[Docs] [txt|pdf|xml|html] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits]

Versions: (draft-blanchet-precis-framework) 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 RFC 7564

Network Working Group                                        M. Blanchet
Internet-Draft                                                  Viagenie
Obsoletes: 3454 (if approved)                             P. Saint-Andre
Intended status: Standards Track                                   Cisco
Expires: May 2, 2012                                    October 30, 2011


   PRECIS Framework: Handling Internationalized Strings in Protocols
                     draft-ietf-precis-framework-01

Abstract

   Application protocols that make use of Unicode code points in
   protocol strings need to prepare such strings in order to perform
   comparison operations (e.g., for purposes of authentication or
   authorization).  In general, this problem has been labeled the
   "preparation and comparison of internationalized strings" or
   "PRECIS".  This document defines a framework that enables application
   protocols to prepare various classes of strings in a way that depends
   on the properties of Unicode code points.  Because this framework
   does not depend on large tables of Unicode code points as in
   stringprep (RFC 3454), it is more agile with regard to changes in the
   underlying Unicode database and thus provides improved flexibility to
   application protocols.  A specification that uses this framework
   either can directly use the base string classes defined in this
   document or can subclass the base string classes as needed.  This
   framework uses an approach similar to that of the revised
   internationalized domain names in applications (IDNA) technology (RFC
   5890, RFC 5891, RFC 5892, RFC 5893, RFC 5894) and thus adheres to the
   high-level design goals described in RFC 4690, albeit for application
   technologies other than the Domain Name System (DNS).  This document
   obsoletes RFC 3454.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."




Blanchet & Saint-Andre     Expires May 2, 2012                  [Page 1]


Internet-Draft              PRECIS Framework                October 2011


   This Internet-Draft will expire on May 2, 2012.

Copyright Notice

   Copyright (c) 2011 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.



































Blanchet & Saint-Andre     Expires May 2, 2012                  [Page 2]


Internet-Draft              PRECIS Framework                October 2011


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  5
   2.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  6
   3.  String Classes . . . . . . . . . . . . . . . . . . . . . . . .  6
     3.1.  NameClass  . . . . . . . . . . . . . . . . . . . . . . . .  7
       3.1.1.  Valid  . . . . . . . . . . . . . . . . . . . . . . . .  7
       3.1.2.  Disallowed . . . . . . . . . . . . . . . . . . . . . .  8
       3.1.3.  Unassigned . . . . . . . . . . . . . . . . . . . . . .  8
       3.1.4.  Directionality . . . . . . . . . . . . . . . . . . . .  8
       3.1.5.  Case Mapping . . . . . . . . . . . . . . . . . . . . .  8
       3.1.6.  Normalization  . . . . . . . . . . . . . . . . . . . .  8
     3.2.  FreeClass  . . . . . . . . . . . . . . . . . . . . . . . .  8
       3.2.1.  Valid  . . . . . . . . . . . . . . . . . . . . . . . .  9
       3.2.2.  Disallowed . . . . . . . . . . . . . . . . . . . . . .  9
       3.2.3.  Unassigned . . . . . . . . . . . . . . . . . . . . . .  9
       3.2.4.  Directionality . . . . . . . . . . . . . . . . . . . .  9
       3.2.5.  Case Mapping . . . . . . . . . . . . . . . . . . . . .  9
       3.2.6.  Normalization  . . . . . . . . . . . . . . . . . . . . 10
   4.  Use of PRECIS String Classes . . . . . . . . . . . . . . . . . 10
     4.1.  Principles . . . . . . . . . . . . . . . . . . . . . . . . 10
     4.2.  Subclassing  . . . . . . . . . . . . . . . . . . . . . . . 10
     4.3.  Registration . . . . . . . . . . . . . . . . . . . . . . . 10
   5.  Code Point Properties  . . . . . . . . . . . . . . . . . . . . 11
   6.  Category Definitions Used to Calculate Derived Property
       Value  . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
     6.1.  LetterDigits (A) . . . . . . . . . . . . . . . . . . . . . 13
     6.2.  Unstable (B) . . . . . . . . . . . . . . . . . . . . . . . 13
     6.3.  IgnorableProperties (C)  . . . . . . . . . . . . . . . . . 14
     6.4.  IgnorableBlocks (D)  . . . . . . . . . . . . . . . . . . . 14
     6.5.  LDH (E)  . . . . . . . . . . . . . . . . . . . . . . . . . 14
     6.6.  Exceptions (F) . . . . . . . . . . . . . . . . . . . . . . 14
     6.7.  BackwardCompatible (G) . . . . . . . . . . . . . . . . . . 15
     6.8.  JoinControl (H)  . . . . . . . . . . . . . . . . . . . . . 16
     6.9.  OldHangulJamo (I)  . . . . . . . . . . . . . . . . . . . . 16
     6.10. Unassigned (J) . . . . . . . . . . . . . . . . . . . . . . 16
     6.11. ASCII7 (K) . . . . . . . . . . . . . . . . . . . . . . . . 17
     6.12. Controls (L) . . . . . . . . . . . . . . . . . . . . . . . 17
     6.13. PrecisIgnorableProperties (M)  . . . . . . . . . . . . . . 17
     6.14. Spaces (N) . . . . . . . . . . . . . . . . . . . . . . . . 17
     6.15. Symbols (O)  . . . . . . . . . . . . . . . . . . . . . . . 17
     6.16. Punctuation (P)  . . . . . . . . . . . . . . . . . . . . . 18
     6.17. HasCompat (Q)  . . . . . . . . . . . . . . . . . . . . . . 18
   7.  Calculation of the Derived Property  . . . . . . . . . . . . . 18
   8.  Code Points  . . . . . . . . . . . . . . . . . . . . . . . . . 19
   9.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 19
     9.1.  PRECIS Derived Property Value Registry . . . . . . . . . . 19
     9.2.  PRECIS Usage Registry  . . . . . . . . . . . . . . . . . . 20



Blanchet & Saint-Andre     Expires May 2, 2012                  [Page 3]


Internet-Draft              PRECIS Framework                October 2011


   10. Security Considerations  . . . . . . . . . . . . . . . . . . . 20
     10.1. General Issues . . . . . . . . . . . . . . . . . . . . . . 20
     10.2. Local Character Set Issues . . . . . . . . . . . . . . . . 21
     10.3. Visually Similar Characters  . . . . . . . . . . . . . . . 21
     10.4. Security of Passwords and Passphrases  . . . . . . . . . . 23
   11. Interoperability Considerations  . . . . . . . . . . . . . . . 23
   12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 24
   13. Codepoints 0x0000 - 0x10FFFF . . . . . . . . . . . . . . . . . 24
     13.1. Codepoints in Unicode Character Database (UCD) format  . . 24
   14. References . . . . . . . . . . . . . . . . . . . . . . . . . . 24
     14.1. Normative References . . . . . . . . . . . . . . . . . . . 24
     14.2. Informative References . . . . . . . . . . . . . . . . . . 24
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 26






































Blanchet & Saint-Andre     Expires May 2, 2012                  [Page 4]


Internet-Draft              PRECIS Framework                October 2011


1.  Introduction

   A number of IETF application technologies use stringprep [RFC3454] as
   the basis for comparing protocol strings that contain Unicode
   characters or "code points" [UNICODE].  Since the publication of
   [RFC3454] in 2002, the Internet community has gained much more
   experience with internationalization, some of it reflected in
   [RFC4690].  In particular, the IETF's technology for
   internationalized domain names (IDNs) has changed significantly:
   IDNA2003 [RFC3490], which was based on stringprep, has been
   superseded by IDNA2008 ([RFC5890], [RFC5891], [RFC5892], [RFC5893],
   [RFC5894]), which does not use stringprep.  This migration away from
   stringprep for internationalized domain names has prompted other
   "customers" of stringprep to consider new approaches to the
   preparation and comparison of internationalized strings ("PRECIS"),
   as described in [PROBLEM].

   This document proposes a technical framework for a post-stringprep
   approach to the preparation and comparison of internationalized
   strings in application protocols.  The framework is based on several
   principles:

   1.  Define a small set of base string classes appropriate for common
       application protocol constructs such as usernames and free-form
       strings.

   2.  Define each base string class in terms of Unicode code points and
       their properties, specifying whether each code point or character
       category is valid, disallowed, or unassigned.

   3.  Enable application protocols to subclass the base string classes,
       mainly to disallow particular code points that are currently
       disallowed in the relevant application protocol (e.g., characters
       with special or reserved meaning, such as "@" and "/" when used
       as separators within identifiers).

   4.  Leave various mapping operations (e.g., case preservation or
       lowercasing, Unicode normalization, right-to-left characters) as
       the responsibility of application protocols, as was done for
       IDNA2008 via [RFC5895].

   It is expected that this framework will yield the following benefits:

   o  Application protocols will be more version-agile with regard to
      the Unicode database.
   o  Implementers will be able to share code point tables and software
      code across application protocols, most likely by means of
      software libraries.



Blanchet & Saint-Andre     Expires May 2, 2012                  [Page 5]


Internet-Draft              PRECIS Framework                October 2011


   o  End users will be able to acquire more accurate expectations about
      the code points that are acceptable in various contexts.  Given
      this more uniform set of string classes, it is also expected that
      copy/paste operations between software implementing different
      application protocols will be more predictable and coherent.

   Although this framework is similar to IDNA2008 and borrows some of
   the character categories defined in [RFC5892], it defines additional
   string classes and character categories to meet the needs of common
   application protocols.


2.  Terminology

   Many important terms used in this document are defined in [PROBLEM],
   [RFC6365], [RFC5890], and [UNICODE].

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in
   [RFC2119].


3.  String Classes

   IDNA2008 essentially defines a base string class of internationalized
   domain name, although it does not use the term "string class".  (This
   document does not define a string class for domain names, and
   application protocols are strongly encouraged to use IDNA2008 as the
   appropriate method to prepare domain names and hostnames.)

   We propose the following additional base string classes for use in
   application protocols:

   NameClass:  a sequence of letters, numbers, and symbols that is used
      to identify or address a network entity such as a user, an
      account, a venue (e.g., a chatroom), an information source (e.g.,
      a data feed), or a collection of data (e.g., a file).

   FreeClass:  a sequence of letters, numbers, symbols, spaces, and
      other code points that is used for free-form strings, including
      passwords and passphrases as well as display elements such as a
      human-friendly nickname in a chatroom.

   Note: [PROBLEM] mentions a class of "string blobs" containing
   "elements of the protocol that look like strings to users, but that
   are passed around in the protocol unchanged and that cannot be used
   for comparison or other purposes."  It is an open question whether



Blanchet & Saint-Andre     Expires May 2, 2012                  [Page 6]


Internet-Draft              PRECIS Framework                October 2011


   application protocols need to apply preparation and comparison rules
   to such strings.

   The following subsections discuss these string classes in more
   detail, with reference to the dimensions described in Section 3 of
   [PROBLEM].

   Each string class is defined by the following behavioral rules:

   Valid:  defines which code points and character categories are
      treated as valid input to preparation of the string.

   Disallowed:  defines which code points and character categories are
      treated as disallowed during preparation of the string.

   Unassigned:  defines application behavior in the presence of code
      points that are unassigned, i.e. unknown for the version of
      Unicode the application is built upon.

   Directionality:  defines application behavior in the presence of code
      points that have directionality, in particular right-to-left code
      points as defined in the Unicode database (see [UAX9]).

   Casemapping:  defines if case mapping is used for this class, and how
      the mapping is done.

   Normalization:  defines which Unicode normalization form (D, KD, C,
      or KC) is to be applied (see [UAX15]).

   This document defines the valid, disallowed, and unassigned rules.
   Application protocols that use the PRECIS string classes MUST define
   the directionality, casemapping, and normalization rules, as further
   described under Section 9.2.

3.1.  NameClass

   Most application technologies need a special class of strings that
   can be used to refer to, include, or communicate things like
   usernames, file names, data feed names, and chatroom names.  We group
   such things into a bucket called "NameClass" having the following
   features.

3.1.1.  Valid

   o  Letters and numbers, i.e., the LetterDigits ("A") category first
      defined in [RFC5892] and listed here under Section 6.1.





Blanchet & Saint-Andre     Expires May 2, 2012                  [Page 7]


Internet-Draft              PRECIS Framework                October 2011


   o  Code points in the range U+0021 through U+007E, i.e., the ASCII7
      ("K") rule defined under Section 6.11.  These code points are
      valid even if they would otherwise be disallowed according to the
      property-based rules specified in the next section.

3.1.2.  Disallowed

   o  Control characters, i.e., the Controls ("L") category defined
      under Section 6.12.
   o  Space characters, i.e., the Spaces ("N") category defined under
      Section 6.14.
   o  Symbol characters, i.e., the Symbols ("O") category defined under
      Section 6.15.
   o  Punctuation characters, i.e., the Punctuation ("P") category
      defined under Section 6.16.
   o  Any character that has a compatibility equivalent, i.e., the
      HasCompat ("Q") category defined under Section 6.17.  These code
      points are disallowed even if they would otherwise be valid
      according to the property-based rules specified in the previous
      section.

3.1.3.  Unassigned

   Any code points that are not yet assigned in the Unicode character
   set SHALL be considered Unassigned for purposes of the NameClass.

3.1.4.  Directionality

   The directionality rule MUST be specified by each application
   protocol that uses or subclasses the NameClass.

3.1.5.  Case Mapping

   The casemapping rule MUST be specified by each application protocol
   that uses or subclasses the NameClass.

3.1.6.  Normalization

   The normalization form MUST be specified by each application protocol
   that uses or subclasses the NameClass.

   However, in accordance with [RFC5198], normalization form C (NFC) is
   RECOMMENDED.

3.2.  FreeClass

   Some application technologies need a special class of strings that
   can be used in a free-form way (e.g., as a passphrase or a nickname



Blanchet & Saint-Andre     Expires May 2, 2012                  [Page 8]


Internet-Draft              PRECIS Framework                October 2011


   in a chatroom).  We group such things into a bucket called
   "FreeClass" having the following features.

   NOTE: Consult Section 10.4 for relevant security considerations when
   strings conforming to the FreeClass, or a subclass thereof, are used
   as passwords or passphrases.

3.2.1.  Valid

   o  Letters and numbers, i.e., the LetterDigits ("A") category first
      defined in [RFC5892] and listed here under Section 6.1.
   o  Code points in the range U+0021 through U+007E, i.e., the ASCII7
      ("K") rule defined under Section 6.11.
   o  Any character that has a compatibility equivalent, i.e., the
      HasCompat ("Q") category defined under Section 6.17.
   o  Space characters, i.e., the Spaces ("N") category defined under
      Section 6.14.
   o  Symbol characters, i.e., the Symbols ("O") category defined under
      Section 6.15.
   o  Punctuation characters, i.e., the Punctuation ("P") category
      defined under Section 6.16.

3.2.2.  Disallowed

   o  Control characters, i.e., the Controls ("L") category defined
      under Section 6.12.

3.2.3.  Unassigned

   Any code points that are not yet assigned in the Unicode character
   set SHALL be considered Unassigned for purposes of the FreeClass.

3.2.4.  Directionality

   The directionality rule MUST be specified by each application
   protocol that uses or subclasses the FreeClass.

3.2.5.  Case Mapping

   The casemapping rule MUST be specified by each application protocol
   that uses or subclasses the FreeClass.

   In order to maximize entropy, it is NOT RECOMMENDED for application
   protocols to map uppercase and titlecase code points to their
   lowercase equivalents when strings conforming to the FreeClass, or a
   subclass thereof, are used in passwords or passphrases; instead, it
   is RECOMMENDED to preserve the case of all code points contained in
   such strings.



Blanchet & Saint-Andre     Expires May 2, 2012                  [Page 9]


Internet-Draft              PRECIS Framework                October 2011


3.2.6.  Normalization

   The normalization form MUST be specified by each application protocol
   that uses or subclasses the FreeClass.

   However, in accordance with [RFC5198], normalization form C (NFC) is
   RECOMMENDED.


4.  Use of PRECIS String Classes

4.1.  Principles

   This document defines the valid, disallowed, and unassigned rules.
   Application protocols that use the PRECIS string classes MUST define
   the directionality, casemapping, and normalization rules.  Such
   definitions MUST at a minimum specify the following:

   Directionality:  Whether any instance of the class that contains a
      right-to-left code point is to be considered a right-to-left
      string, or whether some other rule is to be applied (e.g., the
      "Bidi Rule" from [RFC5893]).

   Casemapping:  Whether uppercase and titlecase code points are to be
      (a) preserved or (b) mapped to lowercase.

   Normalization:  Which Unicode normalization form (D, KD, C, or KC) is
      to be applied (see [UAX15] for background information); in
      accordance with [RFC5198], NFC is RECOMMENDED.

4.2.  Subclassing

   Application protocols are allowed to subclass the base string classes
   specified in this document.  As the word "subclass" implies, a
   subclass MUST NOT add as valid any code points or character
   categories that are disallowed by the base string class.  However, a
   subclass MAY do either of the following:

   1.  Exclude specific code points that are included in the base string
       class.
   2.  Exclude characters matching certain Unicode properties (e.g.,
       math symbols) that are included in the base string class.

4.3.  Registration

   Application protocols that use the PRECIS string classes MUST
   register with the IANA as described under Section 9.2.  This is
   especially important for protocols that subclass the PRECIS string



Blanchet & Saint-Andre     Expires May 2, 2012                 [Page 10]


Internet-Draft              PRECIS Framework                October 2011


   classes.


5.  Code Point Properties

   In order to implement the string classes described above, this
   document does the following:

   1.  Reviews and classifies the collections of code points in the
       Unicode character set by examining various code point properties.

   2.  Defines an algorithm for determining a derived property value,
       which can vary depending on the string class being used by the
       relevant application protocol.

   This document is not intended to specify precisely how derived
   property values are to be applied in protocol strings.  That
   information should be defined in the protocol specification that uses
   or subclasses a base string class from this document.

   The value of the property is to be interpreted as follows.

   PROTOCOL VALID  Those code points that are allowed to be used in any
      PRECIS string class (NameClass and FreeClass).  Code points with
      this property value are permitted for general use in any string
      class.  The abbreviated term PVALID is used to refer to this value
      in the remainder of this document.

   SPECIFIC CLASS PROTOCOL VALID  Those code points that are allowed to
      be used in specific string classes.  Code points with this
      property value are permitted for use in specific string classes.
      In the remainder of this document, the abbreviated term *_PVALID
      is used, where * = (NAMECLASS | SECRETCLASS | FREECLASS).

   CONTEXTUAL RULE REQUIRED  Some characteristics of the character, such
      as its being invisible in certain contexts or problematic in
      others, require that it not be used in labels unless specific
      other characters or properties are present.  The abbreviated term
      CONTEXT is used to refer to this value in the remainder of this
      document.  There are two subdivisions of CONTEXTUAL RULE REQUIRED,
      the first for Join_controls (called CONTEXTJ) and the second for
      other characters (called CONTEXTO).

   DISALLOWED  Those code points that must not be included in any string
      class.  Code points with this property value are not permitted in
      any string class.





Blanchet & Saint-Andre     Expires May 2, 2012                 [Page 11]


Internet-Draft              PRECIS Framework                October 2011


   SPECIFIC CLASS DISALLOWED  Those code points that are not to be
      included in a specific string class.  Code points with this
      property value are not permitted in one of the string classes but
      might be permitted in others.  In the remainder of this document,
      the abbreviated term *_DISALLOWED is used, where * = (NAMECLASS |
      SECRETCLASS | FREECLASS).

   UNASSIGNED  Those code points that are not designated (i.e. are
      unassigned) in the Unicode Standard.

   The mechanisms described here allow determination of the value of the
   property for future versions of Unicode (including characters added
   after Unicode 5.2 or 6.0 depending on the category, since some
   categories in this document are reused from IDNA2008).  Changes in
   Unicode properties that do not affect the outcome of this process do
   not affect this framework.  For example, a character can have its
   Unicode General_Category value [UNICODE] change from So to Sm, or
   from Lo to Ll, without affecting the algorithm results.  Moreover,
   even if such changes were to result, the BackwardCompatible list
   (Section 6.7) can be adjusted to ensure the stability of the results.

   Some code points need to be allowed in exceptional circumstances, but
   should be excluded in all other cases; these rules are also described
   in other documents.  The most notable of these are the Join Control
   characters, U+200D ZERO WIDTH JOINER and U+200C ZERO WIDTH NON-
   JOINER.  Both of them have the derived property value CONTEXTJ.  A
   character with the derived property value CONTEXTJ or CONTEXTO
   (CONTEXTUAL RULE REQUIRED) is not to be used unless an appropriate
   rule has been established and the context of the character is
   consistent with that rule.  It is invalid to generate a string
   containing these characters unless such a contextual rule is found
   and satisfied.  PRECIS does not define its own contextual rules, but
   instead re-uses the contextual rules defined for IDNA2008; please see
   Appendix A of [RFC5892] for more information.


6.  Category Definitions Used to Calculate Derived Property Value

   The derived property obtains its value based on a two-step procedure:

   1.  Characters are placed in one or more character categories either
       (1) based on core properties defined by the Unicode Standard or
       (2) by treating the code point as an exception and addressing the
       code point as its code point value.  These categories are not
       mutually exclusive.






Blanchet & Saint-Andre     Expires May 2, 2012                 [Page 12]


Internet-Draft              PRECIS Framework                October 2011


   2.  Set operations are used with these categories to determine the
       values for a property that is specific to a given string class.
       These operations are specified under Section 7.

   (NOTE: Unicode property names and property value names might have
   short abbreviations, such as "gc" for the General_Category property
   and "Ll" for the Lowercase_Letter property value of the gc property.)

   In the following specification of character categories, the operation
   that returns the value of a particular Unicode character property for
   a code point is designated by using the formal name of that property
   (from the Unicode PropertyAliases.txt [1]) followed by '(cp)' for
   "code point".  For example, the value of the General_Category
   property for a code point is indicated by General_Category(cp).

   The first ten categories (A-J) shown below were previously defined
   for IDNA2008 and are copied directly from [RFC5892].  Some of these
   categories are reused in PRECIS and some of them are not; however,
   the lettering of categories is retained to prevent overlap and to
   ease implementation of both IDNA2008 and PRECIS in a single software
   application.  The next seven categories (K-Q) are specific to PRECIS.

6.1.  LetterDigits (A)

   NOTE: This category is defined in [RFC5892] and copied here for use
   in PRECIS.

   A: General_Category(cp) is in {Ll, Lu, Lo, Nd, Lm, Mn, Mc}

   These rules identify characters commonly used in mnemonics and often
   informally described as "language characters".

   For more information, see section 4.5 of [UNICODE].

   The categories used in this rule are:
   o  Ll - Lowercase_Letter
   o  Lu - Uppercase_Letter
   o  Lo - Other_Letter
   o  Nd - Decimal_Number
   o  Lm - Modifier_Letter
   o  Mn - Nonspacing_Mark
   o  Mc - Spacing_Mark

6.2.  Unstable (B)

   NOTE: This category is defined in [RFC5892] but not used in PRECIS.





Blanchet & Saint-Andre     Expires May 2, 2012                 [Page 13]


Internet-Draft              PRECIS Framework                October 2011


6.3.  IgnorableProperties (C)

   NOTE: This category is defined in [RFC5892] but not used in PRECIS.
   See the "PrecisIgnorableProperties (M)" category below for a more
   inclusive category used in PRECIS identifiers.

6.4.  IgnorableBlocks (D)

   NOTE: This category is defined in [RFC5892] but not used in PRECIS.

6.5.  LDH (E)

   NOTE: This category is defined in [RFC5892] but not used in PRECIS.
   See the "ASCII7 (K)" category below for a more inclusive category
   used in PRECIS identifiers.

6.6.  Exceptions (F)

   NOTE: This category is defined in [RFC5892] and might be used in a
   future version of this specification.

   F: cp is in {00B7, 00DF, 0375, 03C2, 05F3, 05F4, 0640, 0660,
                0661, 0662, 0663, 0664, 0665, 0666, 0667, 0668,
                0669, 06F0, 06F1, 06F2, 06F3, 06F4, 06F5, 06F6,
                06F7, 06F8, 06F9, 06FD, 06FE, 07FA, 0F0B, 3007,
                302E, 302F, 3031, 3032, 3033, 3034, 3035, 303B,
                30FB}

   This category explicitly lists code points for which the category
   cannot be assigned using only the core property values that exist in
   the Unicode standard.  The values are according to the table below:

   PVALID -- Would otherwise have been DISALLOWED

   00DF; PVALID     # LATIN SMALL LETTER SHARP S
   03C2; PVALID     # GREEK SMALL LETTER FINAL SIGMA
   06FD; PVALID     # ARABIC SIGN SINDHI AMPERSAND
   06FE; PVALID     # ARABIC SIGN SINDHI POSTPOSITION MEN
   0F0B; PVALID     # TIBETAN MARK INTERSYLLABIC TSHEG
   3007; PVALID     # IDEOGRAPHIC NUMBER ZERO

   CONTEXTO -- Would otherwise have been DISALLOWED

   00B7; CONTEXTO   # MIDDLE DOT
   0375; CONTEXTO   # GREEK LOWER NUMERAL SIGN (KERAIA)
   05F3; CONTEXTO   # HEBREW PUNCTUATION GERESH
   05F4; CONTEXTO   # HEBREW PUNCTUATION GERSHAYIM
   30FB; CONTEXTO   # KATAKANA MIDDLE DOT



Blanchet & Saint-Andre     Expires May 2, 2012                 [Page 14]


Internet-Draft              PRECIS Framework                October 2011


   CONTEXTO -- Would otherwise have been PVALID

   0660; CONTEXTO   # ARABIC-INDIC DIGIT ZERO
   0661; CONTEXTO   # ARABIC-INDIC DIGIT ONE
   0662; CONTEXTO   # ARABIC-INDIC DIGIT TWO
   0663; CONTEXTO   # ARABIC-INDIC DIGIT THREE
   0664; CONTEXTO   # ARABIC-INDIC DIGIT FOUR
   0665; CONTEXTO   # ARABIC-INDIC DIGIT FIVE
   0666; CONTEXTO   # ARABIC-INDIC DIGIT SIX
   0667; CONTEXTO   # ARABIC-INDIC DIGIT SEVEN
   0668; CONTEXTO   # ARABIC-INDIC DIGIT EIGHT
   0669; CONTEXTO   # ARABIC-INDIC DIGIT NINE
   06F0; CONTEXTO   # EXTENDED ARABIC-INDIC DIGIT ZERO
   06F1; CONTEXTO   # EXTENDED ARABIC-INDIC DIGIT ONE
   06F2; CONTEXTO   # EXTENDED ARABIC-INDIC DIGIT TWO
   06F3; CONTEXTO   # EXTENDED ARABIC-INDIC DIGIT THREE
   06F4; CONTEXTO   # EXTENDED ARABIC-INDIC DIGIT FOUR
   06F5; CONTEXTO   # EXTENDED ARABIC-INDIC DIGIT FIVE
   06F6; CONTEXTO   # EXTENDED ARABIC-INDIC DIGIT SIX
   06F7; CONTEXTO   # EXTENDED ARABIC-INDIC DIGIT SEVEN
   06F8; CONTEXTO   # EXTENDED ARABIC-INDIC DIGIT EIGHT
   06F9; CONTEXTO   # EXTENDED ARABIC-INDIC DIGIT NINE

   DISALLOWED -- Would otherwise have been PVALID

   0640; DISALLOWED # ARABIC TATWEEL
   07FA; DISALLOWED # NKO LAJANYALAN
   302E; DISALLOWED # HANGUL SINGLE DOT TONE MARK
   302F; DISALLOWED # HANGUL DOUBLE DOT TONE MARK
   3031; DISALLOWED # VERTICAL KANA REPEAT MARK
   3032; DISALLOWED # VERTICAL KANA REPEAT WITH VOICED SOUND MARK
   3033; DISALLOWED # VERTICAL KANA REPEAT MARK UPPER HALF
   3034; DISALLOWED # VERTICAL KANA REPEAT WITH VOICED SOUND MARK
                      UPPER HA
   3035; DISALLOWED # VERTICAL KANA REPEAT MARK LOWER HALF
   303B; DISALLOWED # VERTICAL IDEOGRAPHIC ITERATION MARK

6.7.  BackwardCompatible (G)

   NOTE: This category is defined in [RFC5892] and copied here for use
   in PRECIS.  Because of how the PRECIS string classes are defined,
   only changes that would result in code points being added to or
   removed from the LetterDigits ("A") category would result in
   backward-incompatible modifications to code point assignments.
   Therefore, management of this category is handled via the processes
   specified in [RFC5892].

   G: cp is in {}



Blanchet & Saint-Andre     Expires May 2, 2012                 [Page 15]


Internet-Draft              PRECIS Framework                October 2011


   This category includes the code points for which property values in
   versions of Unicode after 5.2 have changed in such a way that the
   derived property value would no longer be PVALID or DISALLOWED.  If
   changes are made to future versions of Unicode so that code points
   might change property value from PVALID or DISALLOWED, then this
   table can be updated and keep special exception values so that the
   property values for code points stay stable.

6.8.  JoinControl (H)

   NOTE: This category is defined in [RFC5892] and copied here for use
   in PRECIS.

   H: Join_Control(cp) = True

   This category consists of Join Control characters (i.e., they are not
   in LetterDigits (Section 6.1)) but are still required in strings
   under some circumstances.

6.9.  OldHangulJamo (I)

   NOTE: This category is defined in [RFC5892] and copied here for use
   in PRECIS.

   I: Hangul_Syllable_Type(cp) is in {L, V, T}

   This category consists of all conjoining Hangul Jamo (Leading Jamo,
   Vowel Jamo, and Trailing Jamo).

   Elimination of conjoining Hangul Jamos from the set of PVALID
   characters results in restricting the set of Korean PVALID characters
   just to preformed, modern Hangul syllable characters.  Old Hangul
   syllables, which must be spelled with sequences of conjoining Hangul
   Jamos, are not PVALID for string classes.

6.10.  Unassigned (J)

   NOTE: This category is defined in [RFC5892] and copied here for use
   in PRECIS.

   J: General_Category(cp) is in {Cn} and
      Noncharacter_Code_Point(cp) = False

   This category consists of code points in the Unicode character set
   that are not (yet) assigned.  It should be noted that Unicode
   distinguishes between 'unassigned code points' and 'unassigned
   characters'.  The unassigned code points are all but (Cn -
   Noncharacters), while the unassigned *characters* are all but (Cn +



Blanchet & Saint-Andre     Expires May 2, 2012                 [Page 16]


Internet-Draft              PRECIS Framework                October 2011


   Cs).

6.11.  ASCII7 (K)

   This PRECIS-specific category exempts most characters in the ASCII-7
   range from other rules that might be applied during PRECIS
   processing, on the assumption that these code points are in such wide
   use that disallowing them would be counter-productive.

   K: cp is in {0021..007E}

6.12.  Controls (L)

   L: Control(cp) = True

6.13.  PrecisIgnorableProperties (M)

   This PRECIS-specific category is used to group code points that are
   not recommended for use in PRECIS string classes.

   M: Default_Ignorable_Code_Point(cp) = True or
      Noncharacter_Code_Point(cp) = True

   The definition for Default_Ignorable_Code_Point can be found in the
   DerivedCoreProperties.txt [2] file, and at the time of Unicode 6.0 is
   as follows:

     Other_Default_Ignorable_Code_Point
   + Cf (Format characters)
   + Variation_Selector
   - White_Space
   - FFF9..FFFB (Annotation Characters)
   - 0600..0603, 06DD, 070F (exceptional Cf characters
                             that should be visible)

6.14.  Spaces (N)

   This PRECIS-specific category is used to group code points that are
   space characters.

   N: General_Category(cp) is in {Zs}

6.15.  Symbols (O)

   This PRECIS-specific category is used to group code points that are
   symbols.

   O: General_Category(cp) is in {Sc}



Blanchet & Saint-Andre     Expires May 2, 2012                 [Page 17]


Internet-Draft              PRECIS Framework                October 2011


6.16.  Punctuation (P)

   This PRECIS-specific category is used to group code points that are
   punctuation marks.

   P: General_Category(cp) is in {Pi}

6.17.  HasCompat (Q)

   This PRECIS-specific category is used to group code points that have
   compatibility equivalents as explained in Chapter 2 and Chapter 3 of
   [UNICODE].

   Q: toNFKC(cp) != cp

   The toNFKC() operation returns the code point in normalization form
   KC.  For more information, see Section 5 of [UAX15].


7.  Calculation of the Derived Property

   Possible values of the derived property are:

   o  PVALID
   o  NAMECLASS_VALID
   o  SECRETCLASS_VALID
   o  FREECLASS_VALID
   o  CONTEXTJ
   o  CONTEXTO
   o  DISALLOWED
   o  NAMECLASS_DISALLOWED
   o  SECRETCLASS_DISALLOWED
   o  FREECLASS_DISALLOWED
   o  UNASSIGNED

   NOTE: In some instances, the value of the derived property calculated
   depends on the string class (e.g., if an identifier used in an
   application protocol is defined as using or subclassing the PRECIS
   NameClass, then a space character would be assigned to
   NAMECLASS_DISALLOWED).

   The algorithm to calculate the value of the derived property is as
   follows.  (NOTE: Use of the name of a rule (such as "Exception")
   implies the set of code points that the rule defines, whereas the
   same name as a function call (such as "Exception(cp)") implies the
   value that the code point has in the Exceptions table.)





Blanchet & Saint-Andre     Expires May 2, 2012                 [Page 18]


Internet-Draft              PRECIS Framework                October 2011


   If .cp. .in. Exceptions Then Exceptions(cp);
   Else If .cp. .in. BackwardCompatible Then BackwardCompatible(cp);
   Else If .cp. .in. Unassigned Then UNASSIGNED;
   Else If .cp. .in. ASCII7 Then PVALID;
   Else If .cp. .in. JoinControl Then CONTEXTJ;
   Else If .cp. .in. PrecisIgnorableProperties Then DISALLOWED;
   Else If .cp. .in. Controls Then DISALLOWED;
   Else If .cp. .in. OldHangulJamo Then DISALLOWED;
   Else If .cp. .in. LetterDigits Then PVALID;
   Else If .cp. .in. Spaces Then NAMECLASS_DISALLOWED
                     or SECRETCLASS_DISALLOWED
                     or FREECLASS_VALID;
   Else If .cp. .in. Symbols Then NAMECLASS_DISALLOWED
                     or SECRETCLASS_DISALLOWED
                     or FREECLASS_VALID;
   Else If .cp. .in. Punctuation Then NAMECLASS_DISALLOWED
                     or SECRETCLASS_DISALLOWED
                     or FREECLASS_VALID;
   Else If .cp. .in. HasCompat Then NAMECLASS_DISALLOWED
                     or SECRETCLASS_VALID
                     or FREECLASS_VALID;
   Else DISALLOWED;


8.  Code Points

   The Categories and Rules defined in Section 6 and Section 7 apply to
   all Unicode code points.  The table in Section 13 shows, for
   illustrative purposes, the consequences of the categories and
   classification rules, and the resulting property values.

   The list of code points that can be found in Section 13 is non-
   normative.  Instead, the rules defined by Section 6 and Section 7 are
   normative, and any tables are derived from the rules.


9.  IANA Considerations

9.1.  PRECIS Derived Property Value Registry

   IANA is requested to create a PRECIS-specific registry with the
   Derived Properties for the versions of Unicode that are released
   after (and including) version 6.0.  The derived property value is to
   be calculated in cooperation with a designated expert [RFC5226]
   according to the specifications in Section 6 and Section 7, and not
   by copying the non-normative table found in Section 13.

   If during this process (creation of the table of derived property



Blanchet & Saint-Andre     Expires May 2, 2012                 [Page 19]


Internet-Draft              PRECIS Framework                October 2011


   values) followed by a designated expert review, either backward-
   incompatible changes to the table of derived properties are
   discovered, or otherwise problems during the creation of the table
   arises, that is to be flagged to the IESG.  Changes to the rules (as
   specified in Section 6 and Section 7) require IETF Review, as
   described in [RFC5226].

9.2.  PRECIS Usage Registry

   IANA is requested to create a registry of application protocols that
   use the base string classes.  The registry will include one entry for
   each use (e.g., if a protocol uses both the NameClass and the
   FreeClass then the specification for that protocol would submit two
   registrations).  In accordance with [RFC5226], the registration
   policy is "First Come First Served".

   The registration template is as follows:

   Application Protocol:  [the application protocol that is using or
      subclassing the PRECIS string class]
   Base Class:  [which base class is being used]
   Subclassing:  [whether the base class is being subclassed and, if so,
      where documentation of the subclassing can be found]
   Directionality:  [the behavioral rule for handling of right-to-left
      code points]
   Casemapping:  [the behavioral rule for handling of case]
   Normalization:  [which Unicode normalization form is applied]
   Specification:  [a pointer to relevant documentation, such as an RFC
      or Internet-Draft]


10.  Security Considerations

10.1.  General Issues

   The security of applications that use this framework can depend in
   part on the proper preparation and comparison of internationalized
   strings.  For example, such strings can be used to make
   authentication and authorization decisions, and the security of an
   application could be compromised if an entity providing a given
   string is connected to the wrong account or online resource based on
   different interpretations of the string.

   Specifications of application protocols that use this framework are
   encouraged to describe how internationalized strings are used in the
   protocol, including the security implications of any false positives
   and false negatives that might result from various comparison
   operations.  For some helpful guidelines, refer to [IDENTIFIER],



Blanchet & Saint-Andre     Expires May 2, 2012                 [Page 20]


Internet-Draft              PRECIS Framework                October 2011


   [RFC5890], [UTR36], and [UTR39].

10.2.  Local Character Set Issues

   When systems use local character sets other than ASCII and Unicode,
   these specifications leave the problem of converting between the
   local character set and Unicode up to the application or local
   system.  If different applications (or different versions of one
   application) implement different rules for conversions among coded
   character sets, they could interpret the same name differently and
   contact different application servers or other network entities.
   This problem is not solved by security protocols, such as Transport
   Layer Security (TLS) [RFC5246] and the Simple Authentication and
   Security Layer (SASL) [RFC4422], that do not take local character
   sets into account.

10.3.  Visually Similar Characters

   Some characters are visually similar and thus can cause confusion
   among humans.  Such characters are often called "confusable
   characters" or "confusables".

   The problem of confusable characters is not necessarily caused by the
   use of Unicode code points outside the US-ASCII range.  For example,
   in some presentations and to some individuals the string "ju1iet"
   (spelled with the Arabic numeral one as the third character) might
   appear to be the same as "juliet" (spelled with the lowercase version
   of the letter "L"), especially on casual visual inspection.  This
   phenomenon is sometimes called "typejacking".

   However, the problem is made more serious by introducing the full
   range of Unicode code points into protocol strings.  For example, the
   characters U+13DA U+13A2 U+13B5 U+13AC U+13A2 U+13AC U+13D2 from the
   Cherokee block look similar to the US-ASCII characters "STPETER" as
   they might look when presented in a "creative" font.

   In some examples of confusable characters, it is unlikely that the
   average human could tell the difference between the real string and
   the fake string.  (Indeed, there is no programmatic way to
   distinguish with full certainty which is the fake string and which is
   the real string; in some contexts, the string formed of Cherokee
   characters might be the real string and the string formed of US-ASCII
   characters might be the fake string.)  Because PRECIS-compliant
   strings can contain almost any properly encoded Unicode code point,
   it can be relatively easy to fake or mimic some strings in systems
   that use the PRECIS framework.  The fact that some strings are easily
   confused introduces security vulnerabilities of the kind that have
   also plagued the World Wide Web, specifically the phenomenon known as



Blanchet & Saint-Andre     Expires May 2, 2012                 [Page 21]


Internet-Draft              PRECIS Framework                October 2011


   phishing.

   Despite the fact that some specific suggestions about identification
   and handling of confusable characters appear in the Unicode Security
   Considerations [UTR36], it is also true (as noted in [RFC5890]) that
   "there are no comprehensive technical solutions to the problems of
   confusable characters".  Because it is impossible to map visually
   similar characters without a great deal of context (such as knowing
   the fonts used), the PRECIS framework does nothing to map similar-
   looking characters together, nor does it prohibit some characters
   because they look like others.

   However, specifications for application protocols that use this
   framework MUST describe how confusable characters can be used to
   compromise the security of systems that use the protocol in question,
   and any protocol-specific suggestions for overcoming those threats.
   In particular, software implementations and service deployments that
   use PRECIS-based technologies are strongly encouraged to define and
   implement consistent policies regarding the registration, storage,
   and presentation of visually similar characters.  The following
   recommendations are appropriate:

   1.  An application service SHOULD define a policy that specifies the
       scripts or blocks of characters that the service will allow to be
       registered (e.g., in an account name) or stored (e.g., in a file
       name).  Such a policy SHOULD be informed by the languages and
       scripts that are used to write registered account names; in
       particular, to reduce confusion, the service SHOULD forbid
       registration or storage of stings that contain characters from
       more than one script and to restrict registrations to characters
       drawn from a very small number of scripts (e.g., scripts that are
       well-understood by the administrators of the service, to improve
       manageability).

   2.  User-oriented application software SHOULD define a policy that
       specifies how internationalized strings will be presented to a
       human user.  Because every human user of such software has a
       preferred language or a small set of preferred languages, the
       software SHOULD gather that information either explicitly from
       the user or implicitly via the operating system of the user's
       device.  Furthermore, because most languages are typically
       represented by a single script or a small set of scripts, and
       because and most scripts are typically contained in one or more
       blocks of characters, the software SHOULD warn the user when
       presenting a string that mixes characters from more than one
       script or block, or that uses characters outside the normal range
       of the user's preferred language(s).  (Such a recommendation is
       not intended to discourage communication across different



Blanchet & Saint-Andre     Expires May 2, 2012                 [Page 22]


Internet-Draft              PRECIS Framework                October 2011


       communities of language users; instead, it recognizes the
       existence of such communities and encourages due caution when
       presenting unfamiliar scripts or characters to human users.)

10.4.  Security of Passwords and Passphrases

   One goal of passwords and passphrases is to maximize the amount of
   entropy, for example by allowing a wide range of code points and by
   ensuring that secrets are not prepared in such a way that code points
   are compared aggressively.  Therefore, it is NOT RECOMMENDED for
   application protocols to subclass the FreeClass for use in passwords
   and passphrases in a way that removes entire categories (e.g., by
   disallowing symbols or punctuation).  Furthermore, it is NOT
   RECOMMENDED for application protocols to map uppercase and titlecase
   code points to their lowercase equivalents in such strings; instead,
   it is RECOMMENDED to preserve the case of all code points contained
   in such strings.

   That said, software implementers need to be aware that there exist
   tradeoffs between entropy and usability.  For example, allowing a
   user to establish a password containing "uncommon" code points might
   make it difficult for the user to access an application when using an
   unfamiliar or constrained input device.

   Some application protocols use passwords and passphrases directly,
   whereas others reuse technologies that themselves process passwords
   (one example is the Simple Authentication and Security Layer
   [RFC4422]).  Moreover, passwords are often carried by a sequence of
   protocols with backends authentication systems or data storage
   systems such as RADIUS [RFC2865] and LDAP [RFC4510].  Developers of
   application protocols are encouraged to look into reusing these
   profiles instead of defining new ones, so that end-user expectations
   about passwords are consistent no matter which application protocol
   is used.


11.  Interoperability Considerations

   Although strings that are consumed in PRECIS-based application
   protocols are often encoded using UTF-8 [RFC3629], the exact encoding
   is a matter for the using protocol, not the PRECIS framework.

   It is known that some existing systems are unable to support the full
   Unicode character set, or even any characters outside the US-ASCII
   range.  If two (or more) applications need to interoperate when
   exchanging data (e.g., for the purpose of authenticating a username
   or password), they will naturally need have in common at least one
   coded character set (as defined by [RFC6365]).  Establishing such a



Blanchet & Saint-Andre     Expires May 2, 2012                 [Page 23]


Internet-Draft              PRECIS Framework                October 2011


   baseline is a matter for the using protocol, not the PRECIS
   framework.


12.  Acknowledgements

   The authors would like to acknowledge the comments and contributions
   of the following individuals: David Black, Mark Davis, Alan DeKok,
   Martin Duerst, Patrik Faltstrom, Ted Hardie, Joe Hildebrand, Paul
   Hoffman, Jeffrey Hutzelman, Simon Josefsson, John Klensin, Alexey
   Melnikov, Yoav Nir, Mike Parker, Pete Resnick, Andrew Sullivan, Dave
   Thaler, and Yoshiro Yoneya.

   Some algorithms and textual descriptions have been borrowed from
   [RFC5892].  Some text regarding security has been borrowed from
   [RFC5890] and [XMPP-ADDR].


13.  Codepoints 0x0000 - 0x10FFFF

   To follow.

13.1.  Codepoints in Unicode Character Database (UCD) format

   To follow.


14.  References

14.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC5198]  Klensin, J. and M. Padlipsky, "Unicode Format for Network
              Interchange", RFC 5198, March 2008.

   [UNICODE]  The Unicode Consortium, "The Unicode Standard, Version
              6.0", 2010,
              <http://www.unicode.org/versions/Unicode6.0.0/>.

14.2.  Informative References

   [IDENTIFIER]
              Thaler, D., "Issues in Identifier Comparison for Security
              Purposes", draft-iab-identifier-comparison-00 (work in
              progress), July 2011.




Blanchet & Saint-Andre     Expires May 2, 2012                 [Page 24]


Internet-Draft              PRECIS Framework                October 2011


   [PROBLEM]  Blanchet, M. and A. Sullivan, "Stringprep Revision Problem
              Statement", draft-ietf-precis-problem-statement-03 (work
              in progress), July 2011.

   [RFC2865]  Rigney, C., Willens, S., Rubens, A., and W. Simpson,
              "Remote Authentication Dial In User Service (RADIUS)",
              RFC 2865, June 2000.

   [RFC3454]  Hoffman, P. and M. Blanchet, "Preparation of
              Internationalized Strings ("stringprep")", RFC 3454,
              December 2002.

   [RFC3490]  Faltstrom, P., Hoffman, P., and A. Costello,
              "Internationalizing Domain Names in Applications (IDNA)",
              RFC 3490, March 2003.

   [RFC3629]  Yergeau, F., "UTF-8, a transformation format of ISO
              10646", STD 63, RFC 3629, November 2003.

   [RFC4422]  Melnikov, A. and K. Zeilenga, "Simple Authentication and
              Security Layer (SASL)", RFC 4422, June 2006.

   [RFC4510]  Zeilenga, K., "Lightweight Directory Access Protocol
              (LDAP): Technical Specification Road Map", RFC 4510,
              June 2006.

   [RFC4690]  Klensin, J., Faltstrom, P., Karp, C., and IAB, "Review and
              Recommendations for Internationalized Domain Names
              (IDNs)", RFC 4690, September 2006.

   [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
              IANA Considerations Section in RFCs", BCP 26, RFC 5226,
              May 2008.

   [RFC5246]  Dierks, T. and E. Rescorla, "The Transport Layer Security
              (TLS) Protocol Version 1.2", RFC 5246, August 2008.

   [RFC5890]  Klensin, J., "Internationalized Domain Names for
              Applications (IDNA): Definitions and Document Framework",
              RFC 5890, August 2010.

   [RFC5891]  Klensin, J., "Internationalized Domain Names in
              Applications (IDNA): Protocol", RFC 5891, August 2010.

   [RFC5892]  Faltstrom, P., "The Unicode Code Points and
              Internationalized Domain Names for Applications (IDNA)",
              RFC 5892, August 2010.




Blanchet & Saint-Andre     Expires May 2, 2012                 [Page 25]


Internet-Draft              PRECIS Framework                October 2011


   [RFC5893]  Alvestrand, H. and C. Karp, "Right-to-Left Scripts for
              Internationalized Domain Names for Applications (IDNA)",
              RFC 5893, August 2010.

   [RFC5894]  Klensin, J., "Internationalized Domain Names for
              Applications (IDNA): Background, Explanation, and
              Rationale", RFC 5894, August 2010.

   [RFC5895]  Resnick, P. and P. Hoffman, "Mapping Characters for
              Internationalized Domain Names in Applications (IDNA)
              2008", RFC 5895, September 2010.

   [RFC6365]  Hoffman, P. and J. Klensin, "Terminology Used in
              Internationalization in the IETF", BCP 166, RFC 6365,
              September 2011.

   [UAX15]    The Unicode Consortium, "Unicode Standard Annex #15:
              Unicode Normalization Forms", September 2010,
              <http://unicode.org/reports/tr15/>.

   [UAX9]     The Unicode Consortium, "Unicode Standard Annex #9:
              Unicode Bidirectional Algorithm", September 2010,
              <http://unicode.org/reports/tr9/>.

   [UTR36]    The Unicode Consortium, "Unicode Technical Report #36:
              Unicode Security Considerations", August 2010,
              <http://unicode.org/reports/tr36/>.

   [UTR39]    The Unicode Consortium, "Unicode Technical Report #39:
              Unicode Security Mechanisms", August 2010,
              <http://unicode.org/reports/tr39/>.

   [XMPP-ADDR]
              Saint-Andre, P., "Extensible Messaging and Presence
              Protocol (XMPP): Address Format",
              draft-saintandre-xmpp-6122bis-02 (work in progress),
              August 2011.

URIs

   [1]  <http://unicode.org/Public/UNIDATA/PropertyAliases.txt>

   [2]  <http://unicode.org/Public/UNIDATA/DerivedCoreProperties.txt>








Blanchet & Saint-Andre     Expires May 2, 2012                 [Page 26]


Internet-Draft              PRECIS Framework                October 2011


Authors' Addresses

   Marc Blanchet
   Viagenie
   2600 boul. Laurier, suite 625
   Quebec, QC  G1V 4W1
   Canada

   Email: Marc.Blanchet@viagenie.ca
   URI:   http://www.viagenie.ca/


   Peter Saint-Andre
   Cisco
   1899 Wyknoop Street, Suite 600
   Denver, CO  80202
   USA

   Phone: +1-303-308-3282
   Email: psaintan@cisco.com































Blanchet & Saint-Andre     Expires May 2, 2012                 [Page 27]


Html markup produced by rfcmarkup 1.129d, available from https://tools.ietf.org/tools/rfcmarkup/