idnits 2.17.1 draft-ietf-xmpp-nodeprep-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (June 04, 2003) is 7604 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 3454 (ref. '1') (Obsoleted by RFC 7564) == Outdated reference: A later version (-24) exists of draft-ietf-xmpp-core-13 -- Possible downref: Non-RFC (?) normative reference: ref. '4' Summary: 2 errors (**), 0 flaws (~~), 3 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group P. Saint-Andre 3 Internet-Draft Jabber Software Foundation 4 Expires: December 3, 2003 J. Hildebrand 5 Jabber, Inc. 6 June 04, 2003 8 Nodeprep: A Stringprep Profile for Node Identifiers in XMPP 9 draft-ietf-xmpp-nodeprep-03 11 Status of this Memo 13 This document is an Internet-Draft and is in full conformance with 14 all provisions of Section 10 of RFC2026. 16 Internet-Drafts are working documents of the Internet Engineering 17 Task Force (IETF), its areas, and its working groups. Note that other 18 groups may also distribute working documents as Internet-Drafts. 20 Internet-Drafts are draft documents valid for a maximum of six months 21 and may be updated, replaced, or obsoleted by other documents at any 22 time. It is inappropriate to use Internet-Drafts as reference 23 material or to cite them other than as "work in progress." 25 The list of current Internet-Drafts can be accessed at http:// 26 www.ietf.org/ietf/1id-abstracts.txt. 28 The list of Internet-Draft Shadow Directories can be accessed at 29 http://www.ietf.org/shadow.html. 31 This Internet-Draft will expire on December 3, 2003. 33 Copyright Notice 35 Copyright (C) The Internet Society (2003). All Rights Reserved. 37 Abstract 39 This document defines a stringprep profile for node identifiers in 40 the Extensible Messaging and Presence Protocol (XMPP). 42 Table of Contents 44 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 45 1.1 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 46 1.2 Discussion Venue . . . . . . . . . . . . . . . . . . . . . . . 3 47 1.3 Intellectual Property Notice . . . . . . . . . . . . . . . . . 3 48 2. Character Repertoire . . . . . . . . . . . . . . . . . . . . . 5 49 3. Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 50 4. Normalization . . . . . . . . . . . . . . . . . . . . . . . . 7 51 5. Prohibited Output . . . . . . . . . . . . . . . . . . . . . . 8 52 6. Bidirectional Characters . . . . . . . . . . . . . . . . . . . 9 53 7. Security Considerations . . . . . . . . . . . . . . . . . . . 10 54 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 55 Normative References . . . . . . . . . . . . . . . . . . . . . 12 56 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 12 57 A. Revision History . . . . . . . . . . . . . . . . . . . . . . . 13 58 A.1 Changes from draft-ietf-xmpp-nodeprep-02 . . . . . . . . . . . 13 59 A.2 Changes from draft-ietf-xmpp-nodeprep-01 . . . . . . . . . . . 13 60 A.3 Changes from draft-ietf-xmpp-nodeprep-00 . . . . . . . . . . . 13 61 Intellectual Property and Copyright Statements . . . . . . . . 14 63 1. Introduction 65 This document, which defines a profile of stringprep (RFC 3454 [1]), 66 specifies processing rules that will enable users to enter 67 internationalized node identifiers in XMPP (see XMPP Core [2]) and 68 have the highest chance of getting the content of the strings 69 correct. These processing rules are intended only for XMPP node 70 identifiers (which are often associated with usernames), and are not 71 intended for arbitrary text. 73 This profile defines the following, as required by RFC 3454 [1]: 75 o The intended applicability of the profile: internationalized node 76 identifiers within XMPP 78 o The character repertoire that is the input and output to 79 stringprep: Unicode 3.2, specified in section 2 81 o The mappings used: specified in section 3 83 o The Unicode normalization used: specified in section 4 85 o The characters that are prohibited as output: specified in section 86 5 88 o Bidirectional character handling: specified in section 6 90 1.1 Terminology 92 This document inherits the terminology defined in XMPP Core [2]. 94 The capitalized key words "MUST", "MUST NOT", "REQUIRED", "SHALL", 95 "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and 96 "OPTIONAL" in this document are to be interpreted as described in RFC 97 2119 [3]. 99 1.2 Discussion Venue 101 The authors welcome discussion and comments related to the topics 102 presented in this document. The preferred forum is the 103 mailing list, for which archives and subscription 104 information are available at . 107 1.3 Intellectual Property Notice 109 This document is in full compliance with all provisions of Section 10 110 of RFC 2026. Parts of this specification use the term "jabber" for 111 identifying namespaces and other protocol syntax. Jabber[tm] is a 112 registered trademark of Jabber, Inc. Jabber, Inc. grants permission 113 to the IETF for use of the Jabber trademark in association with this 114 specification and its successors, if any. 116 2. Character Repertoire 118 This profile uses Unicode 3.2 with the list of unassigned code points 119 being Table A.1, both defined in Appendix A of RFC 3454 [1]. 121 3. Mapping 123 This profile specifies mapping using the following tables from RFC 124 3454 [1]: 126 Table B.1 128 Table B.2 130 4. Normalization 132 This profile specifies using Unicode normalization form KC, as 133 described in RFC 3454 [1]. 135 5. Prohibited Output 137 This profile specifies prohibiting use of the following tables from 138 RFC 3454 [1]. 140 Table C.1.1 142 Table C.1.2 144 Table C.2.1 146 Table C.2.2 148 Table C.3 150 Table C.4 152 Table C.5 154 Table C.6 156 Table C.7 158 Table C.8 160 Table C.9 162 In addition, the following Unicode characters are also prohibited: 164 #x22 (") 166 #x26 (&) 168 #x27 (') 170 #x2F (/) 172 #x3A (:) 174 #x3C (<) 176 #x3E (>) 178 #x40 (@) 180 6. Bidirectional Characters 182 This profile specifies checking bidirectional strings as described in 183 section 6 of RFC 3454 [1]. 185 7. Security Considerations 187 The Unicode and ISO/IEC 10646 repertoires have many characters that 188 look similar. In many cases, users of security protocols might do 189 visual matching, such as when comparing the names of trusted third 190 parties. Because it is impossible to map similar-looking characters 191 without a great deal of context such as knowing the fonts used, 192 stringprep does nothing to map similar-looking characters together 193 nor to prohibit some characters because they look like others. 195 A node identifier can be employed as one part of an entity's address 196 in XMPP. One common usage is as the username of an instant messaging 197 user; another is as the name of a multi-user chat room; and many 198 other kinds of entities could use node identifiers as part of their 199 addresses. The security of such services could be compromised based 200 on different interpretations of the internationalized node 201 identifier; for example, a user entering a single internationalized 202 node identifier could access another user's account information, or a 203 user could gain access to an otherwise restricted chat room or 204 service. 206 8. IANA Considerations 208 This is a profile of stringprep. If and when it becomes an RFC, it 209 should be registered in the stringprep profile registry maintained by 210 the IANA [4]. 212 Name of this profile: 214 Nodeprep 216 RFC in which the profile is defined: 218 This document 220 Indicator whether or not this is the newest version of the profile: 222 This is the first version of Nodeprep 224 Normative References 226 [1] Hoffman, P. and M. Blanchet, "Preparation of Internationalized 227 Strings ("stringprep")", RFC 3454, December 2002. 229 [2] Saint-Andre, P. and J. Miller, "XMPP Core", 230 draft-ietf-xmpp-core-13 (work in progress), June 2003. 232 [3] Bradner, S., "Key words for use in RFCs to Indicate Requirement 233 Levels", BCP 14, RFC 2119, March 1997. 235 [4] Internet Assigned Numbers Authority, "Internet Assigned Numbers 236 Authority", January 1998, . 238 Authors' Addresses 240 Peter Saint-Andre 241 Jabber Software Foundation 243 EMail: stpeter@jabber.org 244 URI: http://www.jabber.org/people/stpeter.php 246 Joe Hildebrand 247 Jabber, Inc. 249 EMail: jhildebrand@jabber.com 250 URI: http://www.jabber.org/people/hildjj.php 252 Appendix A. Revision History 254 Note to RFC Editor: please remove this entire appendix, and the 255 corresponding entries in the table of contents, prior to publication. 257 A.1 Changes from draft-ietf-xmpp-nodeprep-02 259 o Provided additional examples of node identifier usage. 261 o Made several small editorial changes. 263 A.2 Changes from draft-ietf-xmpp-nodeprep-01 265 o Made small editorial changes to address RFC Editor requirements. 267 A.3 Changes from draft-ietf-xmpp-nodeprep-00 269 o Clarified references to Unicode 3.2 and unassigned code points. 271 Intellectual Property Statement 273 The IETF takes no position regarding the validity or scope of any 274 intellectual property or other rights that might be claimed to 275 pertain to the implementation or use of the technology described in 276 this document or the extent to which any license under such rights 277 might or might not be available; neither does it represent that it 278 has made any effort to identify any such rights. Information on the 279 IETF's procedures with respect to rights in standards-track and 280 standards-related documentation can be found in BCP-11. Copies of 281 claims of rights made available for publication and any assurances of 282 licenses to be made available, or the result of an attempt made to 283 obtain a general license or permission for the use of such 284 proprietary rights by implementors or users of this specification can 285 be obtained from the IETF Secretariat. 287 The IETF invites any interested party to bring to its attention any 288 copyrights, patents or patent applications, or other proprietary 289 rights which may cover technology that may be required to practice 290 this standard. Please address the information to the IETF Executive 291 Director. 293 Full Copyright Statement 295 Copyright (C) The Internet Society (2003). All Rights Reserved. 297 This document and translations of it may be copied and furnished to 298 others, and derivative works that comment on or otherwise explain it 299 or assist in its implementation may be prepared, copied, published 300 and distributed, in whole or in part, without restriction of any 301 kind, provided that the above copyright notice and this paragraph are 302 included on all such copies and derivative works. However, this 303 document itself may not be modified in any way, such as by removing 304 the copyright notice or references to the Internet Society or other 305 Internet organizations, except as needed for the purpose of 306 developing Internet standards in which case the procedures for 307 copyrights defined in the Internet Standards process must be 308 followed, or as required to translate it into languages other than 309 English. 311 The limited permissions granted above are perpetual and will not be 312 revoked by the Internet Society or its successors or assignees. 314 This document and the information contained herein is provided on an 315 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 316 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 317 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 318 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 319 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 321 Acknowledgement 323 Funding for the RFC Editor function is currently provided by the 324 Internet Society.