idnits 2.17.1 draft-ietf-precis-7700bis-09.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (July 16, 2017) is 2475 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-10) exists of draft-ietf-precis-7564bis-09 -- Possible downref: Non-RFC (?) normative reference: ref. 'Unicode' -- Possible downref: Non-RFC (?) normative reference: ref. 'UTS39' -- Obsolete informational reference (is this intentional?): RFC 7700 (ref. 'Err4570') (Obsoleted by RFC 8266) -- Duplicate reference: RFC7700, mentioned in 'RFC7700', was also mentioned in 'Err4570'. -- Obsolete informational reference (is this intentional?): RFC 7700 (Obsoleted by RFC 8266) Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 PRECIS P. Saint-Andre 3 Internet-Draft Filament 4 Obsoletes: 7700 (if approved) July 16, 2017 5 Intended status: Standards Track 6 Expires: January 17, 2018 8 Preparation, Enforcement, and Comparison of Internationalized Strings 9 Representing Nicknames 10 draft-ietf-precis-7700bis-09 12 Abstract 14 This document describes methods for handling Unicode strings 15 representing memorable, human-friendly names (called "nicknames", 16 "display names", or "petnames") for people, devices, accounts, 17 websites, and other entities. This document obsoletes RFC 7700. 19 Status of This Memo 21 This Internet-Draft is submitted in full conformance with the 22 provisions of BCP 78 and BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF). Note that other groups may also distribute 26 working documents as Internet-Drafts. The list of current Internet- 27 Drafts is at http://datatracker.ietf.org/drafts/current/. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 This Internet-Draft will expire on January 17, 2018. 36 Copyright Notice 38 Copyright (c) 2017 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents 43 (http://trustee.ietf.org/license-info) in effect on the date of 44 publication of this document. Please review these documents 45 carefully, as they describe your rights and restrictions with respect 46 to this document. Code Components extracted from this document must 47 include Simplified BSD License text as described in Section 4.e of 48 the Trust Legal Provisions and are provided without warranty as 49 described in the Simplified BSD License. 51 Table of Contents 53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 54 1.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 2 55 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 56 2. Nickname Profile . . . . . . . . . . . . . . . . . . . . . . 3 57 2.1. Rules . . . . . . . . . . . . . . . . . . . . . . . . . . 3 58 2.2. Preparation . . . . . . . . . . . . . . . . . . . . . . . 5 59 2.3. Enforcement . . . . . . . . . . . . . . . . . . . . . . . 5 60 2.4. Comparison . . . . . . . . . . . . . . . . . . . . . . . 5 61 3. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 6 62 4. Use in Application Protocols . . . . . . . . . . . . . . . . 7 63 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 64 6. Security Considerations . . . . . . . . . . . . . . . . . . . 8 65 6.1. Reuse of PRECIS . . . . . . . . . . . . . . . . . . . . . 8 66 6.2. Reuse of Unicode . . . . . . . . . . . . . . . . . . . . 8 67 6.3. Visually Similar Characters . . . . . . . . . . . . . . . 9 68 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 69 7.1. Normative References . . . . . . . . . . . . . . . . . . 9 70 7.2. Informative References . . . . . . . . . . . . . . . . . 10 71 Appendix A. Changes from RFC 7700 . . . . . . . . . . . . . . . 11 72 Appendix B. Acknowledgements . . . . . . . . . . . . . . . . . . 11 73 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 11 75 1. Introduction 77 1.1. Overview 79 A number of technologies and applications provide the ability for a 80 person to choose a memorable, human-friendly name in a communications 81 context, or to set such a name for another entity such as a device, 82 account, contact, or website. Such names are variously called 83 "nicknames" (e.g., in chat room applications), "display names" (e.g., 84 in Internet mail), or "petnames" (see [PETNAME-SYSTEMS]); for 85 consistency, these are all called "nicknames" in this document. 87 Nicknames are commonly supported in technologies for textual chat 88 rooms, e.g., Internet Relay Chat [RFC2811] and multi-party chat 89 technologies based on the Extensible Messaging and Presence Protocol 90 (XMPP) [RFC6120] [XEP-0045], the Message Session Relay Protocol 91 (MSRP) [RFC4975] [RFC7701], and Centralized Conferencing (XCON) 92 [RFC5239] [XCON-SYSTEM]. Recent chat room technologies also allow 93 internationalized nicknames because they support code points from 94 outside the ASCII range [RFC20], typically by means of the Unicode 95 coded character set [Unicode]. Although such nicknames tend to be 96 used primarily for display purposes, they are sometimes used for 97 programmatic purposes as well (e.g., kicking users or avoiding 98 nickname conflicts). 100 A similar usage enables a person to set their own preferred display 101 name or to set a preferred display name for another user (e.g., the 102 "display-name" construct in the Internet message format [RFC5322] and 103 [XEP-0172] in XMPP). 105 Memorable, human-friendly names are also used in contexts other than 106 personal messaging, such as names for devices (e.g., in a network 107 visualization application), websites (e.g., for bookmarks in a web 108 browser), accounts (e.g., in a web interface for a list of payees in 109 a bank account), people (e.g., in a contact list application), and 110 the like. 112 The rules specified in this document can be applied in all of the 113 foregoing contexts. 115 To increase the likelihood that memorable, human-friendly names will 116 work in ways that make sense for typical users throughout the world, 117 this document defines rules for preparing, enforcing, and comparing 118 internationalized nicknames. 120 1.2. Terminology 122 Many important terms used in this document are defined in 123 [I-D.ietf-precis-7564bis], [RFC6365], and [Unicode]. 125 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 126 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 127 "OPTIONAL" in this document are to be interpreted as described in 128 [RFC2119]. 130 2. Nickname Profile 132 2.1. Rules 134 The following rules apply within the Nickname profile of the PRECIS 135 FreeformClass defined in the PRECIS framework specification 136 [I-D.ietf-precis-7564bis]. 138 1. Width Mapping Rule: There is no width-mapping rule (such a rule 139 is not necessary because width mapping is performed as part of 140 normalization using Normalization Form KC (NFKC) as specified 141 below). 143 2. Additional Mapping Rule: The additional mapping rule consists of 144 the following sub-rules. 146 1. Map any instances of non-ASCII space to ASCII space (U+0020); 147 a non-ASCII space is any Unicode code point having a general 148 category of "Zs", naturally with the exception of U+0020. 149 (The inclusion of only ASCII space prevents confusion with 150 various non-ASCII space code points, many of which are 151 difficult to reproduce across different input methods.) 153 2. Remove any instances of the ASCII space character at the 154 beginning or end of a nickname (e.g., "stpeter " is mapped to 155 "stpeter"). 157 3. Map interior sequences of more than one ASCII space character 158 to a single ASCII space character (e.g., "St Peter" is 159 mapped to "St Peter"). 161 3. Case Mapping Rule: Apply the Unicode toLower() operation, as 162 defined in the Unicode Standard [Unicode]. In applications that 163 prohibit conflicting nicknames, this rule helps to reduce the 164 possibility of confusion by ensuring that nicknames differing 165 only by case (e.g., "stpeter" vs. "StPeter") would not be 166 presented to a human user at the same time. (As explained below, 167 this is typically appropriate only for comparison, not for 168 enforcement.) 170 4. Normalization Rule: Apply Unicode Normalization Form KC. Because 171 NFKC is more "aggressive" in finding matches than other 172 normalization forms (in the terminology of Unicode, it performs 173 both canonical and compatibility decomposition before recomposing 174 code points), this rule helps to reduce the possibility of 175 confusion by increasing the number of code points that would 176 match (e.g., U+2163 ROMAN NUMERAL FOUR would match the 177 combination of U+0049 LATIN CAPITAL LETTER I and U+0056 LATIN 178 CAPITAL LETTER V). 180 5. Directionality Rule: There is no directionality rule. The "Bidi 181 Rule" (defined in [RFC5893]) and similar rules are unnecessary 182 and inapplicable to nicknames, because it is perfectly acceptable 183 for a given nickname to be presented differently in different 184 layout systems (e.g., a user interface that is configured to 185 handle primarily a right-to-left script versus an interface that 186 is configured to handle primarily a left-to-right script), as 187 long as the presentation is consistent in any given layout 188 system. 190 2.2. Preparation 192 An entity that prepares an input string for subsequent enforcement 193 according to this profile MUST ensure that the string consists only 194 of Unicode code points that conform to the FreeformClass string class 195 defined in [I-D.ietf-precis-7564bis]. 197 2.3. Enforcement 199 An entity that performs enforcement according to this profile MUST 200 prepare an input string as described in Section 2.2 and MUST also 201 apply the following rules specified in Section 2.1 in the order 202 shown: 204 1. Additional Mapping Rule 205 2. Normalization Rule 207 Note: An entity SHOULD apply the Case Mapping Rule only during 208 comparison. 210 After all of the foregoing rules have been enforced, the entity MUST 211 ensure that the nickname is not zero bytes in length (this is done 212 after enforcing the rules to prevent applications from mistakenly 213 omitting a nickname entirely, because when internationalized strings 214 are accepted, a non-empty sequence of characters can result in a 215 zero-length nickname after canonicalization). 217 The result of the foregoing operations is an output string that 218 conforms to the Nickname profile. Until an implementation produces 219 such an output string, it MUST NOT treat the string as conforming (in 220 particular, it MUST NOT assume that an input string is conforming 221 before the enforcement operation has been completed). 223 2.4. Comparison 225 An entity that performs comparison of two strings according to this 226 profile MUST prepare each input string as specified in Section 2.2 227 and MUST apply the following rules specified in Section 2.1 in the 228 order shown: 230 1. Additional Mapping Rule 231 2. Case Mapping Rule 232 3. Normalization Rule 234 The two strings are to be considered equivalent if and only if they 235 are an exact octet-for-octet match (sometimes called "bit-string 236 identity"). 238 Until an implementation determines whether two strings are to be 239 considered equivalent, it MUST NOT treat them as equivalent (in 240 particular, it MUST NOT assume that an input string conforms to the 241 rules before the comparison operation has been completed). 243 3. Examples 245 The following examples illustrate a small number of nicknames that 246 are consistent with the format defined above, along with the output 247 string resulting from application of the PRECIS rules (note that the 248 characters < and > are used to delineate the actual nickname and are 249 not part of the nickname strings). 251 Table 1: A Sample of Legal Nicknames 253 +---------------------------+-----------------------------------+ 254 | # | Nickname | Output for Comparison | 255 +---------------------------+-----------------------------------+ 256 | 1 | | | 257 +---------------------------+-----------------------------------+ 258 | 2 | | | 259 +---------------------------+-----------------------------------+ 260 | 3 | | | 261 +---------------------------+-----------------------------------+ 262 | 4 | | | 263 +---------------------------+-----------------------------------+ 264 | 5 | <Σ> | GREEK SMALL LETTER SIGMA (U+03C3) | 265 +---------------------------+-----------------------------------+ 266 | 6 | <σ> | GREEK SMALL LETTER SIGMA (U+03C3) | 267 +---------------------------+-----------------------------------+ 268 | 7 | <ς> | GREEK SMALL LETTER FINAL SIGMA | 269 | | | (U+03C2) | 270 +---------------------------+-----------------------------------+ 271 | 8 | <♚> | BLACK CHESS KING (U+265A) | 272 +---------------------------+-----------------------------------+ 273 | 9 | | | 274 +---------------------------+-----------------------------------+ 276 Regarding examples 5, 6, and 7: applying the Unicode toLower() 277 operation to GREEK CAPITAL LETTER SIGMA (U+03A3) results in GREEK 278 SMALL LETTER SIGMA (U+03C3), however the toLower() operation does not 279 modify GREEK SMALL LETTER FINAL SIGMA (U+03C2); therefore, the 280 comparison operation defined in Section 2.4 would result in matching 281 of the nicknames in examples 5 and 6 but not the nicknames in 282 examples 5 and 7 or 6 and 7. Regarding example 8: symbol characters 283 such as BLACK CHESS KING (U+265A) are allowed by the PRECIS 284 FreeformClass and thus can be used in nicknames. Regarding example 285 9: applying the Unicode toLower() operation to ROMAN NUMERAL FOUR 286 (U+2163) results in SMALL ROMAN NUMERAL FOUR (U+2173), and applying 287 NFKC to SMALL ROMAN NUMERAL FOUR (U+2173) results in LATIN SMALL 288 LETTER I (U+0069) LATIN SMALL LETTER V (U+0086). 290 4. Use in Application Protocols 292 This specification defines only the PRECIS-based rules for handling 293 of nickname strings. It is the responsibility of an application 294 protocol (e.g., MSRP, XCON, or XMPP) or application definition to 295 specify the protocol slots in which nickname strings can appear, the 296 entities that are expected to enforce the rules governing nickname 297 strings, and when in protocol processing or interface handling the 298 rules need to be enforced. See Section 6 of 299 [I-D.ietf-precis-7564bis] for guidelines about using PRECIS profiles 300 in applications. 302 Above and beyond the PRECIS-based rules specified here, application 303 protocols can also define application-specific rules governing 304 nickname strings (rules regarding the minimum or maximum length of 305 nicknames, further restrictions on allowable code points or character 306 ranges, safeguards to mitigate the effects of visually similar 307 characters, etc.). 309 Naturally, application protocols can also specify rules governing the 310 actual use of nicknames in applications (reserved nicknames, 311 authorization requirements for using nicknames, whether certain 312 nicknames can be prohibited, handling of duplicates, the relationship 313 between nicknames and underlying identifiers such as SIP URIs or 314 Jabber IDs, etc.). 316 Entities that enforce the rules specified in this document are 317 encouraged to be liberal in what they accept by following this 318 procedure: 320 1. Where possible, map characters (e.g, through width mapping, 321 additional mapping, case mapping, or normalization) and accept 322 the mapped string. 324 2. If mapping is not possible (e.g., because a character is 325 disallowed in the FreeformClass), reject the string. 327 Implementation experience has shown that applying the rules for the 328 Nickname profile is not an idempotent procedure for all code points. 329 Therefore, an implementation SHOULD apply the rules repeatedly until 330 the output string is stable; if the output string does not stabilize 331 within a reasonable number of iterations, the implementation SHOULD 332 terminate application of the rules and reject the input string as 333 invalid. 335 5. IANA Considerations 337 The IANA shall add the following entry to the PRECIS Profiles 338 Registry: 340 Name: Nickname 342 Base Class: FreeformClass 344 Applicability: Nicknames in messaging and text conferencing 345 technologies; petnames for devices, accounts, and people; and 346 other uses of nicknames or petnames. 348 Replaces: None 350 Width Mapping Rule: None (handled via NFKC) 352 Additional Mapping Rule: Map non-ASCII space characters to ASCII 353 space, strip leading and trailing space characters, map interior 354 sequences of multiple space characters to a single ASCII space. 356 Case Mapping Rule: Map uppercase and titlecase code points to 357 lowercase using the Unicode toLower() operation. 359 Normalization Rule: NFKC 361 Directionality Rule: None 363 Enforcement: To be specified by applications. 365 Specification: [[this document]] 367 6. Security Considerations 369 6.1. Reuse of PRECIS 371 The security considerations described in [I-D.ietf-precis-7564bis] 372 apply to the FreeformClass string class used in this document for 373 nicknames. 375 6.2. Reuse of Unicode 377 The security considerations described in [UTS39] apply to the use of 378 Unicode code points in nicknames. 380 6.3. Visually Similar Characters 382 [I-D.ietf-precis-7564bis] describes some of the security 383 considerations related to visually similar characters, also called 384 "confusable characters" or "confusables", and provides some examples 385 of such characters. 387 Although the mapping rules defined in Section 2 of this document are 388 designed, in part, to reduce the possibility of confusion about 389 nicknames, this document does not provide more-detailed 390 recommendations regarding the handling of visually similar 391 characters, such as those provided in [UTS39]. 393 7. References 395 7.1. Normative References 397 [I-D.ietf-precis-7564bis] 398 Saint-Andre, P. and M. Blanchet, "PRECIS Framework: 399 Preparation, Enforcement, and Comparison of 400 Internationalized Strings in Application Protocols", 401 draft-ietf-precis-7564bis-09 (work in progress), July 402 2017. 404 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 405 Requirement Levels", BCP 14, RFC 2119, 406 DOI 10.17487/RFC2119, March 1997, 407 . 409 [RFC5893] Alvestrand, H., Ed. and C. Karp, "Right-to-Left Scripts 410 for Internationalized Domain Names for Applications 411 (IDNA)", RFC 5893, DOI 10.17487/RFC5893, August 2010, 412 . 414 [RFC6365] Hoffman, P. and J. Klensin, "Terminology Used in 415 Internationalization in the IETF", BCP 166, RFC 6365, 416 DOI 10.17487/RFC6365, September 2011, 417 . 419 [Unicode] The Unicode Consortium, "The Unicode Standard", 420 . 422 [UTS39] The Unicode Consortium, "Unicode Technical Standard #39: 423 Unicode Security Mechanisms", November 2013, 424 . 426 7.2. Informative References 428 [Err4570] RFC Errata, "Erratum ID 4570", RFC 7700, 429 . 431 [PETNAME-SYSTEMS] 432 Stiegler, M., "An Introduction to Petname Systems", 433 updated June 2012, February 2005, 434 . 437 [RFC20] Cerf, V., "ASCII format for network interchange", STD 80, 438 RFC 20, DOI 10.17487/RFC0020, October 1969, 439 . 441 [RFC2811] Kalt, C., "Internet Relay Chat: Channel Management", 442 RFC 2811, DOI 10.17487/RFC2811, April 2000, 443 . 445 [RFC4975] Campbell, B., Ed., Mahy, R., Ed., and C. Jennings, Ed., 446 "The Message Session Relay Protocol (MSRP)", RFC 4975, 447 DOI 10.17487/RFC4975, September 2007, 448 . 450 [RFC5239] Barnes, M., Boulton, C., and O. Levin, "A Framework for 451 Centralized Conferencing", RFC 5239, DOI 10.17487/RFC5239, 452 June 2008, . 454 [RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322, 455 DOI 10.17487/RFC5322, October 2008, 456 . 458 [RFC6120] Saint-Andre, P., "Extensible Messaging and Presence 459 Protocol (XMPP): Core", RFC 6120, DOI 10.17487/RFC6120, 460 March 2011, . 462 [RFC7700] Saint-Andre, P., "Preparation, Enforcement, and Comparison 463 of Internationalized Strings Representing Nicknames", 464 RFC 7700, DOI 10.17487/RFC7700, December 2015, 465 . 467 [RFC7701] Niemi, A., Garcia-Martin, M., and G. Sandbakken, "Multi- 468 party Chat Using the Message Session Relay Protocol 469 (MSRP)", RFC 7701, DOI 10.17487/RFC7701, December 2015, 470 . 472 [XCON-SYSTEM] 473 Barnes, M., Boulton, C., and S. Loreto, "Chatrooms within 474 a Centralized Conferencing (XCON) System", Work in 475 Progress, draft-boulton-xcon-session-chat-08, July 2012. 477 [XEP-0045] 478 Saint-Andre, P., "Multi-User Chat", XSF XEP 0045, February 479 2012, . 481 [XEP-0172] 482 Saint-Andre, P. and V. Mercier, "User Nickname", XSF 483 XEP 0172, March 2012, 484 . 486 Appendix A. Changes from RFC 7700 488 The following changes were made from [RFC7700]. 490 o Addressed [Err4570] by removing the directionality rule and adding 491 the normalization rule to Section 2.3. 493 o In accordance with working group discussions and updates to 494 [I-D.ietf-precis-7564bis], removed the use of the Unicode 495 CaseFold() operation in favor of the Unicode toLower() operation. 497 o Clarified several editorial matters. 499 o Updated references. 501 Appendix B. Acknowledgements 503 Thanks to William Fisher for his implementation feedback, especially 504 regarding idempotence. 506 Thanks to Sam Whited for his feedback and for submitting [Err4570]. 508 See [RFC7700] for acknowledgements related to the specification that 509 this document supersedes. 511 Author's Address 512 Peter Saint-Andre 513 Filament 514 P.O. Box 787 515 Parker, CO 80134 516 USA 518 Phone: +1 720 256 6756 519 Email: peter@filament.com 520 URI: https://filament.com/