA uses the DNS, IDNA applies to many protocols that were
211 specified before it was designed. IDNs occupying domain name slots
212 in those older protocols MUST be in A-label form until and unless
213 those protocols and their implementations are explicitly upgraded to
214 be aware of IDNs. IDNs actually appearing in DNS queries or
215 responses MUST be A-labels.
217 IDNA-aware protocols and implementations MAY accept U-labels,
218 A-labels, or both as those particular protocols specify.
220 IDNA is not defined for extended label types (see RFC 2671, Section 3
221 [RFC2671]).
223 3.2.1. DNS Resource Records
225 IDNA applies only to domain names in the NAME and RDATA fields of DNS
226 resource records whose CLASS is IN. See RFC 1035 [RFC1035] for
227 precise definitions of these terms.
229 The application of IDNA to DNS resource records depends entirely on
230 the CLASS of the record, and not on the TYPE except as noted below.
231 This will remain true, even as new types are defined, unless a new
232 type defines type-specific rules. Special naming conventions for SRV
233 records (and "underscore labels" more generally) are incompatible
234 with IDNA coding as discussed in [IDNA2008-Defs], especially Section
235 2.3.2.3. Of course, underscore labels may be part of a domain that
236 uses IDN labels at higher levels in the tree.
238 3.2.2. Non-domain-name Data Types Stored in the DNS
240 Although IDNA enables the representation of non-ASCII characters in
241 domain names, that does not imply that IDNA enables the
242 representation of non-ASCII characters in other data types that are
243 stored in domain names, specifically in the RDATA field for types
244 that have structured RDATA format. For example, an email address
245 local part is stored in a domain name in the RNAME field as part of
246 the RDATA of an SOA record (hostmaster@example.com would be
247 represented as hostmaster.example.com). IDNA does not update the
248 existing email standards, which allow only ASCII characters in local
249 parts. Even though work is in progress to define
250 internationalization for email addresses [RFC4952], changes to the
251 email address part of the SOA RDATA would require action in, or
252 updates to, other standards, specifically those that specify the
253 format of the SOA RR.
255 4. Registration Protocol
257 This section defines the model for registering an IDN. The model is
258 implementation independent; any sequence of steps that produces
259 exactly the same result for all labels is considered a valid
260 implementation.
262 Note that, while the registration (this section) and lookup protocols
263 (Section 5) are very similar in most respects, they are not identical
264 and implementers should carefully follow the steps described in this
265 specification.
267 4.1. Input to IDNA Registration
269 Registration processes, especially processing by entities (often
270 called "registrars") who deal with registrants before the request
271 actually reaches the zone manager ("registry") are outside the scope
272 of this definition and may differ significantly depending on local
273 needs. By the time a string enters the IDNA registration process as
274 described in this specification, it MUST be in Unicode and in
275 Normalization Form C (NFC [Unicode-UAX15]). Entities responsible for
276 zone files ("registries") MUST accept only the exact string for which
277 registration is requested, free of any mappings or local adjustments.
278 They MAY accept that input in any of three forms:
280 1. As a pair of A-label and U-label.
282 2. As an A-label only.
284 3. As a U-label only.
286 The first two of these forms are RECOMMENDED because the use of
287 A-labels avoids any possibility of ambiguity. The first is normally
288 preferred over the second because it permits further verification of
289 user intent (see Section 4.2.1).
291 4.2. Permitted Character and Label Validation
293 4.2.1. Input Format
295 If both the U-label and A-label forms are available, the registry
296 MUST ensure that the A-label form is in lower case, perform a
297 conversion to a U-label, perform the steps and tests described below
298 on that U-label, and then verify that the A-label produced by the
299 step in Section 4.4 matches the one provided as input. In addition,
300 the U-label that was provided as input and the one obtained by
301 conversion of the A-label MUST match exactly. If, for some reason,
302 these tests fail, the registration MUST be rejected.
304 If only an A-label was provided and the conversion to a U-label is
305 not performed, the registry MUST still verify that the A-label is
306 superficially valid, i.e., that it does not violate any of the rules
307 of Punycode [RFC3492] encoding such as the prohibition on trailing
308 hyphen-minus, appearance of non-basic characters before the
309 delimiter, and so on. Strings that appear to be A-labels (e.g., they
310 start with "xn--") and strings that are supplied to the registry in a
311 context (such as a field in a form to be filled out) reserved for
312 A-labels, but that are not valid A-labels as described in this
313 paragraph, MUST NOT be placed in DNS zones that support IDNA.
315 4.2.2. Rejection of Characters that are not Permitted
317 The candidate Unicode string MUST NOT contain characters that appear
318 in the "DISALLOWED" and "UNASSIGNED" lists specified in
319 [IDNA2008-Tables].
321 4.2.3. Label Validation
323 The proposed label (in the form of a Unicode string, i.e., a string
324 that at least superficially appears to be a U-label) is then
325 examined, performing tests that require examination of more than one
326 character. Character order is considered to be the on-the-wire
327 order, not the display order.
329 4.2.3.1. Hyphen Restrictions
331 The Unicode string MUST NOT contain "--" (two consecutive hyphens) in
332 the third and fourth character positions and MUST NOT start or end
333 with a "-" (hyphen).
335 4.2.3.2. Leading Combining Marks
337 The Unicode string MUST NOT begin with a combining mark or combining
338 character (see The Unicode Standard, Section 2.11 [Unicode] for an
339 exact definition).
341 4.2.3.3. Contextual Rules
343 The Unicode string MUST NOT contain any characters whose validity is
344 context-dependent, unless the validity is positively confirmed by a
345 contextual rule. To check this, each code-point marked as CONTEXTJ
346 and CONTEXTO in [IDNA2008-Tables] MUST have a non-null rule. If such
347 a code-point is missing a rule, it is invalid. If the rule exists
348 but the result of applying the rule is negative or inconclusive, the
349 proposed label is invalid.
351 4.2.3.4. Labels Containing Characters Written Right to Left
353 If the proposed label contains any characters that are written from
354 right to left it MUST meet the BIDI criteria [IDNA2008-BIDI].
356 4.2.4. Registration Validation Requirements
358 Strings that contain at least one non-ASCII character, have been
359 produced by the steps above, whose contents pass all of the tests in
360 Section 4.2.3, and are 63 or fewer characters long in ACE form (see
361 Section 4.4), are U-labels.
363 To summarize, tests are made in Section 4.2 for invalid characters,
364 invalid combinations of characters, for labels that are invalid even
365 if the characters they contain are valid individually, and for labels
366 that do not conform to the restrictions for strings containing right
367 to left characters.
369 4.3. Registry Restrictions
371 In addition to the rules and tests above, there are many reasons why
372 a registry could reject a label. Registries at all levels of the
373 DNS, not just the top level, are expected to establish policies about
374 label registrations. Policies are likely to be informed by the local
375 languages and the scripts that are used to write them and may depend
376 on many factors including what characters are in the label (for
377 example, a label may be rejected based on other labels already
378 registered). See [IDNA2008-Rationale] Section 3.2 for a discussion
379 and recommendations about registry policies.
381 The string produced by the steps in Section 4.2 is checked and
382 processed as appropriate to local registry restrictions. Application
383 of those registry restrictions may result in the rejection of some
384 labels or the application of special restrictions to others.
386 4.4. Punycode Conversion
388 The resulting U-label is converted to an A-label (defined in Section
389 2.3.2.1 of [IDNA2008-Defs]). The A-label is the encoding of the
390 U-label according to the Punycode algorithm [RFC3492] with the ACE
391 prefix "xn--" added at the beginning of the string. The resulting
392 string must, of course, conform to the length limits imposed by the
393 DNS. This document does not update or alter the Punycode algorithm
394 specified in RFC 3492 in any way. That document does make a non-
395 normative reference to the information about the value and
396 construction of the ACE prefix that appears "in RFC 3490 or Nameprep
397 [RFC3491]". For consistency and reader convenience, IDNA2008
398 effectively updates that reference to point to this document. That
399 change does not alter the prefix itself. The prefix, "xn--", is the
400 same in both sets of documents.
402 With the exception of the maximum string length test on Punycode
403 output, the failure conditions identified in the Punycode encoding
404 procedure cannot occur if the input is a U-label as determined by the
405 steps in Section 4.1 through Section 4.3 above.
407 4.5. Insertion in the Zone
409 The label is registered in the DNS by inserting the A-label into a
410 zone.
412 5. Domain Name Lookup Protocol
414 Lookup is different from registration and different tests are applied
415 on the client. Although some validity checks are necessary to avoid
416 serious problems with the protocol, the lookup-side tests are more
417 permissive and rely on the assumption that names that are present in
418 the DNS are valid. That assumption is, however, a weak one because
419 the presence of wild cards in the DNS might cause a string that is
420 not actually registered in the DNS to be successfully looked up.
422 5.1. Label String Input
424 The user supplies a string in the local character set, for example by
425 typing it or clicking on, or copying and pasting, a resource
426 identifier, e.g., a URI [RFC3986] or IRI [RFC3987] from which the
427 domain name is extracted. Alternately, some process not directly
428 involving the user may read the string from a file or obtain it in
429 some other way. Processing in this step and that specified in
430 Section 5.2 are local matters, to be accomplished prior to actual
431 invocation of IDNA.
433 5.2. Conversion to Unicode
435 The string is converted from the local character set into Unicode, if
436 it is not already in Unicode. Depending on local needs, this
437 conversion may involve mapping some characters into other characters
438 as well as coding conversions. Those issues are discussed in
439 [IDNA2008-Mapping] and the mapping-related sections (Sections 4.4, 6,
440 and 7.3) of [IDNA2008-Rationale]. The result MUST be a Unicode
441 string in NFC form.
443 5.3. A-label Input
445 If the input to this procedure appears to be an A-label (i.e., it
446 starts in "xn--", interpreted case-insensitively), the lookup
447 application MAY attempt to convert it to a U-label, first ensuring
448 that the A-label is entirely in lower case (converting it to lower
449 case if necessary), and apply the tests of Section 5.4 and the
450 conversion of Section 5.5 to that form. If the label is converted to
451 Unicode (i.e., to U-label form) using the Punycode decoding
452 algorithm, then the processing specified in those two sections MUST
453 be performed, and the label MUST be rejected if the resulting label
454 is not identical to the original. See Section 8.1 of
455 [IDNA2008-Rationale] for additional discussion on this topic.
457 Conversion from the A-label and testing that the result is a U-label
458 SHOULD be performed if the domain name will later be presented to the
459 user in native character form (this requires that the lookup
460 application be IDNA-aware). If those steps are not performed, the
461 lookup process SHOULD at least test to determine that the string is
462 actually an A-label, examining it for the invalid formats specified
463 in the Punycode decoding specification. Applications that are not
464 IDNA-aware will obviously omit that testing; others MAY treat the
465 string as opaque to avoid the additional processing at the expense of
466 providing less protection and information to users.
468 5.4. Validation and Character List Testing
470 As with the registration procedure described in Section 4, the
471 Unicode string is checked to verify that all characters that appear
472 in it are valid as input to IDNA lookup processing. As discussed
473 above and in [IDNA2008-Rationale], the lookup check is more liberal
474 than the registration one. Labels that have not been fully evaluated
475 for conformance to the applicable rules are referred to as "putative"
476 labels as discussed in Section 2.3.2.1 of [IDNA2008-Defs]. Putative
477 labels with any of the following characteristics MUST be rejected
478 prior to DNS lookup:
480 o Labels that are not in NFC [Unicode-UAX15].
482 o Labels containing "--" (two consecutive hyphens) in the third and
483 fourth character positions.
485 o Labels whose first character is a combining mark (see The Unicode
486 Standard, Section 2.11 [Unicode]).
488 o Labels containing prohibited code points, i.e., those that are
489 assigned to the "DISALLOWED" category of [IDNA2008-Tables].
491 o Labels containing code points that are identified in
492 [IDNA2008-Tables] as "CONTEXTJ", i.e., requiring exceptional
493 contextual rule processing on lookup, but that do not conform to
494 those rules. Note that this implies that a rule must be defined,
495 not null: a character that requires a contextual rule but for
496 which the rule is null is treated in this step as having failed to
497 conform to the rule.
499 o Labels containing code points that are identified in
500 [IDNA2008-Tables] as "CONTEXTO", but for which no such rule
501 appears in the table of rules. Applications resolving DNS names
502 or carrying out equivalent operations are not required to test
503 contextual rules for "CONTEXTO" characters, only to verify that a
504 rule is defined (although they MAY make such tests to provide
505 better protection or give better information to the user).
507 o Labels containing code points that are unassigned in the version
508 of Unicode being used by the application, i.e.,in the UNASSIGNED
509 category of [IDNA2008-Tables].
511 This requirement means that the application must use a list of
512 unassigned characters that is matched to the version of Unicode
513 that is being used for the other requirements in this section. It
514 is not required that the application know which version of Unicode
515 is being used; that information might be part of the operating
516 environment in which the application is running.
518 In addition, the application SHOULD apply the following test.
520 o Verification that the string is compliant with the requirements
521 for right to left characters, specified in [IDNA2008-BIDI].
523 This test may be omitted in special circumstances, such as when the
524 lookup application knows that the conditions are enforced elsewhere,
525 because an attempt to look up and resolve such strings will almost
526 certainly lead to a DNS lookup failure except when wild cards are
527 present in the zone. However, applying the test is likely to give
528 much better information about the reason for a lookup failure --
529 information that may be usefully passed to the user when that is
530 feasible -- than DNS resolution failure information alone.
532 For all other strings, the lookup application MUST rely on the
533 presence or absence of labels in the DNS to determine the validity of
534 those labels and the validity of the characters they contain. If
535 they are registered, they are presumed to be valid; if they are not,
536 their possible validity is not relevant. While a lookup application
537 may reasonably issue warnings about strings it believes may be
538 problematic, applications that decline to process a string that
539 conforms to the rules above (i.e., does not look it up in the DNS)
540 are not in conformance with this protocol.
542 5.5. Punycode Conversion
544 The string that has now been validated for lookup is converted to ACE
545 form by applying the Punycode algorithm to the string and then adding
546 the ACE prefix.
548 5.6. DNS Name Resolution
550 The A-label resulting from the conversion in Section 5.5 or supplied
551 directly (see Section 5.3) is combined with other labels as needed to
552 form a fully-qualified domain name which is then looked up in the
553 DNS, using normal DNS resolver procedures. The lookup can obviously
554 either succeed (returning information) or fail.
556 6. Security Considerations
558 Security Considerations for this version of IDNA are described in
559 [IDNA2008-Defs], except for the special issues associated with right
560 to left scripts and characters. The latter are discussed in
561 [IDNA2008-BIDI].
563 In order to avoid intentional or accidental attacks from labels that
564 might be confused with others, special problems in rendering, and so
565 on, the IDNA model requires that registries exercise care and
566 thoughtfulness about what labels they choose to permit. That issue
567 is discussed in Section 4.3 of this document which, in turn, points
568 to a somewhat more extensive discussion in [IDNA2008-Rationale].
570 7. IANA Considerations
572 IANA actions for this version of IDNA are specified in
573 [IDNA2008-Tables] and discussed informally in [IDNA2008-Rationale].
574 The components of IDNA described in this document do not require any
575 IANA actions.
577 8. Contributors
579 While the listed editor held the pen, the original versions of this
580 document represent the joint work and conclusions of an ad hoc design
581 team consisting of the editor and, in alphabetic order, Harald
582 Alvestrand, Tina Dam, Patrik Faltstrom, and Cary Karp. This document
583 draws significantly on the original version of IDNA [RFC3490] both
584 conceptually and for specific text. This second-generation version
585 would not have been possible without the work that went into that
586 first version and especially the contributions of its authors Patrik
587 Faltstrom, Paul Hoffman, and Adam Costello. While Faltstrom was
588 actively involved in the creation of this version, Hoffman and
589 Costello were not and should not be held responsible for any errors
590 or omissions.
592 9. Acknowledgments
594 This revision to IDNA would have been impossible without the
595 accumulated experience since RFC 3490 was published and resulting
596 comments and complaints of many people in the IETF, ICANN, and other
597 communities, too many people to list here. Nor would it have been
598 possible without RFC 3490 itself and the efforts of the Working Group
599 that defined it. Those people whose contributions are acknowledged
600 in RFC 3490, [RFC4690], and [IDNA2008-Rationale] were particularly
601 important.
603 Specific textual changes were incorporated into this document after
604 suggestions from the other contributors, Stephane Bortzmeyer, Vint
605 Cerf, Lisa Dusseault, Paul Hoffman, Kent Karlsson, James Mitchell,
606 Erik van der Poel, Marcos Sanz, Andrew Sullivan, Wil Tan, Ken
607 Whistler, Chris Wright, and other WG participants and reviewers
608 including Martin Duerst, James Mitchell, Subramanian Moonesamy, Peter
609 Saint-Andre, Margaret Wasserman, and Dan Winship who caught specific
610 errors and recommended corrections. Special thanks are due to Paul
611 Hoffman for permission to extract material from his Internet-Draft to
612 form the basis for Appendix A.
614 10. References
616 10.1. Normative References
618 [IDNA2008-BIDI]
619 Alvestrand, H. and C. Karp, "An updated IDNA criterion for
620 right-to-left scripts", August 2009, .
623 [IDNA2008-Defs]
624 Klensin, J., "Internationalized Domain Names for
625 Applications (IDNA): Definitions and Document Framework",
626 August 2009, .
629 [IDNA2008-Tables]
630 Faltstrom, P., "The Unicode Codepoints and IDNA",
631 August 2009, .
634 A version of this document is available in HTML format at
635 http://stupid.domain.name/idnabis/
636 draft-ietf-idnabis-tables-06.html
638 [RFC1034] Mockapetris, P., "Domain names - concepts and facilities",
639 STD 13, RFC 1034, November 1987.
641 [RFC1035] Mockapetris, P., "Domain names - implementation and
642 specification", STD 13, RFC 1035, November 1987.
644 [RFC1123] Braden, R., "Requirements for Internet Hosts - Application
645 and Support", STD 3, RFC 1123, October 1989.
647 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
648 Requirement Levels", BCP 14, RFC 2119, March 1997.
650 [RFC3492] Costello, A., "Punycode: A Bootstring encoding of Unicode
651 for Internationalized Domain Names in Applications
652 (IDNA)", RFC 3492, March 2003.
654 [Unicode-PropertyValueAliases]
655 The Unicode Consortium, "Unicode Character Database:
656 PropertyValueAliases", March 2008, .
659 [Unicode-RegEx]
660 The Unicode Consortium, "Unicode Technical Standard #18:
661 Unicode Regular Expressions", May 2005,
662 .
664 [Unicode-Scripts]
665 The Unicode Consortium, "Unicode Standard Annex #24:
666 Unicode Script Property", February 2008,
667 .
669 [Unicode-UAX15]
670 The Unicode Consortium, "Unicode Standard Annex #15:
671 Unicode Normalization Forms", 2006,
672 .
674 10.2. Informative References
676 [ASCII] American National Standards Institute (formerly United
677 States of America Standards Institute), "USA Code for
678 Information Interchange", ANSI X3.4-1968, 1968.
680 ANSI X3.4-1968 has been replaced by newer versions with
681 slight modifications, but the 1968 version remains
682 definitive for the Internet.
684 [IDNA2008-Mapping]
685 Resnick, P. and P. Hoffman, "Mapping Characters in IDNA",
686 September 2009, .
689 [IDNA2008-Rationale]
690 Klensin, J., Ed., "Internationalized Domain Names for
691 Applications (IDNA): Issues, Explanation, and Rationale",
692 February 2009, .
695 [RFC2136] Vixie, P., Thomson, S., Rekhter, Y., and J. Bound,
696 "Dynamic Updates in the Domain Name System (DNS UPDATE)",
697 RFC 2136, April 1997.
699 [RFC2181] Elz, R. and R. Bush, "Clarifications to the DNS
700 Specification", RFC 2181, July 1997.
702 [RFC2671] Vixie, P., "Extension Mechanisms for DNS (EDNS0)",
703 RFC 2671, August 1999.
705 [RFC3490] Faltstrom, P., Hoffman, P., and A. Costello,
706 "Internationalizing Domain Names in Applications (IDNA)",
707 RFC 3490, March 2003.
709 [RFC3491] Hoffman, P. and M. Blanchet, "Nameprep: A Stringprep
710 Profile for Internationalized Domain Names (IDN)",
711 RFC 3491, March 2003.
713 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
714 Resource Identifier (URI): Generic Syntax", STD 66,
715 RFC 3986, January 2005.
717 [RFC3987] Duerst, M. and M. Suignard, "Internationalized Resource
718 Identifiers (IRIs)", RFC 3987, January 2005.
720 [RFC4690] Klensin, J., Faltstrom, P., Karp, C., and IAB, "Review and
721 Recommendations for Internationalized Domain Names
722 (IDNs)", RFC 4690, September 2006.
724 [RFC4952] Klensin, J. and Y. Ko, "Overview and Framework for
725 Internationalized Email", RFC 4952, July 2007.
727 [Unicode] The Unicode Consortium, "The Unicode Standard, Version
728 5.0", 2007.
730 Boston, MA, USA: Addison-Wesley. ISBN 0-321-48091-0
732 Appendix A. Summary of Major Changes from IDNA2003
734 1. Update base character set from Unicode 3.2 to Unicode version-
735 agnostic.
737 2. Separate the definitions for the "registration" and "lookup"
738 activities.
740 3. Disallow symbol and punctuation characters except where special
741 exceptions are necessary.
743 4. Remove the mapping and normalization steps from the protocol and
744 have them instead done by the applications themselves, possibly
745 in a local fashion, before invoking the protocol.
747 5. Change the way that the protocol specifies which characters are
748 allowed in labels from "humans decide what the table of
749 codepoints contains" to "decision about codepoints are based on
750 Unicode properties plus a small exclusion list created by
751 humans".
753 6. Introduce the new concept of characters that can be used only in
754 specific contexts.
756 7. Allow typical words and names in languages such as Dhivehi and
757 Yiddish to be expressed.
759 8. Make bidirectional domain names (delimited strings of labels,
760 not just labels standing on their own) display in a less
761 surprising fashion whether they appear in obvious domain name
762 contexts or as part of running text in paragraphs.
764 9. Remove the dot separator from the mandatory part of the
765 protocol.
767 10. Make some currently-valid labels that are not actually IDNA
768 labels invalid.
770 Appendix B. Change Log
772 [[ RFC Editor: Please remove this appendix. ]]
774 B.1. Changes between Version -00 and -01 of draft-ietf-idnabis-protocol
776 o Corrected discussion of SRV records.
778 o Several small corrections for clarity.
780 o Inserted more "open issue" placeholders.
782 B.2. Version -02
784 o Rewrote the "conversion to Unicode" text in Section 5.2 as
785 requested on-list.
787 o Added a comment (and reference) about EDNS0 to the "DNS Server
788 Conventions" section, which was also retitled.
790 o Made several editorial corrections and improvements in response to
791 various comments.
793 o Added several new discussion placeholder anchors and updated some
794 older ones.
796 B.3. Version -03
798 o Trimmed change log, removing information about pre-WG drafts.
800 o Incorporated a number of changes suggested by Marcos Sanz in his
801 note of 2008.07.17 and added several more placeholder anchors.
803 o Several minor editorial corrections and improvements.
805 o "Editor" designation temporarily removed because the automatic
806 posting machinery does not accept it.
808 B.4. Version -04
810 o Removed Contextual Rule appendices for transfer to Tables.
812 o Several changes, including removal of discussion anchors, based on
813 discussions at IETF 72 (Dublin)
815 o Rewrote the preprocessing material (former Section 5.3) somewhat
816 -- see Appendix B.14.
818 B.5. Version -05
820 o Updated part of the A-label input explanation (Section 5.3) per
821 note from Erik van der Poel.
823 B.6. Version -06
825 o Corrected a few typographical errors.
827 o Incorporated the material (formerly in Rationale) on the
828 relationship between IDNA2003 and IDNA2008 as an appendix and
829 pointed to the new definitions document.
831 o Text modified in several places to recognize the dangers of
832 interaction between DNS wild cards and IDNs.
834 o Text added to be explicit about the handling of edge and failure
835 cases in Punycode encoding and decoding.
837 o Revised for consistency with the new Definitions document and to
838 make the text read more smoothly.
840 B.7. Version -07
842 o Multiple small textual and editorial changes and clarifications.
844 o Requirement for normalization clarified to apply to all cases and
845 conditions for preprocessing further clarified.
847 o Substantive change to Section 4.2.1, turning a SHOULD to a MUST
848 (see note from Mark Davis, 19 November, 2008 18:14 -0800).
850 B.8. Version -08
852 o Added some references and altered text to improve clarity.
854 o Changed the description of CONTEXTJ/CONTEXTO to conform to that in
855 Tables. In other words, these are now treated as distinction
856 categories (again), rather than as specially-flagged subsets of
857 PROTOCOL VALID.
859 o The discussion of label comparisons has been rewritten to make it
860 more precise and to clarify that one does not need to verify that
861 a string is a [valid] A-label or U-label in order to test it for
862 equality with another string. The WG should verify that the
863 current text is what is desired.
865 o Other changes to reflect post-IETF discussions or editorial
866 improvements.
868 B.9. Version -09
870 o Removed Security Considerations material to Defs document.
872 o Removed the Name Server Considerations material to Rationale.
873 That material is not normative and not needed to implement the
874 protocol itself.
876 o Adjusted terminology to match new version of Defs.
878 o Removed all discussion of local mapping and option for it from
879 registration protocol. Such mapping is now completely prohibited
880 on Registration.
882 o Removed some old placeholders and inquiries because no comments
883 have been received.
885 o Small editorial corrections.
887 B.10. Version -10
889 o Rewrote the registration input material slightly to further
890 clarify the "no mapping on registration" principle.
892 o Added placeholder notes about several tasks, notably reorganizing
893 Section 4 and Section 5 so that subsection numbers are parallel.
895 o Cleaned up an incorrect use of the terms "A-label" and "U-label"
896 in the lookup phase that was spotted by Mark Davis. Inserted a
897 note there about alternate ways to deal with the resulting
898 terminology problem.
900 o Added a temporarily appendix (above) to document alternate
901 strategies for possible replacements for the former Section 5.3
902 (see Appendix B.14).
904 B.11. Version -11
906 o Removed dangling reference to "C-label" (editing error in prior
907 draft).
909 o Recast the last steps of the Lookup description to eliminate
910 "apparent" (previously "putative") terminology.
912 o Rewrote major portions of the temporary appendix that describes
913 transitional mappings to improve clarity and add context.
915 o Did some fine-tuning of terminology, notably in Section 3.2.1.
917 B.12. Version -12
919 o Extensive editorial improvements, mostly due to suggestions from
920 Lisa Dusseault.
922 o Conformance statements have been made consistent, especially in
923 Section 4.2.1 and subsequent text, which said "SHOULD" in one
924 place and then said "MAY" as the result of incomplete removal of
925 registration-time mapping. Also clarified the definition of
926 "registration processes" in Section 4.1 -- the previous text had
927 confused several people.
929 o A few new "question to the WG notes have been added about
930 appropriateness or placement of text. If there are no comments on
931 the mailing list, the editor will apply his own judgment.
933 o Several of the usual small typos and other editorial errors have
934 been corrected.
936 o Section 5 has still not been reorganized to match Section 4 in
937 structure and subsection numbering -- will be done as soon as the
938 mapping decisions and references are final.
940 B.13. Version -13
942 o Modified the "putative label" text to better explain the term and
943 explicitly point back to Defs.
945 o Slight rewrite of former section 5.3 to clarify the NFC
946 requirement and to start the transition toward having some of the
947 explanation in the Mapping document. That whole section has been
948 removed in -14, see Appendix B.14 for more information.
950 B.14. Version -14
952 o Fixed substantive typographical error caught by Wil Tan.
954 o Added a check for consecutive hyphens in positions 3 and 4 to
955 Lookup.
957 o Reflected several changes suggested by Andrew Sullivan.
959 o Rearranged and rewrote material to reflect the mapping document
960 and its status.
962 o The former Section 5.3 and Appendix A, which discussed mapping
963 alternatives, have been dropped entirely. Such discussion now
964 belongs in the Mapping document, the portion of Rationale that
965 supports it, or not at all. Section 5.2 has been rewritten
966 slightly to point to Mapping for those issues.
968 o Note: With the revised mapping material inserted, I've just about
969 given up on the idea of having the subsections of Sections 4 and 5
970 exactly parallel each other. Anyone who still feels strongly
971 about this should be prepared to make very specific suggestions.
972 --JcK
974 B.15. Version -15
976 o Corrected name of protocol in the abstract ("Internationalization"
977 to "Internationalized") and a few other instances of that error.
979 o Corrected the hyphen test (Section 4.2.3.1).
981 o Added text to deal with the "upper case in A-labels" problem.
983 o Adjusted Acknowledgments to remove Mark Davis's name, per his
984 request and advice from IETF Trust Counsel.
986 o Incorporated other changes from WG Last Call.
988 o Small typographical and editorial corrections.
990 B.16. Version -16
992 o Adjusted references to current versions.
994 o Adjusted discussion of changes to Punycode to make more precise.
996 o Inserted text to clarify version matching between IDNA and
997 Unicode.
999 o Made several small changes based on Martin Duerst's review.
1001 o Substituted in Section numbers in references to other IDNA2008
1002 documents.
1004 B.17. Version -17
1006 This is the version of the document produced to reflect comments on
1007 IETF Last Call. For the convenience of those who made comments and
1008 of the IESG in evaluating them, this section therefore identifies
1009 non-editorial changes made in response to Last Call comments in
1010 somewhat more detail than may be usual.
1012 o Eliminated the use of "Fake A-label" in this document because it
1013 was causing confusion. Instead, the material in Section 4.2.1
1014 that used that terminology has been recast to be specific about
1015 the restriction. (Margaret Wasserman, Ops Directorate review.)
1017 o Additional paragraph added to Security Considerations to call out
1018 the Registry Restrictions/ permitted name policy issue. (Margaret
1019 Wasserman, Ops Directorate review.)
1021 o The statement "IDNA applies only to DNS labels" changed to "IDNA
1022 applies only to a specific subset of DNS labels" because it
1023 doesn't apply to all of them. (Dan Winship review, 20091013)
1025 o Clarified some "label" versus "domain name" terminology. (Dan
1026 Winship review, 20091013)
1028 o Corrected an error in reference to RFC 1034 to point to RFC 1035
1029 instead. (Dan Winship review, 20091013)
1031 o Corrected title and a reference in 4.2.4. (Dan Winship review,
1032 20091013)
1034 o Restructured the last paragraph of Section 4.4 to finish
1035 reflecting the change removing the 63 octet limit on U-labels.
1036 (Dan Winship review, 20091013)
1038 o Another patch to the case-sensitivity of A-labels. (James
1039 Mitchell, 20091014)
1041 o Added text to 3.2 to explicitly indicate that IDNA-aware
1042 applications may choose to accept A-labels, U-labels, or both.
1043 (Peter Saint-Andre, 20091019)
1045 Author's Address
1047 John C Klensin
1048 1770 Massachusetts Ave, Ste 322
1049 Cambridge, MA 02140
1050 USA
1052 Phone: +1 617 245 1457
1053 Email: john+ietf@jck.com