draft-ietf-idn-nameprep-09.txt   draft-ietf-idn-nameprep-10.txt 
Internet Draft Paul Hoffman Internet Draft Paul Hoffman
draft-ietf-idn-nameprep-09.txt IMC & VPNC draft-ietf-idn-nameprep-10.txt IMC & VPNC
April 30, 2002 Marc Blanchet May 17, 2002 Marc Blanchet
Expires in six months ViaGenie Expires in six months ViaGenie
Nameprep: A Stringprep Profile for Internationalized Domain Names Nameprep: A Stringprep Profile for Internationalized Domain Names
Status of this memo Status of this memo
This document is an Internet-Draft and is in full conformance with all This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026. provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Task Internet-Drafts are working documents of the Internet Engineering Task
skipping to change at line 36 skipping to change at line 36
This document describes how to prepare internationalized domain name This document describes how to prepare internationalized domain name
labels in order to increase the likelihood that name input and name labels in order to increase the likelihood that name input and name
comparison work in ways that make sense for typical users throughout the comparison work in ways that make sense for typical users throughout the
world. This profile of the stringprep protocol is used as part of a world. This profile of the stringprep protocol is used as part of a
suite of on-the-wire protocols for internationalizing the DNS. suite of on-the-wire protocols for internationalizing the DNS.
1. Introduction 1. Introduction
This document specifies processing rules that will allow users to enter This document specifies processing rules that will allow users to enter
internationalized domain name labels in applications and have the highest internationalized domain names in applications and have the highest
chance of getting the content of the strings correct. It is a profile of chance of getting the content of the strings correct. It is a profile of
stringprep [STRINGPREP]. These processing rules are only intended for stringprep [STRINGPREP]. These processing rules are only intended for
internationalized domain names, not for arbitrary text. internationalized domain names, not for arbitrary text.
This profile defines the following, as required by [STRINGPREP] This profile defines the following, as required by [STRINGPREP]
- The intended applicability of the profile: internationalized - The intended applicability of the profile: internationalized
domain name labels domain names processed by IDNA
- The character repertoire that is the input and output to stringprep: - The character repertoire that is the input and output to stringprep:
Unicode 3.1, specified in Section 2 Unicode 3.1, specified in Section 2
- The mappings used: specified in Section 3 - The mappings used: specified in Section 3
- The Unicode normalization used: specified in Section 4 - The Unicode normalization used: specified in Section 4
- The characters that are prohibited as output: specified in section 5 - The characters that are prohibited as output: specified in section 5
1.1 Interaction of protocol parts 1.1 Interaction of protocol parts
Nameprep is used by the IDNA [IDNA] protocol for preparing domain names; Nameprep is used by the IDNA [IDNA] protocol for preparing domain names;
it is not designed for any other purpose. It is explicitly not designed it is not designed for any other purpose. It is explicitly not designed
for processing arbitrary free text and SHOULD NOT be used for that for processing arbitrary free text and SHOULD NOT be used for that
purpose. Nameprep is a profile of Stringprep [STRINGPREP]. purpose. Nameprep is a profile of Stringprep [STRINGPREP].
Implementations of Nameprep MUST fully implement Stringprep. Implementations of Nameprep MUST fully implement Stringprep.
Nameprep is used to process domain name labels, not domain names. IDNA
calls nameprep for each label in a domain name, not for the whole domain
name.
1.2 Terminology 1.2 Terminology
The key words "MUST", "SHOULD", and "MAY" in this document are to be The key words "MUST", "MUST NOT", "SHOULD", "SHOULD NOT", and
interpreted as described in RFC 2119 [RFC2119]. "MAY" in this document are to be interpreted as described in RFC 2119
[RFC2119].
2. Character Repertoire 2. Character Repertoire
This profile uses Unicode 3.1, as defined in [STRINGPREP] Appendix This profile uses Unicode 3.1, as defined in [STRINGPREP] Appendix
A.1. A.1.
3. Mapping 3. Mapping
This profile specifies mapping using the following tables from This profile specifies mapping using the following tables from
[STRINGPREP]: [STRINGPREP]:
skipping to change at line 109 skipping to change at line 114
IMPORTANT NOTE: This profile MUST be used with the IDNA protocol. The IMPORTANT NOTE: This profile MUST be used with the IDNA protocol. The
IDNA protocol has additional prohibitions that are checked outside of IDNA protocol has additional prohibitions that are checked outside of
this profile. this profile.
In addition, this profile adds the prohibitions. Thus, the full set of In addition, this profile adds the prohibitions. Thus, the full set of
prohibited characters are those from the tables above plus those listed prohibited characters are those from the tables above plus those listed
individually below. individually below.
5.1 Inappropriate characters from common input mechanisms 5.1 Inappropriate characters from common input mechanisms
U+3002 is used as if it were U+002E in many domain name input mechanisms, U+3002 is used as if it were U+002E in many domain name input mechanisms
particularly in Asia. This prohibition allows input mechanisms to safely used by applications, particularly in Asia. Thus, U+3002 is prohibited
map U+3002 to U+002E before doing stringprep without worrying about in domain names by this specification.
preventing users from accessing legitimate domain name labels.
3002; IDEOGRAPHIC FULL STOP 3002; IDEOGRAPHIC FULL STOP
6. Unassigned Code Points in Internationalized Domain Names 6. Unassigned Code Points in Internationalized Domain Names
This profile allows unassigned code points in DNS requests but not If the processing in [IDNA] specifies that a list of unassigned code
in stored domain names. It uses [STRINGPREP] table A.1 as its list points be used, the system uses table A.1 from [STRINGPREP] as its list
of unassigned code points. of unassigned code points.
7. Security Considerations 7. References
7.1 Normative references
[IDNA] Patrik Faltstrom, Paul Hoffman, and Adam M. Costello,
"Internationalizing Domain Names in Applications (IDNA)",
draft-ietf-idn-idna, work-in-progress.
[STRINGPREP] Paul Hoffman and Marc Blanchet, "Preparation of
Internationalized Strings ("stringprep")", draft-hoffman-stringprep,
work in progress.
7.2 Informative references
[RFC2119] Scott Bradner, "Key words for use in RFCs to Indicate
Requirement Levels", March 1997, RFC 2119.
[STD13] Paul Mockapetris, "Domain names - concepts and facilities" (RFC
1034) and "Domain names - implementation and specification" (RFC 1035,
STD 13, November 1987.
8. Security Considerations
The Unicode and ISO/IEC 10646 repertoires have many characters that look The Unicode and ISO/IEC 10646 repertoires have many characters that look
similar. In many cases, users of security protocols might do visual similar. In many cases, users of security protocols might do visual
matching, such as when comparing the names of trusted third parties. matching, such as when comparing the names of trusted third parties.
This profile does nothing to map similar-looking characters together nor Because it is impossible to map similar-looking characters without a
great deal of context such as knowing the fonts used,
stringprep does nothing to map similar-looking characters together nor
to prohibit some characters because they look like others. to prohibit some characters because they look like others.
Security on the Internet partly relies on the DNS. Thus, any change Security on the Internet partly relies on the DNS. Thus, any change
to the characteristics of the DNS can change the security of much of the to the characteristics of the DNS can change the security of much of the
Internet. Internet.
Domain names are used by users to connect to Internet servers. The Domain names are used by users to connect to Internet servers. The
security of the Internet would be compromised if a user entering a security of the Internet would be compromised if a user entering a
single internationalized name could be connected to different servers single internationalized name could be connected to different servers
based on different interpretations of the internationalized domain name. based on different interpretations of the internationalized domain name.
Current applications might assume that the characters allowed in domain Current applications might assume that the characters allowed in domain
names will always be the same as they are in [STD13]. This document names will always be the same as they are in [STD13]. This document
vastly increases the number of characters available in domain names. vastly increases the number of characters available in domain names.
Every program that uses "special" characters in conjunction with domain Every program that uses "special" characters in conjunction with domain
names may be vulnerable to attack based on the new characters allowed by names may be vulnerable to attack based on the new characters allowed by
this specification. this specification.
8. References 9. IANA Considerations
[IDNA] Patrik Faltstrom, Paul Hoffman, and Adam M. Costello,
"Internationalizing Domain Names in Applications (IDNA)",
draft-ietf-idn-idna, work-in-progress.
[RFC2119] Scott Bradner, "Key words for use in RFCs to Indicate
Requirement Levels", March 1997, RFC 2119.
[STD13] Paul Mockapetris, "Domain names - concepts and facilities" (RFC
1034) and "Domain names - implementation and specification" (RFC 1035,
STD 13, November 1987.
[STRINGPREP] Paul Hoffman and Marc Blanchet, "Preparation of This is a profile of stringprep. When it becomes an RFC, it should be
Internationalized Strings ("stringprep")", draft-hoffman-stringprep, registered in the stringprep profile registry.
work in progress.
A. Acknowledgements 10. Acknowledgements
Many people from the IETF IDN Working Group and the Unicode Technical Many people from the IETF IDN Working Group and the Unicode Technical
Committee contributed ideas that went into the first draft of this Committee contributed ideas that went into the first draft of this
document. document.
The IDN namprep design team made many useful changes to the first The IDN namprep design team made many useful changes to the first
draft. That team and its advisors include: draft. That team and its advisors include:
Asmus Freytag Asmus Freytag
Cathy Wissink Cathy Wissink
skipping to change at line 188 skipping to change at line 203
Martin Duerst Martin Duerst
Patrik Faltstrom Patrik Faltstrom
Paul Hoffman Paul Hoffman
Additional significant improvements were proposed by: Additional significant improvements were proposed by:
Jonathan Rosenne Jonathan Rosenne
Kent Karlsson Kent Karlsson
Scott Hollenbeck Scott Hollenbeck
Dave Crocker Dave Crocker
Erik Nordmark
B. IANA Considerations 11. Author Contact Information
This is a profile of stringprep. When it becomes an RFC, it should be
registered in the stringprep profile registry.
C. Author Contact Information
Paul Hoffman Paul Hoffman
Internet Mail Consortium and VPN Consortium Internet Mail Consortium and VPN Consortium
127 Segre Place 127 Segre Place
Santa Cruz, CA 95060 USA Santa Cruz, CA 95060 USA
paul.hoffman@imc.org and paul.hoffman@vpnc.org paul.hoffman@imc.org and paul.hoffman@vpnc.org
Marc Blanchet Marc Blanchet
Viagenie inc. Viagenie inc.
2875 boul. Laurier, bur. 300 2875 boul. Laurier, bur. 300
 End of changes. 14 change blocks. 
36 lines changed or deleted 47 lines changed or added

This html diff was produced by rfcdiff 1.33. The latest version is available from http://tools.ietf.org/tools/rfcdiff/