idnits 2.17.00 (12 Aug 2021)
/tmp/idnits61141/draft-ietf-idnabis-protocol-16.txt:
Checking boilerplate required by RFC 5378 and the IETF Trust (see
https://trustee.ietf.org/license-info):
----------------------------------------------------------------------------
** The document seems to lack a License Notice according IETF Trust
Provisions of 28 Dec 2009, Section 6.b.i or Provisions of 12 Sep 2009
Section 6.b -- however, there's a paragraph with a matching beginning.
Boilerplate error?
(You're using the IETF Trust Provisions' Section 6.b License Notice from
12 Feb 2009 rather than one of the newer Notices. See
https://trustee.ietf.org/license-info/.)
Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/checklist :
----------------------------------------------------------------------------
== There are 2 instances of lines with non-RFC6890-compliant IPv4 addresses
in the document. If these are example addresses, they should be changed.
-- The draft header indicates that this document obsoletes RFC3490, but the
abstract doesn't seem to mention this, which it should.
-- The draft header indicates that this document updates RFC3492, but the
abstract doesn't seem to mention this, which it should.
Miscellaneous warnings:
----------------------------------------------------------------------------
== The copyright year in the IETF Trust and authors Copyright Line does not
match the current year
(Using the creation date from RFC3492, updated by this document, for
RFC5378 checks: 2002-01-10)
-- The document seems to contain a disclaimer for pre-RFC5378 work, and may
have content which was first submitted before 10 November 2008. The
disclaimer is necessary when there are original authors that you have
been unable to contact, or if some do not wish to grant the BCP78 rights
to the IETF Trust. If you are able to get all authors (current and
original) to grant those rights, you can and should remove the
disclaimer; otherwise, the disclaimer is needed and you can ignore this
comment. (See the Legal Provisions document at
https://trustee.ietf.org/license-info for more information.)
-- The document date (September 13, 2009) is 4632 days in the past. Is
this intentional?
Checking references for intended status: Proposed Standard
----------------------------------------------------------------------------
(See RFCs 3967 and 4897 for information about using normative references
to lower-maturity documents in RFCs)
== Unused Reference: 'RFC1123' is defined on line 626, but no explicit
reference was found in the text
== Unused Reference: 'Unicode-PropertyValueAliases' is defined on line 636,
but no explicit reference was found in the text
== Unused Reference: 'Unicode-RegEx' is defined on line 641, but no
explicit reference was found in the text
== Unused Reference: 'Unicode-Scripts' is defined on line 646, but no
explicit reference was found in the text
== Unused Reference: 'ASCII' is defined on line 658, but no explicit
reference was found in the text
== Unused Reference: 'RFC2136' is defined on line 677, but no explicit
reference was found in the text
== Unused Reference: 'RFC2181' is defined on line 681, but no explicit
reference was found in the text
== Unused Reference: 'RFC2535' is defined on line 684, but no explicit
reference was found in the text
== Unused Reference: 'RFC3491' is defined on line 694, but no explicit
reference was found in the text
-- Possible downref: Non-RFC (?) normative reference: ref. 'IDNA2008-BIDI'
== Outdated reference: draft-ietf-idnabis-defs has been published as RFC
5890
== Outdated reference: draft-ietf-idnabis-tables has been published as RFC
5892
-- Possible downref: Non-RFC (?) normative reference: ref.
'Unicode-PropertyValueAliases'
-- Possible downref: Non-RFC (?) normative reference: ref. 'Unicode-RegEx'
-- Possible downref: Non-RFC (?) normative reference: ref. 'Unicode-Scripts'
-- Possible downref: Non-RFC (?) normative reference: ref. 'Unicode-UAX15'
-- No information found for draft-ietf-idnabis-mapping - is the name
correct?
== Outdated reference: draft-ietf-idnabis-rationale has been published as
RFC 5894
-- Obsolete informational reference (is this intentional?): RFC 2535
(Obsoleted by RFC 4033, RFC 4034, RFC 4035)
-- Obsolete informational reference (is this intentional?): RFC 2671
(Obsoleted by RFC 6891)
-- Obsolete informational reference (is this intentional?): RFC 3490
(Obsoleted by RFC 5890, RFC 5891)
-- Obsolete informational reference (is this intentional?): RFC 3491
(Obsoleted by RFC 5891)
-- Obsolete informational reference (is this intentional?): RFC 4952
(Obsoleted by RFC 6530)
Summary: 1 error (**), 0 flaws (~~), 14 warnings (==), 15 comments (--).
Run idnits with the --verbose option for more detailed information about
the items above.
--------------------------------------------------------------------------------
2 Network Working Group J. Klensin
3 Internet-Draft September 13, 2009
4 Obsoletes: 3490, 3491
5 (if approved)
6 Updates: 3492 (if approved)
7 Intended status: Standards Track
8 Expires: March 17, 2010
10 Internationalized Domain Names in Applications (IDNA): Protocol
11 draft-ietf-idnabis-protocol-16.txt
13 Status of this Memo
15 This Internet-Draft is submitted to IETF in full conformance with the
16 provisions of BCP 78 and BCP 79. This document may contain material
17 from IETF Documents or IETF Contributions published or made publicly
18 available before November 10, 2008. The person(s) controlling the
19 copyright in some of this material may not have granted the IETF
20 Trust the right to allow modifications of such material outside the
21 IETF Standards Process. Without obtaining an adequate license from
22 the person(s) controlling the copyright in such materials, this
23 document may not be modified outside the IETF Standards Process, and
24 derivative works of it may not be created outside the IETF Standards
25 Process, except to format it for publication as an RFC or to
26 translate it into languages other than English.
28 Internet-Drafts are working documents of the Internet Engineering
29 Task Force (IETF), its areas, and its working groups. Note that
30 other groups may also distribute working documents as Internet-
31 Drafts.
33 Internet-Drafts are draft documents valid for a maximum of six months
34 and may be updated, replaced, or obsoleted by other documents at any
35 time. It is inappropriate to use Internet-Drafts as reference
36 material or to cite them other than as "work in progress."
38 The list of current Internet-Drafts can be accessed at
39 http://www.ietf.org/ietf/1id-abstracts.txt.
41 The list of Internet-Draft Shadow Directories can be accessed at
42 http://www.ietf.org/shadow.html.
44 This Internet-Draft will expire on March 17, 2010.
46 Copyright Notice
48 Copyright (c) 2009 IETF Trust and the persons identified as the
49 document authors. All rights reserved.
51 This document is subject to BCP 78 and the IETF Trust's Legal
52 Provisions Relating to IETF Documents in effect on the date of
53 publication of this document (http://trustee.ietf.org/license-info).
54 Please review these documents carefully, as they describe your rights
55 and restrictions with respect to this document.
57 Abstract
59 This document is the revised protocol definition for
60 internationalized domain names (IDNs). The rationale for changes,
61 the relationship to the older specification, and important
62 terminology are provided in other documents. This document specifies
63 the protocol mechanism, called Internationalized Domain Names in
64 Applications (IDNA), for registering and looking up IDNs in a way
65 that does not require changes to the DNS itself. IDNA is only meant
66 for processing domain names, not free text.
68 Table of Contents
70 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5
71 1.1. Discussion Forum . . . . . . . . . . . . . . . . . . . . . 5
72 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
73 3. Requirements and Applicability . . . . . . . . . . . . . . . . 6
74 3.1. Requirements . . . . . . . . . . . . . . . . . . . . . . . 6
75 3.2. Applicability . . . . . . . . . . . . . . . . . . . . . . 6
76 3.2.1. DNS Resource Records . . . . . . . . . . . . . . . . . 7
77 3.2.2. Non-domain-name Data Types Stored in the DNS . . . . . 7
78 4. Registration Protocol . . . . . . . . . . . . . . . . . . . . 7
79 4.1. Input to IDNA Registration . . . . . . . . . . . . . . . . 8
80 4.2. Permitted Character and Label Validation . . . . . . . . . 8
81 4.2.1. Input Format . . . . . . . . . . . . . . . . . . . . . 8
82 4.2.2. Rejection of Characters that are not Permitted . . . . 9
83 4.2.3. Label Validation . . . . . . . . . . . . . . . . . . . 9
84 4.2.4. Registration Validation Summary . . . . . . . . . . . 9
85 4.3. Registry Restrictions . . . . . . . . . . . . . . . . . . 10
86 4.4. Punycode Conversion . . . . . . . . . . . . . . . . . . . 10
87 4.5. Insertion in the Zone . . . . . . . . . . . . . . . . . . 10
88 5. Domain Name Lookup Protocol . . . . . . . . . . . . . . . . . 11
89 5.1. Label String Input . . . . . . . . . . . . . . . . . . . . 11
90 5.2. Conversion to Unicode . . . . . . . . . . . . . . . . . . 11
91 5.3. A-label Input . . . . . . . . . . . . . . . . . . . . . . 11
92 5.4. Validation and Character List Testing . . . . . . . . . . 12
93 5.5. Punycode Conversion . . . . . . . . . . . . . . . . . . . 13
94 5.6. DNS Name Resolution . . . . . . . . . . . . . . . . . . . 13
95 6. Security Considerations . . . . . . . . . . . . . . . . . . . 14
96 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14
97 8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 14
98 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 14
99 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15
100 10.1. Normative References . . . . . . . . . . . . . . . . . . . 15
101 10.2. Informative References . . . . . . . . . . . . . . . . . . 16
102 Appendix A. Summary of Major Changes from IDNA2003 . . . . . . . 17
103 Appendix B. Change Log . . . . . . . . . . . . . . . . . . . . . 18
104 B.1. Changes between Version -00 and -01 of
105 draft-ietf-idnabis-protocol . . . . . . . . . . . . . . . 18
106 B.2. Version -02 . . . . . . . . . . . . . . . . . . . . . . . 18
107 B.3. Version -03 . . . . . . . . . . . . . . . . . . . . . . . 19
108 B.4. Version -04 . . . . . . . . . . . . . . . . . . . . . . . 19
109 B.5. Version -05 . . . . . . . . . . . . . . . . . . . . . . . 19
110 B.6. Version -06 . . . . . . . . . . . . . . . . . . . . . . . 19
111 B.7. Version -07 . . . . . . . . . . . . . . . . . . . . . . . 20
112 B.8. Version -08 . . . . . . . . . . . . . . . . . . . . . . . 20
113 B.9. Version -09 . . . . . . . . . . . . . . . . . . . . . . . 20
114 B.10. Version -10 . . . . . . . . . . . . . . . . . . . . . . . 21
115 B.11. Version -11 . . . . . . . . . . . . . . . . . . . . . . . 21
116 B.12. Version -12 . . . . . . . . . . . . . . . . . . . . . . . 21
117 B.13. Version -13 . . . . . . . . . . . . . . . . . . . . . . . 22
118 B.14. Version -14 . . . . . . . . . . . . . . . . . . . . . . . 22
119 B.15. Version -15 . . . . . . . . . . . . . . . . . . . . . . . 22
120 B.16. Version -16 . . . . . . . . . . . . . . . . . . . . . . . 23
121 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 23
123 1. Introduction
125 This document supplies the protocol definition for internationalized
126 domain names. Essential definitions and terminology for
127 understanding this document and a road map of the collection of
128 documents that make up IDNA2008 appear in [IDNA2008-Defs].
129 Appendix A discusses the relationship between this specification and
130 the earlier version of IDNA (referred to here as "IDNA2003"). The
131 rationale for these changes, along with considerable explanatory
132 material and advice to zone administrators who support IDNs is
133 provided in another document, [IDNA2008-Rationale].
135 IDNA works by allowing applications to use certain ASCII string
136 labels (beginning with a special prefix) to represent non-ASCII name
137 labels. Lower-layer protocols need not be aware of this; therefore
138 IDNA does not change any infrastructure. In particular, IDNA does
139 not depend on any changes to DNS servers, resolvers, or DNS protocol
140 elements, because the ASCII name service provided by the existing DNS
141 can be used for IDNA.
143 IDNA applies only to DNS labels. The base DNS standards [RFC1034]
144 [RFC1035] and their various updates specify how to combine labels
145 into fully-qualified domain names and parse labels out of those
146 names.
148 This document describes two separate protocols, one for IDN
149 registration (Section 4) and one for IDN lookup (Section 5). These
150 two protocols share some terminology, reference data and operations.
152 1.1. Discussion Forum
154 [[ RFC Editor: please remove this section. ]]
156 This work is being discussed in the IETF IDNABIS WG and on the
157 mailing list idna-update@alvestrand.no
159 2. Terminology
161 Terminology used as part of the definition of IDNA appears in
162 [IDNA2008-Defs]. It is worth noting that some of this terminology
163 overlaps with, and is consistent with, that used , but also in
164 Unicode or other character set standards and the DNS. Readers of
165 this document are assumed to be familiar with [IDNA2008-Defs] and
166 with the DNS-specific terminology in RFC 1034 [RFC1034].
168 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
169 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
170 document are to be interpreted as described in BCP 14, RFC 2119
171 [RFC2119].
173 3. Requirements and Applicability
175 3.1. Requirements
177 IDNA makes the following requirements:
179 1. Whenever a domain name is put into an IDN-unaware domain name
180 slot (see Section 2 and [IDNA2008-Defs]), it MUST contain only
181 ASCII characters (i.e., must be either an A-label or an NR-LDH-
182 label), unless the DNS application is not subject to historical
183 recommendations for "hostname"-style names (see [RFC1034] and
184 Section 3.2.1).
186 2. Labels MUST be compared using equivalent forms: either both
187 A-Label forms or both U-Label forms. Because A-labels and
188 U-labels can be transformed into each other without loss of
189 information, these comparisons are equivalent. A pair of
190 A-labels MUST be compared as case-insensitive ASCII (as with all
191 comparisons of ASCII DNS labels). U-labels must be compared
192 as-is, without case-folding or other intermediate steps. Note
193 that it is not necessary to validate labels in order to compare
194 them and that successful comparison does not imply validity. In
195 many cases, not limited to comparison, validation may be
196 important for other reasons and SHOULD be performed.
198 3. Labels being registered MUST conform to the requirements of
199 Section 4. Labels being looked up and the lookup process MUST
200 conform to the requirements of Section 5.
202 3.2. Applicability
204 IDNA applies to all domain names in all domain name slots in
205 protocols except where it is explicitly excluded. It does not apply
206 to domain name slots which do not use the Letter/Digit/Hyphen (LDH)
207 syntax rules.
209 Because IDNA uses the DNS, IDNA applies to many protocols that were
210 specified before it was designed. IDNs occupying domain name slots
211 in those older protocols MUST be in A-label form until and unless
212 those protocols and their implementations are explicitly upgraded to
213 be aware of IDNs. IDNs actually appearing in DNS queries or
214 responses MUST be A-labels.
216 IDNA is not defined for extended label types (see RFC 2671, Section 3
218 [RFC2671]).
220 3.2.1. DNS Resource Records
222 IDNA applies only to domain names in the NAME and RDATA fields of DNS
223 resource records whose CLASS is IN. See RFC 1034 [RFC1034] for
224 precise definitions of these terms.
226 The application of IDNA to DNS resource records depends entirely on
227 the CLASS of the record, and not on the TYPE except as noted below.
228 This will remain true, even as new types are defined, unless a new
229 type defines type-specific rules. Special naming conventions for SRV
230 records (and "underscore labels" more generally) are incompatible
231 with IDNA coding as discussed in [IDNA2008-Defs], especially Section
232 2.3.2.3. Of course, underscore labels may be part of a domain that
233 uses IDN labels at higher levels in the tree.
235 3.2.2. Non-domain-name Data Types Stored in the DNS
237 Although IDNA enables the representation of non-ASCII characters in
238 domain names, that does not imply that IDNA enables the
239 representation of non-ASCII characters in other data types that are
240 stored in domain names, specifically in the RDATA field for types
241 that have structured RDATA format. For example, an email address
242 local part is stored in a domain name in the RNAME field as part of
243 the RDATA of an SOA record (hostmaster@example.com would be
244 represented as hostmaster.example.com). IDNA does not update the
245 existing email standards, which allow only ASCII characters in local
246 parts. Even though work is in progress to define
247 internationalization for email addresses [RFC4952], changes to the
248 email address part of the SOA RDATA would require action in, or
249 updates to, other standards, specifically those that specify the
250 format of the SOA RR.
252 4. Registration Protocol
254 This section defines the model for registering an IDN. The model is
255 implementation independent; any sequence of steps that produces
256 exactly the same result for all labels is considered a valid
257 implementation.
259 Note that, while the registration (this section) and lookup protocols
260 (Section 5) are very similar in most respects, they not identical and
261 implementers should carefully follow the steps described in this
262 specification.
264 4.1. Input to IDNA Registration
266 Registration processes, especially processing by entities (often
267 called "registrars") who deal with registrants before the request
268 actually reaches the zone manager ("registry") are outside the scope
269 of this definition and may differ significantly depending on local
270 needs. By the time a string enters the IDNA registration process as
271 described in this specification, it MUST be in Unicode and in
272 Normalization Form C (NFC [Unicode-UAX15]). Entities responsible for
273 zone files ("registries") MUST accept only the exact string for which
274 registration is requested, free of any mappings or local adjustments.
275 They MAY accept that input in any of three forms:
277 1. As a pair of A-label and U-label.
279 2. As an A-label only.
281 3. As a U-label only.
283 The first two of these forms are RECOMMENDED because the use of
284 A-labels avoids any possibility of ambiguity. The first is normally
285 preferred over the second because it permits further verification of
286 user intent (see Section 4.2.1).
288 4.2. Permitted Character and Label Validation
290 4.2.1. Input Format
292 If both the U-label and A-label forms are available, the registry
293 MUST ensure that the A-label form is in lower case, perform a
294 conversion to a U-label, perform the steps and tests described below
295 on that U-label, and then verify that the A-label produced by the
296 step in Section 4.4 matches the one provided as input. In addition,
297 the U-label that was provided as input and the one obtained by
298 conversion of the A-label MUST match exactly. If, for some reason,
299 these tests fail, the registration MUST be rejected.
301 If only an A-label was provided and the conversion to a U-label is
302 not performed, the registry MUST still verify that the A-label is
303 superficially valid, i.e., that it does not violate any of the rules
304 of Punycode [RFC3492] encoding such as the prohibition on trailing
305 hyphen-minus, appearance of non-basic characters before the
306 delimiter, and so on. Fake A-labels, i.e., invalid strings that
307 appear to be A-labels but are not, MUST NOT be placed in DNS zones
308 that support IDNA.
310 4.2.2. Rejection of Characters that are not Permitted
312 The candidate Unicode string MUST NOT contain characters that appear
313 in the "DISALLOWED" and "UNASSIGNED" lists specified in
314 [IDNA2008-Tables].
316 4.2.3. Label Validation
318 The proposed label (in the form of a Unicode string, i.e., a string
319 that at least superficially appears to be a U-label) is then
320 examined, performing tests that require examination of more than one
321 character. Character order is considered to be the on-the-wire
322 order, not the display order.
324 4.2.3.1. Hyphen Restrictions
326 The Unicode string MUST NOT contain "--" (two consecutive hyphens) in
327 the third and fourth character positions and MUST NOT start or end
328 with a "-" (hyphen).
330 4.2.3.2. Leading Combining Marks
332 The Unicode string MUST NOT begin with a combining mark or combining
333 character (see The Unicode Standard, Section 2.11 [Unicode] for an
334 exact definition).
336 4.2.3.3. Contextual Rules
338 The Unicode string MUST NOT contain any characters whose validity is
339 context-dependent, unless the validity is positively confirmed by a
340 contextual rule. To check this, each code-point marked as CONTEXTJ
341 and CONTEXTO in [IDNA2008-Tables] MUST have a non-null rule. If such
342 a code-point is missing a rule, it is invalid. If the rule exists
343 but the result of applying the rule is negative or inconclusive, the
344 proposed label is invalid.
346 4.2.3.4. Labels Containing Characters Written Right to Left
348 If the proposed label contains any characters that are written from
349 right to left it MUST meet the BIDI criteria [IDNA2008-BIDI].
351 4.2.4. Registration Validation Summary
353 Strings that contain at least one non-ASCII character, have been
354 produced by the steps above, whose contents pass all of the tests in
355 Section 4.2, and are 63 or fewer characters long in ACE form (see
356 Section 4.4), are U-labels.
358 To summarize, tests are made in Section 4.2 for invalid characters,
359 invalid combinations of characters, for labels that are invalid even
360 if the characters they contain are valid individually, and for labels
361 that do not conform to the restrictions for strings containing right
362 to left characters.
364 4.3. Registry Restrictions
366 In addition to the rules and tests above, there are many reasons why
367 a registry could reject a label. Registries at all levels of the
368 DNS, not just the top level, are expected to establish policies about
369 label registrations. Policies are likely to be informed by the local
370 languages and the scripts that are used to write them and may depend
371 on many factors including what characters are in the label (for
372 example, a label may be rejected based on other labels already
373 registered). See [IDNA2008-Rationale] Section 3.2 for a discussion
374 and recommendations about registry policies.
376 The string produced by the steps in Section 4.2 is checked and
377 processed as appropriate to local registry restrictions. Application
378 of those registry restrictions may result in the rejection of some
379 labels or the application of special restrictions to others.
381 4.4. Punycode Conversion
383 The resulting U-label is converted to an A-label (defined in Section
384 2.3.2.1 of [IDNA2008-Defs]). The A-label is the encoding of the
385 U-label according to the Punycode algorithm [RFC3492] with the ACE
386 prefix "xn--" added at the beginning of the string. The resulting
387 string must, of course, conform to the length limits imposed by the
388 DNS. This document does not update or alter the Punycode algorithm
389 specified in RFC 3492 in any way. That document does make a non-
390 normative reference to the information about the value and
391 construction of the ACE prefix that appears "in RFC 3490 or Nameprep
392 [RFC3491]". For consistency and reader convenience, IDNA2008
393 effectively updates that reference to point to this document. That
394 change does not alter the prefix itself. The prefix, "xn--", is the
395 same in both sets of documents.
397 The failure conditions identified in the Punycode encoding procedure
398 cannot occur if the input is a U-label as determined by the steps
399 above.
401 4.5. Insertion in the Zone
403 The label is registered in the DNS by inserting the A-label into a
404 zone.
406 5. Domain Name Lookup Protocol
408 Lookup is different from registration and different tests are applied
409 on the client. Although some validity checks are necessary to avoid
410 serious problems with the protocol, the lookup-side tests are more
411 permissive and rely on the assumption that names that are present in
412 the DNS are valid. That assumption is, however, a weak one because
413 the presence of wild cards in the DNS might cause a string that is
414 not actually registered in the DNS to be successfully looked up.
416 5.1. Label String Input
418 The user supplies a string in the local character set, for example by
419 typing it or clicking on, or copying and pasting, a resource
420 identifier, e.g., a URI [RFC3986] or IRI [RFC3987] from which the
421 domain name is extracted. Alternately, some process not directly
422 involving the user may read the string from a file or obtain it in
423 some other way. Processing in this step and that specified in
424 Section 5.2 are local matters, to be accomplished prior to actual
425 invocation of IDNA.
427 5.2. Conversion to Unicode
429 The string is converted from the local character set into Unicode, if
430 it is not already in Unicode. Depending on local needs, this
431 conversion may involve mapping some characters into other characters
432 as well as coding conversions. Those issues are discussed in
433 [IDNA2008-Mapping] and the mapping-related sections (Sections 4.4, 6,
434 and 7.3) of [IDNA2008-Rationale]. The result MUST be a Unicode
435 string in NFC form.
437 5.3. A-label Input
439 If the input to this procedure appears to be an A-label (i.e., it
440 starts in "xn--"), the lookup application MAY attempt to convert it
441 to a U-label, first ensuring that the A-label is entirely in lower
442 case, and apply the tests of Section 5.4 and the conversion of
443 Section 5.5 to that form. If the label is converted to Unicode
444 (i.e., to U-label form) using the Punycode decoding algorithm, then
445 the processing specified in those two sections MUST be performed, and
446 the label MUST be rejected if the resulting label is not identical to
447 the original. See Section 8.1 of [IDNA2008-Rationale] for additional
448 discussion on this topic.
450 Conversion from the A-label and testing that the result is a U-label
451 SHOULD be performed if the domain name will later be presented to the
452 user in native character form (this requires that the lookup
453 application be IDNA-aware). If those steps are not performed, the
454 lookup process SHOULD at least test to determine that the string is
455 actually an A-label, examining it for the invalid formats specified
456 in the Punycode decoding specification. Applications that are not
457 IDNA-aware will obviously omit that testing; others MAY treat the
458 string as opaque to avoid the additional processing at the expense of
459 providing less protection and information to users.
461 5.4. Validation and Character List Testing
463 As with the registration procedure described in Section 4, the
464 Unicode string is checked to verify that all characters that appear
465 in it are valid as input to IDNA lookup processing. As discussed
466 above and in [IDNA2008-Rationale], the lookup check is more liberal
467 than the registration one. Labels that have not been fully evaluated
468 for conformance to the applicable rules are referred to as "putative"
469 labels as discussed in Section 2.3.2.1 of [IDNA2008-Defs]. Putative
470 labels with any of the following characteristics MUST be rejected
471 prior to DNS lookup:
473 o Labels that are not in NFC [Unicode-UAX15].
475 o Labels containing "--" (two consecutive hyphens) in the third and
476 fourth character positions.
478 o Labels whose first character is a combining mark (see The Unicode
479 Standard, Section 2.11 [Unicode]).
481 o Labels containing prohibited code points, i.e., those that are
482 assigned to the "DISALLOWED" category of [IDNA2008-Tables].
484 o Labels containing code points that are identified in
485 [IDNA2008-Tables] as "CONTEXTJ", i.e., requiring exceptional
486 contextual rule processing on lookup, but that do not conform to
487 those rules. Note that this implies that a rule must be defined,
488 not null: a character that requires a contextual rule but for
489 which the rule is null is treated in this step as having failed to
490 conform to the rule.
492 o Labels containing code points that are identified in
493 [IDNA2008-Tables] as "CONTEXTO", but for which no such rule
494 appears in the table of rules. Applications resolving DNS names
495 or carrying out equivalent operations are not required to test
496 contextual rules for "CONTEXTO" characters, only to verify that a
497 rule is defined (although they MAY make such tests to provide
498 better protection or give better information to the user).
500 o Labels containing code points that are unassigned in the version
501 of Unicode being used by the application, i.e.,in the UNASSIGNED
502 category of [IDNA2008-Tables].
504 This requirement means that the application must use a list of
505 unassigned characters that is matched to the version of Unicode
506 that is being used for the other requirements in this section. It
507 is not required that the application know which version of Unicode
508 is being used; that information might be part of the operating
509 environment in which the application is running.
511 In addition, the application SHOULD apply the following test.
513 o Verification that the string is compliant with the requirements
514 for right to left characters, specified in [IDNA2008-BIDI].
516 This test may be omitted in special circumstances, such as when the
517 lookup application knows that the conditions are enforced elsewhere,
518 because an attempt to look up and resolve such strings will almost
519 certainly lead to a DNS lookup failure except when wild cards are
520 present in the zone. However, applying the test is likely to give
521 much better information about the reason for a lookup failure --
522 information that may be usefully passed to the user when that is
523 feasible -- than DNS resolution failure information alone.
525 For all other strings, the lookup application MUST rely on the
526 presence or absence of labels in the DNS to determine the validity of
527 those labels and the validity of the characters they contain. If
528 they are registered, they are presumed to be valid; if they are not,
529 their possible validity is not relevant. While a lookup application
530 may reasonably issue warnings about strings it believes may be
531 problematic, applications that decline to process a string that
532 conforms to the rules above (i.e., does not look it up in the DNS)
533 are not in conformance with this protocol.
535 5.5. Punycode Conversion
537 The string that has now been validated for lookup is converted to ACE
538 form by applying the Punycode algorithm to the string and then adding
539 the ACE prefix.
541 5.6. DNS Name Resolution
543 The A-label resulting from the conversion in Section 5.5 or supplied
544 directly (see Section 5.3) is looked up in the DNS, using normal DNS
545 resolver procedures. The lookup can obviously either succeed
546 (returning information) or fail.
548 6. Security Considerations
550 Security Considerations for this version of IDNA are described in
551 [IDNA2008-Defs], except for the special issues associated with right
552 to left scripts and characters. The latter are discussed in
553 [IDNA2008-BIDI].
555 7. IANA Considerations
557 IANA actions for this version of IDNA are specified in
558 [IDNA2008-Tables] and discussed informally in [IDNA2008-Rationale].
559 The components of IDNA described in this document do not require any
560 IANA actions.
562 8. Contributors
564 While the listed editor held the pen, the original versions of this
565 document represent the joint work and conclusions of an ad hoc design
566 team consisting of the editor and, in alphabetic order, Harald
567 Alvestrand, Tina Dam, Patrik Faltstrom, and Cary Karp. This document
568 draws significantly on the original version of IDNA [RFC3490] both
569 conceptually and for specific text. This second-generation version
570 would not have been possible without the work that went into that
571 first version and especially the contributions of its authors Patrik
572 Faltstrom, Paul Hoffman, and Adam Costello. While Faltstrom was
573 actively involved in the creation of this version, Hoffman and
574 Costello were not and should not be held responsible for any errors
575 or omissions.
577 9. Acknowledgments
579 This revision to IDNA would have been impossible without the
580 accumulated experience since RFC 3490 was published and resulting
581 comments and complaints of many people in the IETF, ICANN, and other
582 communities, too many people to list here. Nor would it have been
583 possible without RFC 3490 itself and the efforts of the Working Group
584 that defined it. Those people whose contributions are acknowledged
585 in RFC 3490, [RFC4690], and [IDNA2008-Rationale] were particularly
586 important.
588 Specific textual changes were incorporated into this document after
589 suggestions from the other contributors, Stephane Bortzmeyer, Vint
590 Cerf, Lisa Dusseault, Paul Hoffman, Kent Karlsson, James Mitchell,
591 Erik van der Poel, Marcos Sanz, Andrew Sullivan, Wil Tan, Ken
592 Whistler, Chris Wright, and other WG participants. Special thanks
593 are due to Paul Hoffman for permission to extract material from his
594 Internet-Draft to form the basis for Appendix A.
596 10. References
598 10.1. Normative References
600 [IDNA2008-BIDI]
601 Alvestrand, H. and C. Karp, "An updated IDNA criterion for
602 right-to-left scripts", August 2009, .
605 [IDNA2008-Defs]
606 Klensin, J., "Internationalized Domain Names for
607 Applications (IDNA): Definitions and Document Framework",
608 August 2009, .
611 [IDNA2008-Tables]
612 Faltstrom, P., "The Unicode Codepoints and IDNA",
613 August 2009, .
616 A version of this document is available in HTML format at
617 http://stupid.domain.name/idnabis/
618 draft-ietf-idnabis-tables-06.html
620 [RFC1034] Mockapetris, P., "Domain names - concepts and facilities",
621 STD 13, RFC 1034, November 1987.
623 [RFC1035] Mockapetris, P., "Domain names - implementation and
624 specification", STD 13, RFC 1035, November 1987.
626 [RFC1123] Braden, R., "Requirements for Internet Hosts - Application
627 and Support", STD 3, RFC 1123, October 1989.
629 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
630 Requirement Levels", BCP 14, RFC 2119, March 1997.
632 [RFC3492] Costello, A., "Punycode: A Bootstring encoding of Unicode
633 for Internationalized Domain Names in Applications
634 (IDNA)", RFC 3492, March 2003.
636 [Unicode-PropertyValueAliases]
637 The Unicode Consortium, "Unicode Character Database:
638 PropertyValueAliases", March 2008, .
641 [Unicode-RegEx]
642 The Unicode Consortium, "Unicode Technical Standard #18:
643 Unicode Regular Expressions", May 2005,
644 .
646 [Unicode-Scripts]
647 The Unicode Consortium, "Unicode Standard Annex #24:
648 Unicode Script Property", February 2008,
649 .
651 [Unicode-UAX15]
652 The Unicode Consortium, "Unicode Standard Annex #15:
653 Unicode Normalization Forms", 2006,
654 .
656 10.2. Informative References
658 [ASCII] American National Standards Institute (formerly United
659 States of America Standards Institute), "USA Code for
660 Information Interchange", ANSI X3.4-1968, 1968.
662 ANSI X3.4-1968 has been replaced by newer versions with
663 slight modifications, but the 1968 version remains
664 definitive for the Internet.
666 [IDNA2008-Mapping]
667 Resnick, P. and P. Hoffman, "Mapping Characters in IDNA",
668 September 2009, .
671 [IDNA2008-Rationale]
672 Klensin, J., Ed., "Internationalized Domain Names for
673 Applications (IDNA): Issues, Explanation, and Rationale",
674 February 2009, .
677 [RFC2136] Vixie, P., Thomson, S., Rekhter, Y., and J. Bound,
678 "Dynamic Updates in the Domain Name System (DNS UPDATE)",
679 RFC 2136, April 1997.
681 [RFC2181] Elz, R. and R. Bush, "Clarifications to the DNS
682 Specification", RFC 2181, July 1997.
684 [RFC2535] Eastlake, D., "Domain Name System Security Extensions",
685 RFC 2535, March 1999.
687 [RFC2671] Vixie, P., "Extension Mechanisms for DNS (EDNS0)",
688 RFC 2671, August 1999.
690 [RFC3490] Faltstrom, P., Hoffman, P., and A. Costello,
691 "Internationalizing Domain Names in Applications (IDNA)",
692 RFC 3490, March 2003.
694 [RFC3491] Hoffman, P. and M. Blanchet, "Nameprep: A Stringprep
695 Profile for Internationalized Domain Names (IDN)",
696 RFC 3491, March 2003.
698 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
699 Resource Identifier (URI): Generic Syntax", STD 66,
700 RFC 3986, January 2005.
702 [RFC3987] Duerst, M. and M. Suignard, "Internationalized Resource
703 Identifiers (IRIs)", RFC 3987, January 2005.
705 [RFC4690] Klensin, J., Faltstrom, P., Karp, C., and IAB, "Review and
706 Recommendations for Internationalized Domain Names
707 (IDNs)", RFC 4690, September 2006.
709 [RFC4952] Klensin, J. and Y. Ko, "Overview and Framework for
710 Internationalized Email", RFC 4952, July 2007.
712 [Unicode] The Unicode Consortium, "The Unicode Standard, Version
713 5.0", 2007.
715 Boston, MA, USA: Addison-Wesley. ISBN 0-321-48091-0
717 Appendix A. Summary of Major Changes from IDNA2003
719 1. Update base character set from Unicode 3.2 to Unicode version-
720 agnostic.
722 2. Separate the definitions for the "registration" and "lookup"
723 activities.
725 3. Disallow symbol and punctuation characters except where special
726 exceptions are necessary.
728 4. Remove the mapping and normalization steps from the protocol and
729 have them instead done by the applications themselves, possibly
730 in a local fashion, before invoking the protocol.
732 5. Change the way that the protocol specifies which characters are
733 allowed in labels from "humans decide what the table of
734 codepoints contains" to "decision about codepoints are based on
735 Unicode properties plus a small exclusion list created by
736 humans".
738 6. Introduce the new concept of characters that can be used only in
739 specific contexts.
741 7. Allow typical words and names in languages such as Dhivehi and
742 Yiddish to be expressed.
744 8. Make bidirectional domain names (delimited strings of labels,
745 not just labels standing on their own) display in a less
746 surprising fashion whether they appear in obvious domain name
747 contexts or as part of running text in paragraphs.
749 9. Remove the dot separator from the mandatory part of the
750 protocol.
752 10. Make some currently-valid labels that are not actually IDNA
753 labels invalid.
755 Appendix B. Change Log
757 [[ RFC Editor: Please remove this appendix. ]]
759 B.1. Changes between Version -00 and -01 of draft-ietf-idnabis-protocol
761 o Corrected discussion of SRV records.
763 o Several small corrections for clarity.
765 o Inserted more "open issue" placeholders.
767 B.2. Version -02
769 o Rewrote the "conversion to Unicode" text in Section 5.2 as
770 requested on-list.
772 o Added a comment (and reference) about EDNS0 to the "DNS Server
773 Conventions" section, which was also retitled.
775 o Made several editorial corrections and improvements in response to
776 various comments.
778 o Added several new discussion placeholder anchors and updated some
779 older ones.
781 B.3. Version -03
783 o Trimmed change log, removing information about pre-WG drafts.
785 o Incorporated a number of changes suggested by Marcos Sanz in his
786 note of 2008.07.17 and added several more placeholder anchors.
788 o Several minor editorial corrections and improvements.
790 o "Editor" designation temporarily removed because the automatic
791 posting machinery does not accept it.
793 B.4. Version -04
795 o Removed Contextual Rule appendices for transfer to Tables.
797 o Several changes, including removal of discussion anchors, based on
798 discussions at IETF 72 (Dublin)
800 o Rewrote the preprocessing material (former Section 5.3) somewhat
801 -- see Appendix B.14.
803 B.5. Version -05
805 o Updated part of the A-label input explanation (Section 5.3) per
806 note from Erik van der Poel.
808 B.6. Version -06
810 o Corrected a few typographical errors.
812 o Incorporated the material (formerly in Rationale) on the
813 relationship between IDNA2003 and IDNA2008 as an appendix and
814 pointed to the new definitions document.
816 o Text modified in several places to recognize the dangers of
817 interaction between DNS wild cards and IDNs.
819 o Text added to be explicit about the handling of edge and failure
820 cases in Punycode encoding and decoding.
822 o Revised for consistency with the new Definitions document and to
823 make the text read more smoothly.
825 B.7. Version -07
827 o Multiple small textual and editorial changes and clarifications.
829 o Requirement for normalization clarified to apply to all cases and
830 conditions for preprocessing further clarified.
832 o Substantive change to Section 4.2.1, turning a SHOULD to a MUST
833 (see note from Mark Davis, 19 November, 2008 18:14 -0800).
835 B.8. Version -08
837 o Added some references and altered text to improve clarity.
839 o Changed the description of CONTEXTJ/CONTEXTO to conform to that in
840 Tables. In other words, these are now treated as distinction
841 categories (again), rather than as specially-flagged subsets of
842 PROTOCOL VALID.
844 o The discussion of label comparisons has been rewritten to make it
845 more precise and to clarify that one does not need to verify that
846 a string is a [valid] A-label or U-label in order to test it for
847 equality with another string. The WG should verify that the
848 current text is what is desired.
850 o Other changes to reflect post-IETF discussions or editorial
851 improvements.
853 B.9. Version -09
855 o Removed Security Considerations material to Defs document.
857 o Removed the Name Server Considerations material to Rationale.
858 That material is not normative and not needed to implement the
859 protocol itself.
861 o Adjusted terminology to match new version of Defs.
863 o Removed all discussion of local mapping and option for it from
864 registration protocol. Such mapping is now completely prohibited
865 on Registration.
867 o Removed some old placeholders and inquiries because no comments
868 have been received.
870 o Small editorial corrections.
872 B.10. Version -10
874 o Rewrote the registration input material slightly to further
875 clarify the "no mapping on registration" principle.
877 o Added placeholder notes about several tasks, notably reorganizing
878 Section 4 and Section 5 so that subsection numbers are parallel.
880 o Cleaned up an incorrect use of the terms "A-label" and "U-label"
881 in the lookup phase that was spotted by Mark Davis. Inserted a
882 note there about alternate ways to deal with the resulting
883 terminology problem.
885 o Added a temporarily appendix (above) to document alternate
886 strategies for possible replacements for the former Section 5.3
887 (see Appendix B.14).
889 B.11. Version -11
891 o Removed dangling reference to "C-label" (editing error in prior
892 draft).
894 o Recast the last steps of the Lookup description to eliminate
895 "apparent" (previously "putative") terminology.
897 o Rewrote major portions of the temporary appendix that describes
898 transitional mappings to improve clarity and add context.
900 o Did some fine-tuning of terminology, notably in Section 3.2.1.
902 B.12. Version -12
904 o Extensive editorial improvements, mostly due to suggestions from
905 Lisa Dusseault.
907 o Conformance statements have been made consistent, especially in
908 Section 4.2.1 and subsequent text, which said "SHOULD" in one
909 place and then said "MAY" as the result of incomplete removal of
910 registration-time mapping. Also clarified the definition of
911 "registration processes" in Section 4.1 -- the previous text had
912 confused several people.
914 o A few new "question to the WG notes have been added about
915 appropriateness or placement of text. If there are no comments on
916 the mailing list, the editor will apply his own judgment.
918 o Several of the usual small typos and other editorial errors have
919 been corrected.
921 o Section 5 has still not been reorganized to match Section 4 in
922 structure and subsection numbering -- will be done as soon as the
923 mapping decisions and references are final.
925 B.13. Version -13
927 o Modified the "putative label" text to better explain the term and
928 explicitly point back to Defs.
930 o Slight rewrite of former section 5.3 to clarify the NFC
931 requirement and to start the transition toward having some of the
932 explanation in the Mapping document. That whole section has been
933 removed in -14, see Appendix B.14 for more information.
935 B.14. Version -14
937 o Fixed substantive typographical error caught by Wil Tan.
939 o Added a check for consecutive hyphens in positions 3 and 4 to
940 Lookup.
942 o Reflected several changes suggested by Andrew Sullivan.
944 o Rearranged and rewrote material to reflect the mapping document
945 and its status.
947 o The former Section 5.3 and Appendix A, which discussed mapping
948 alternatives, have been dropped entirely. Such discussion now
949 belongs in the Mapping document, the portion of Rationale that
950 supports it, or not at all. Section 5.2 has been rewritten
951 slightly to point to Mapping for those issues.
953 o Note: With the revised mapping material inserted, I've just about
954 given up on the idea of having the subsections of Sections 4 and 5
955 exactly parallel each other. Anyone who still feels strongly
956 about this should be prepared to make very specific suggestions.
957 --JcK
959 B.15. Version -15
961 o Corrected name of protocol in the abstract ("Internationalization"
962 to "Internationalized") and a few other instances of that error.
964 o Corrected the hyphen test (Section 4.2.3.1).
966 o Added text to deal with the "upper case in A-labels" problem.
968 o Adjusted Acknowledgments to remove Mark Davis's name, per his
969 request and advice from IETF Trust Counsel.
971 o Incorporated other changes from WG Last Call.
973 o Small typographical and editorial corrections.
975 B.16. Version -16
977 o Adjusted references to current versions.
979 o Adjusted discussion of changes to Punycode to make more precise.
981 o Inserted text to clarify version matching between IDNA and
982 Unicode.
984 o Made several small changes based on Martin Duerst's review.
986 o Substituted in Section numbers in references to other IDNA2008
987 documents.
989 Author's Address
991 John C Klensin
992 1770 Massachusetts Ave, Ste 322
993 Cambridge, MA 02140
994 USA
996 Phone: +1 617 245 1457
997 Email: john+ietf@jck.com