mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
a1bbd66b0f
metze
(This used to be commit f4cfba26ae
)
1236 lines
51 KiB
Plaintext
1236 lines
51 KiB
Plaintext
|
||
|
||
|
||
|
||
|
||
|
||
Network Working Group P. Faltstrom
|
||
Request for Comments: 3490 Cisco
|
||
Category: Standards Track P. Hoffman
|
||
IMC & VPNC
|
||
A. Costello
|
||
UC Berkeley
|
||
March 2003
|
||
|
||
|
||
Internationalizing Domain Names in Applications (IDNA)
|
||
|
||
Status of this Memo
|
||
|
||
This document specifies an Internet standards track protocol for the
|
||
Internet community, and requests discussion and suggestions for
|
||
improvements. Please refer to the current edition of the "Internet
|
||
Official Protocol Standards" (STD 1) for the standardization state
|
||
and status of this protocol. Distribution of this memo is unlimited.
|
||
|
||
Copyright Notice
|
||
|
||
Copyright (C) The Internet Society (2003). All Rights Reserved.
|
||
|
||
Abstract
|
||
|
||
Until now, there has been no standard method for domain names to use
|
||
characters outside the ASCII repertoire. This document defines
|
||
internationalized domain names (IDNs) and a mechanism called
|
||
Internationalizing Domain Names in Applications (IDNA) for handling
|
||
them in a standard fashion. IDNs use characters drawn from a large
|
||
repertoire (Unicode), but IDNA allows the non-ASCII characters to be
|
||
represented using only the ASCII characters already allowed in so-
|
||
called host names today. This backward-compatible representation is
|
||
required in existing protocols like DNS, so that IDNs can be
|
||
introduced with no changes to the existing infrastructure. IDNA is
|
||
only meant for processing domain names, not free text.
|
||
|
||
Table of Contents
|
||
|
||
1. Introduction.................................................. 2
|
||
1.1 Problem Statement......................................... 3
|
||
1.2 Limitations of IDNA....................................... 3
|
||
1.3 Brief overview for application developers................. 4
|
||
2. Terminology................................................... 5
|
||
3. Requirements and applicability................................ 7
|
||
3.1 Requirements.............................................. 7
|
||
3.2 Applicability............................................. 8
|
||
3.2.1. DNS resource records................................ 8
|
||
|
||
|
||
|
||
Faltstrom, et al. Standards Track [Page 1]
|
||
|
||
RFC 3490 IDNA March 2003
|
||
|
||
|
||
3.2.2. Non-domain-name data types stored in domain names... 9
|
||
4. Conversion operations......................................... 9
|
||
4.1 ToASCII................................................... 10
|
||
4.2 ToUnicode................................................. 11
|
||
5. ACE prefix.................................................... 12
|
||
6. Implications for typical applications using DNS............... 13
|
||
6.1 Entry and display in applications......................... 14
|
||
6.2 Applications and resolver libraries....................... 15
|
||
6.3 DNS servers............................................... 15
|
||
6.4 Avoiding exposing users to the raw ACE encoding........... 16
|
||
6.5 DNSSEC authentication of IDN domain names................ 16
|
||
7. Name server considerations.................................... 17
|
||
8. Root server considerations.................................... 17
|
||
9. References.................................................... 18
|
||
9.1 Normative References...................................... 18
|
||
9.2 Informative References.................................... 18
|
||
10. Security Considerations...................................... 19
|
||
11. IANA Considerations.......................................... 20
|
||
12. Authors' Addresses........................................... 21
|
||
13. Full Copyright Statement..................................... 22
|
||
|
||
1. Introduction
|
||
|
||
IDNA works by allowing applications to use certain ASCII name labels
|
||
(beginning with a special prefix) to represent non-ASCII name labels.
|
||
Lower-layer protocols need not be aware of this; therefore IDNA does
|
||
not depend on changes to any infrastructure. In particular, IDNA
|
||
does not depend on any changes to DNS servers, resolvers, or protocol
|
||
elements, because the ASCII name service provided by the existing DNS
|
||
is entirely sufficient for IDNA.
|
||
|
||
This document does not require any applications to conform to IDNA,
|
||
but applications can elect to use IDNA in order to support IDN while
|
||
maintaining interoperability with existing infrastructure. If an
|
||
application wants to use non-ASCII characters in domain names, IDNA
|
||
is the only currently-defined option. Adding IDNA support to an
|
||
existing application entails changes to the application only, and
|
||
leaves room for flexibility in the user interface.
|
||
|
||
A great deal of the discussion of IDN solutions has focused on
|
||
transition issues and how IDN will work in a world where not all of
|
||
the components have been updated. Proposals that were not chosen by
|
||
the IDN Working Group would depend on user applications, resolvers,
|
||
and DNS servers being updated in order for a user to use an
|
||
internationalized domain name. Rather than rely on widespread
|
||
updating of all components, IDNA depends on updates to user
|
||
applications only; no changes are needed to the DNS protocol or any
|
||
DNS servers or the resolvers on user's computers.
|
||
|
||
|
||
|
||
Faltstrom, et al. Standards Track [Page 2]
|
||
|
||
RFC 3490 IDNA March 2003
|
||
|
||
|
||
1.1 Problem Statement
|
||
|
||
The IDNA specification solves the problem of extending the repertoire
|
||
of characters that can be used in domain names to include the Unicode
|
||
repertoire (with some restrictions).
|
||
|
||
IDNA does not extend the service offered by DNS to the applications.
|
||
Instead, the applications (and, by implication, the users) continue
|
||
to see an exact-match lookup service. Either there is a single
|
||
exactly-matching name or there is no match. This model has served
|
||
the existing applications well, but it requires, with or without
|
||
internationalized domain names, that users know the exact spelling of
|
||
the domain names that the users type into applications such as web
|
||
browsers and mail user agents. The introduction of the larger
|
||
repertoire of characters potentially makes the set of misspellings
|
||
larger, especially given that in some cases the same appearance, for
|
||
example on a business card, might visually match several Unicode code
|
||
points or several sequences of code points.
|
||
|
||
IDNA allows the graceful introduction of IDNs not only by avoiding
|
||
upgrades to existing infrastructure (such as DNS servers and mail
|
||
transport agents), but also by allowing some rudimentary use of IDNs
|
||
in applications by using the ASCII representation of the non-ASCII
|
||
name labels. While such names are very user-unfriendly to read and
|
||
type, and hence are not suitable for user input, they allow (for
|
||
instance) replying to email and clicking on URLs even though the
|
||
domain name displayed is incomprehensible to the user. In order to
|
||
allow user-friendly input and output of the IDNs, the applications
|
||
need to be modified to conform to this specification.
|
||
|
||
IDNA uses the Unicode character repertoire, which avoids the
|
||
significant delays that would be inherent in waiting for a different
|
||
and specific character set be defined for IDN purposes by some other
|
||
standards developing organization.
|
||
|
||
1.2 Limitations of IDNA
|
||
|
||
The IDNA protocol does not solve all linguistic issues with users
|
||
inputting names in different scripts. Many important language-based
|
||
and script-based mappings are not covered in IDNA and need to be
|
||
handled outside the protocol. For example, names that are entered in
|
||
a mix of traditional and simplified Chinese characters will not be
|
||
mapped to a single canonical name. Another example is Scandinavian
|
||
names that are entered with U+00F6 (LATIN SMALL LETTER O WITH
|
||
DIAERESIS) will not be mapped to U+00F8 (LATIN SMALL LETTER O WITH
|
||
STROKE).
|
||
|
||
|
||
|
||
|
||
|
||
Faltstrom, et al. Standards Track [Page 3]
|
||
|
||
RFC 3490 IDNA March 2003
|
||
|
||
|
||
An example of an important issue that is not considered in detail in
|
||
IDNA is how to provide a high probability that a user who is entering
|
||
a domain name based on visual information (such as from a business
|
||
card or billboard) or aural information (such as from a telephone or
|
||
radio) would correctly enter the IDN. Similar issues exist for ASCII
|
||
domain names, for example the possible visual confusion between the
|
||
letter 'O' and the digit zero, but the introduction of the larger
|
||
repertoire of characters creates more opportunities of similar
|
||
looking and similar sounding names. Note that this is a complex
|
||
issue relating to languages, input methods on computers, and so on.
|
||
Furthermore, the kind of matching and searching necessary for a high
|
||
probability of success would not fit the role of the DNS and its
|
||
exact matching function.
|
||
|
||
1.3 Brief overview for application developers
|
||
|
||
Applications can use IDNA to support internationalized domain names
|
||
anywhere that ASCII domain names are already supported, including DNS
|
||
master files and resolver interfaces. (Applications can also define
|
||
protocols and interfaces that support IDNs directly using non-ASCII
|
||
representations. IDNA does not prescribe any particular
|
||
representation for new protocols, but it still defines which names
|
||
are valid and how they are compared.)
|
||
|
||
The IDNA protocol is contained completely within applications. It is
|
||
not a client-server or peer-to-peer protocol: everything is done
|
||
inside the application itself. When used with a DNS resolver
|
||
library, IDNA is inserted as a "shim" between the application and the
|
||
resolver library. When used for writing names into a DNS zone, IDNA
|
||
is used just before the name is committed to the zone.
|
||
|
||
There are two operations described in section 4 of this document:
|
||
|
||
- The ToASCII operation is used before sending an IDN to something
|
||
that expects ASCII names (such as a resolver) or writing an IDN
|
||
into a place that expects ASCII names (such as a DNS master file).
|
||
|
||
- The ToUnicode operation is used when displaying names to users,
|
||
for example names obtained from a DNS zone.
|
||
|
||
It is important to note that the ToASCII operation can fail. If it
|
||
fails when processing a domain name, that domain name cannot be used
|
||
as an internationalized domain name and the application has to have
|
||
some method of dealing with this failure.
|
||
|
||
IDNA requires that implementations process input strings with
|
||
Nameprep [NAMEPREP], which is a profile of Stringprep [STRINGPREP],
|
||
and then with Punycode [PUNYCODE]. Implementations of IDNA MUST
|
||
|
||
|
||
|
||
Faltstrom, et al. Standards Track [Page 4]
|
||
|
||
RFC 3490 IDNA March 2003
|
||
|
||
|
||
fully implement Nameprep and Punycode; neither Nameprep nor Punycode
|
||
are optional.
|
||
|
||
2. Terminology
|
||
|
||
The key words "MUST", "SHALL", "REQUIRED", "SHOULD", "RECOMMENDED",
|
||
and "MAY" in this document are to be interpreted as described in BCP
|
||
14, RFC 2119 [RFC2119].
|
||
|
||
A code point is an integer value associated with a character in a
|
||
coded character set.
|
||
|
||
Unicode [UNICODE] is a coded character set containing tens of
|
||
thousands of characters. A single Unicode code point is denoted by
|
||
"U+" followed by four to six hexadecimal digits, while a range of
|
||
Unicode code points is denoted by two hexadecimal numbers separated
|
||
by "..", with no prefixes.
|
||
|
||
ASCII means US-ASCII [USASCII], a coded character set containing 128
|
||
characters associated with code points in the range 0..7F. Unicode
|
||
is an extension of ASCII: it includes all the ASCII characters and
|
||
associates them with the same code points.
|
||
|
||
The term "LDH code points" is defined in this document to mean the
|
||
code points associated with ASCII letters, digits, and the hyphen-
|
||
minus; that is, U+002D, 30..39, 41..5A, and 61..7A. "LDH" is an
|
||
abbreviation for "letters, digits, hyphen".
|
||
|
||
[STD13] talks about "domain names" and "host names", but many people
|
||
use the terms interchangeably. Further, because [STD13] was not
|
||
terribly clear, many people who are sure they know the exact
|
||
definitions of each of these terms disagree on the definitions. In
|
||
this document the term "domain name" is used in general. This
|
||
document explicitly cites [STD3] whenever referring to the host name
|
||
syntax restrictions defined therein.
|
||
|
||
A label is an individual part of a domain name. Labels are usually
|
||
shown separated by dots; for example, the domain name
|
||
"www.example.com" is composed of three labels: "www", "example", and
|
||
"com". (The zero-length root label described in [STD13], which can
|
||
be explicit as in "www.example.com." or implicit as in
|
||
"www.example.com", is not considered a label in this specification.)
|
||
IDNA extends the set of usable characters in labels that are text.
|
||
For the rest of this document, the term "label" is shorthand for
|
||
"text label", and "every label" means "every text label".
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Faltstrom, et al. Standards Track [Page 5]
|
||
|
||
RFC 3490 IDNA March 2003
|
||
|
||
|
||
An "internationalized label" is a label to which the ToASCII
|
||
operation (see section 4) can be applied without failing (with the
|
||
UseSTD3ASCIIRules flag unset). This implies that every ASCII label
|
||
that satisfies the [STD13] length restriction is an internationalized
|
||
label. Therefore the term "internationalized label" is a
|
||
generalization, embracing both old ASCII labels and new non-ASCII
|
||
labels. Although most Unicode characters can appear in
|
||
internationalized labels, ToASCII will fail for some input strings,
|
||
and such strings are not valid internationalized labels.
|
||
|
||
An "internationalized domain name" (IDN) is a domain name in which
|
||
every label is an internationalized label. This implies that every
|
||
ASCII domain name is an IDN (which implies that it is possible for a
|
||
name to be an IDN without it containing any non-ASCII characters).
|
||
This document does not attempt to define an "internationalized host
|
||
name". Just as has been the case with ASCII names, some DNS zone
|
||
administrators may impose restrictions, beyond those imposed by DNS
|
||
or IDNA, on the characters or strings that may be registered as
|
||
labels in their zones. Such restrictions have no impact on the
|
||
syntax or semantics of DNS protocol messages; a query for a name that
|
||
matches no records will yield the same response regardless of the
|
||
reason why it is not in the zone. Clients issuing queries or
|
||
interpreting responses cannot be assumed to have any knowledge of
|
||
zone-specific restrictions or conventions.
|
||
|
||
In IDNA, equivalence of labels is defined in terms of the ToASCII
|
||
operation, which constructs an ASCII form for a given label, whether
|
||
or not the label was already an ASCII label. Labels are defined to
|
||
be equivalent if and only if their ASCII forms produced by ToASCII
|
||
match using a case-insensitive ASCII comparison. ASCII labels
|
||
already have a notion of equivalence: upper case and lower case are
|
||
considered equivalent. The IDNA notion of equivalence is an
|
||
extension of that older notion. Equivalent labels in IDNA are
|
||
treated as alternate forms of the same label, just as "foo" and "Foo"
|
||
are treated as alternate forms of the same label.
|
||
|
||
To allow internationalized labels to be handled by existing
|
||
applications, IDNA uses an "ACE label" (ACE stands for ASCII
|
||
Compatible Encoding). An ACE label is an internationalized label
|
||
that can be rendered in ASCII and is equivalent to an
|
||
internationalized label that cannot be rendered in ASCII. Given any
|
||
internationalized label that cannot be rendered in ASCII, the ToASCII
|
||
operation will convert it to an equivalent ACE label (whereas an
|
||
ASCII label will be left unaltered by ToASCII). ACE labels are
|
||
unsuitable for display to users. The ToUnicode operation will
|
||
convert any label to an equivalent non-ACE label. In fact, an ACE
|
||
label is formally defined to be any label that the ToUnicode
|
||
operation would alter (whereas non-ACE labels are left unaltered by
|
||
|
||
|
||
|
||
Faltstrom, et al. Standards Track [Page 6]
|
||
|
||
RFC 3490 IDNA March 2003
|
||
|
||
|
||
ToUnicode). Every ACE label begins with the ACE prefix specified in
|
||
section 5. The ToASCII and ToUnicode operations are specified in
|
||
section 4.
|
||
|
||
The "ACE prefix" is defined in this document to be a string of ASCII
|
||
characters that appears at the beginning of every ACE label. It is
|
||
specified in section 5.
|
||
|
||
A "domain name slot" is defined in this document to be a protocol
|
||
element or a function argument or a return value (and so on)
|
||
explicitly designated for carrying a domain name. Examples of domain
|
||
name slots include: the QNAME field of a DNS query; the name argument
|
||
of the gethostbyname() library function; the part of an email address
|
||
following the at-sign (@) in the From: field of an email message
|
||
header; and the host portion of the URI in the src attribute of an
|
||
HTML <IMG> tag. General text that just happens to contain a domain
|
||
name is not a domain name slot; for example, a domain name appearing
|
||
in the plain text body of an email message is not occupying a domain
|
||
name slot.
|
||
|
||
An "IDN-aware domain name slot" is defined in this document to be a
|
||
domain name slot explicitly designated for carrying an
|
||
internationalized domain name as defined in this document. The
|
||
designation may be static (for example, in the specification of the
|
||
protocol or interface) or dynamic (for example, as a result of
|
||
negotiation in an interactive session).
|
||
|
||
An "IDN-unaware domain name slot" is defined in this document to be
|
||
any domain name slot that is not an IDN-aware domain name slot.
|
||
Obviously, this includes any domain name slot whose specification
|
||
predates IDNA.
|
||
|
||
3. Requirements and applicability
|
||
|
||
3.1 Requirements
|
||
|
||
IDNA conformance means adherence to the following four requirements:
|
||
|
||
1) Whenever dots are used as label separators, the following
|
||
characters MUST be recognized as dots: U+002E (full stop), U+3002
|
||
(ideographic full stop), U+FF0E (fullwidth full stop), U+FF61
|
||
(halfwidth ideographic full stop).
|
||
|
||
2) Whenever a domain name is put into an IDN-unaware domain name slot
|
||
(see section 2), it MUST contain only ASCII characters. Given an
|
||
internationalized domain name (IDN), an equivalent domain name
|
||
satisfying this requirement can be obtained by applying the
|
||
|
||
|
||
|
||
|
||
Faltstrom, et al. Standards Track [Page 7]
|
||
|
||
RFC 3490 IDNA March 2003
|
||
|
||
|
||
ToASCII operation (see section 4) to each label and, if dots are
|
||
used as label separators, changing all the label separators to
|
||
U+002E.
|
||
|
||
3) ACE labels obtained from domain name slots SHOULD be hidden from
|
||
users when it is known that the environment can handle the non-ACE
|
||
form, except when the ACE form is explicitly requested. When it
|
||
is not known whether or not the environment can handle the non-ACE
|
||
form, the application MAY use the non-ACE form (which might fail,
|
||
such as by not being displayed properly), or it MAY use the ACE
|
||
form (which will look unintelligle to the user). Given an
|
||
internationalized domain name, an equivalent domain name
|
||
containing no ACE labels can be obtained by applying the ToUnicode
|
||
operation (see section 4) to each label. When requirements 2 and
|
||
3 both apply, requirement 2 takes precedence.
|
||
|
||
4) Whenever two labels are compared, they MUST be considered to match
|
||
if and only if they are equivalent, that is, their ASCII forms
|
||
(obtained by applying ToASCII) match using a case-insensitive
|
||
ASCII comparison. Whenever two names are compared, they MUST be
|
||
considered to match if and only if their corresponding labels
|
||
match, regardless of whether the names use the same forms of label
|
||
separators.
|
||
|
||
3.2 Applicability
|
||
|
||
IDNA is applicable to all domain names in all domain name slots
|
||
except where it is explicitly excluded.
|
||
|
||
This implies that IDNA is applicable to many protocols that predate
|
||
IDNA. Note that IDNs occupying domain name slots in those protocols
|
||
MUST be in ASCII form (see section 3.1, requirement 2).
|
||
|
||
3.2.1. DNS resource records
|
||
|
||
IDNA does not apply to domain names in the NAME and RDATA fields of
|
||
DNS resource records whose CLASS is not IN. This exclusion applies
|
||
to every non-IN class, present and future, except where future
|
||
standards override this exclusion by explicitly inviting the use of
|
||
IDNA.
|
||
|
||
There are currently no other exclusions on the applicability of IDNA
|
||
to DNS resource records; it depends entirely on the CLASS, and not on
|
||
the TYPE. This will remain true, even as new types are defined,
|
||
unless there is a compelling reason for a new type to complicate
|
||
matters by imposing type-specific rules.
|
||
|
||
|
||
|
||
|
||
|
||
Faltstrom, et al. Standards Track [Page 8]
|
||
|
||
RFC 3490 IDNA March 2003
|
||
|
||
|
||
3.2.2. Non-domain-name data types stored in domain names
|
||
|
||
Although IDNA enables the representation of non-ASCII characters in
|
||
domain names, that does not imply that IDNA enables the
|
||
representation of non-ASCII characters in other data types that are
|
||
stored in domain names. For example, an email address local part is
|
||
sometimes stored in a domain label (hostmaster@example.com would be
|
||
represented as hostmaster.example.com in the RDATA field of an SOA
|
||
record). IDNA does not update the existing email standards, which
|
||
allow only ASCII characters in local parts. Therefore, unless the
|
||
email standards are revised to invite the use of IDNA for local
|
||
parts, a domain label that holds the local part of an email address
|
||
SHOULD NOT begin with the ACE prefix, and even if it does, it is to
|
||
be interpreted literally as a local part that happens to begin with
|
||
the ACE prefix.
|
||
|
||
4. Conversion operations
|
||
|
||
An application converts a domain name put into an IDN-unaware slot or
|
||
displayed to a user. This section specifies the steps to perform in
|
||
the conversion, and the ToASCII and ToUnicode operations.
|
||
|
||
The input to ToASCII or ToUnicode is a single label that is a
|
||
sequence of Unicode code points (remember that all ASCII code points
|
||
are also Unicode code points). If a domain name is represented using
|
||
a character set other than Unicode or US-ASCII, it will first need to
|
||
be transcoded to Unicode.
|
||
|
||
Starting from a whole domain name, the steps that an application
|
||
takes to do the conversions are:
|
||
|
||
1) Decide whether the domain name is a "stored string" or a "query
|
||
string" as described in [STRINGPREP]. If this conversion follows
|
||
the "queries" rule from [STRINGPREP], set the flag called
|
||
"AllowUnassigned".
|
||
|
||
2) Split the domain name into individual labels as described in
|
||
section 3.1. The labels do not include the separator.
|
||
|
||
3) For each label, decide whether or not to enforce the restrictions
|
||
on ASCII characters in host names [STD3]. (Applications already
|
||
faced this choice before the introduction of IDNA, and can
|
||
continue to make the decision the same way they always have; IDNA
|
||
makes no new recommendations regarding this choice.) If the
|
||
restrictions are to be enforced, set the flag called
|
||
"UseSTD3ASCIIRules" for that label.
|
||
|
||
|
||
|
||
|
||
|
||
Faltstrom, et al. Standards Track [Page 9]
|
||
|
||
RFC 3490 IDNA March 2003
|
||
|
||
|
||
4) Process each label with either the ToASCII or the ToUnicode
|
||
operation as appropriate. Typically, you use the ToASCII
|
||
operation if you are about to put the name into an IDN-unaware
|
||
slot, and you use the ToUnicode operation if you are displaying
|
||
the name to a user; section 3.1 gives greater detail on the
|
||
applicable requirements.
|
||
|
||
5) If ToASCII was applied in step 4 and dots are used as label
|
||
separators, change all the label separators to U+002E (full stop).
|
||
|
||
The following two subsections define the ToASCII and ToUnicode
|
||
operations that are used in step 4.
|
||
|
||
This description of the protocol uses specific procedure names, names
|
||
of flags, and so on, in order to facilitate the specification of the
|
||
protocol. These names, as well as the actual steps of the
|
||
procedures, are not required of an implementation. In fact, any
|
||
implementation which has the same external behavior as specified in
|
||
this document conforms to this specification.
|
||
|
||
4.1 ToASCII
|
||
|
||
The ToASCII operation takes a sequence of Unicode code points that
|
||
make up one label and transforms it into a sequence of code points in
|
||
the ASCII range (0..7F). If ToASCII succeeds, the original sequence
|
||
and the resulting sequence are equivalent labels.
|
||
|
||
It is important to note that the ToASCII operation can fail. ToASCII
|
||
fails if any step of it fails. If any step of the ToASCII operation
|
||
fails on any label in a domain name, that domain name MUST NOT be
|
||
used as an internationalized domain name. The method for dealing
|
||
with this failure is application-specific.
|
||
|
||
The inputs to ToASCII are a sequence of code points, the
|
||
AllowUnassigned flag, and the UseSTD3ASCIIRules flag. The output of
|
||
ToASCII is either a sequence of ASCII code points or a failure
|
||
condition.
|
||
|
||
ToASCII never alters a sequence of code points that are all in the
|
||
ASCII range to begin with (although it could fail). Applying the
|
||
ToASCII operation multiple times has exactly the same effect as
|
||
applying it just once.
|
||
|
||
ToASCII consists of the following steps:
|
||
|
||
1. If the sequence contains any code points outside the ASCII range
|
||
(0..7F) then proceed to step 2, otherwise skip to step 3.
|
||
|
||
|
||
|
||
|
||
Faltstrom, et al. Standards Track [Page 10]
|
||
|
||
RFC 3490 IDNA March 2003
|
||
|
||
|
||
2. Perform the steps specified in [NAMEPREP] and fail if there is an
|
||
error. The AllowUnassigned flag is used in [NAMEPREP].
|
||
|
||
3. If the UseSTD3ASCIIRules flag is set, then perform these checks:
|
||
|
||
(a) Verify the absence of non-LDH ASCII code points; that is, the
|
||
absence of 0..2C, 2E..2F, 3A..40, 5B..60, and 7B..7F.
|
||
|
||
(b) Verify the absence of leading and trailing hyphen-minus; that
|
||
is, the absence of U+002D at the beginning and end of the
|
||
sequence.
|
||
|
||
4. If the sequence contains any code points outside the ASCII range
|
||
(0..7F) then proceed to step 5, otherwise skip to step 8.
|
||
|
||
5. Verify that the sequence does NOT begin with the ACE prefix.
|
||
|
||
6. Encode the sequence using the encoding algorithm in [PUNYCODE] and
|
||
fail if there is an error.
|
||
|
||
7. Prepend the ACE prefix.
|
||
|
||
8. Verify that the number of code points is in the range 1 to 63
|
||
inclusive.
|
||
|
||
4.2 ToUnicode
|
||
|
||
The ToUnicode operation takes a sequence of Unicode code points that
|
||
make up one label and returns a sequence of Unicode code points. If
|
||
the input sequence is a label in ACE form, then the result is an
|
||
equivalent internationalized label that is not in ACE form, otherwise
|
||
the original sequence is returned unaltered.
|
||
|
||
ToUnicode never fails. If any step fails, then the original input
|
||
sequence is returned immediately in that step.
|
||
|
||
The ToUnicode output never contains more code points than its input.
|
||
Note that the number of octets needed to represent a sequence of code
|
||
points depends on the particular character encoding used.
|
||
|
||
The inputs to ToUnicode are a sequence of code points, the
|
||
AllowUnassigned flag, and the UseSTD3ASCIIRules flag. The output of
|
||
ToUnicode is always a sequence of Unicode code points.
|
||
|
||
1. If all code points in the sequence are in the ASCII range (0..7F)
|
||
then skip to step 3.
|
||
|
||
|
||
|
||
|
||
|
||
Faltstrom, et al. Standards Track [Page 11]
|
||
|
||
RFC 3490 IDNA March 2003
|
||
|
||
|
||
2. Perform the steps specified in [NAMEPREP] and fail if there is an
|
||
error. (If step 3 of ToASCII is also performed here, it will not
|
||
affect the overall behavior of ToUnicode, but it is not
|
||
necessary.) The AllowUnassigned flag is used in [NAMEPREP].
|
||
|
||
3. Verify that the sequence begins with the ACE prefix, and save a
|
||
copy of the sequence.
|
||
|
||
4. Remove the ACE prefix.
|
||
|
||
5. Decode the sequence using the decoding algorithm in [PUNYCODE] and
|
||
fail if there is an error. Save a copy of the result of this
|
||
step.
|
||
|
||
6. Apply ToASCII.
|
||
|
||
7. Verify that the result of step 6 matches the saved copy from step
|
||
3, using a case-insensitive ASCII comparison.
|
||
|
||
8. Return the saved copy from step 5.
|
||
|
||
5. ACE prefix
|
||
|
||
The ACE prefix, used in the conversion operations (section 4), is two
|
||
alphanumeric ASCII characters followed by two hyphen-minuses. It
|
||
cannot be any of the prefixes already used in earlier documents,
|
||
which includes the following: "bl--", "bq--", "dq--", "lq--", "mq--",
|
||
"ra--", "wq--" and "zq--". The ToASCII and ToUnicode operations MUST
|
||
recognize the ACE prefix in a case-insensitive manner.
|
||
|
||
The ACE prefix for IDNA is "xn--" or any capitalization thereof.
|
||
|
||
This means that an ACE label might be "xn--de-jg4avhby1noc0d", where
|
||
"de-jg4avhby1noc0d" is the part of the ACE label that is generated by
|
||
the encoding steps in [PUNYCODE].
|
||
|
||
While all ACE labels begin with the ACE prefix, not all labels
|
||
beginning with the ACE prefix are necessarily ACE labels. Non-ACE
|
||
labels that begin with the ACE prefix will confuse users and SHOULD
|
||
NOT be allowed in DNS zones.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Faltstrom, et al. Standards Track [Page 12]
|
||
|
||
RFC 3490 IDNA March 2003
|
||
|
||
|
||
6. Implications for typical applications using DNS
|
||
|
||
In IDNA, applications perform the processing needed to input
|
||
internationalized domain names from users, display internationalized
|
||
domain names to users, and process the inputs and outputs from DNS
|
||
and other protocols that carry domain names.
|
||
|
||
The components and interfaces between them can be represented
|
||
pictorially as:
|
||
|
||
+------+
|
||
| User |
|
||
+------+
|
||
^
|
||
| Input and display: local interface methods
|
||
| (pen, keyboard, glowing phosphorus, ...)
|
||
+-------------------|-------------------------------+
|
||
| v |
|
||
| +-----------------------------+ |
|
||
| | Application | |
|
||
| | (ToASCII and ToUnicode | |
|
||
| | operations may be | |
|
||
| | called here) | |
|
||
| +-----------------------------+ |
|
||
| ^ ^ | End system
|
||
| | | |
|
||
| Call to resolver: | | Application-specific |
|
||
| ACE | | protocol: |
|
||
| v | ACE unless the |
|
||
| +----------+ | protocol is updated |
|
||
| | Resolver | | to handle other |
|
||
| +----------+ | encodings |
|
||
| ^ | |
|
||
+-----------------|----------|----------------------+
|
||
DNS protocol: | |
|
||
ACE | |
|
||
v v
|
||
+-------------+ +---------------------+
|
||
| DNS servers | | Application servers |
|
||
+-------------+ +---------------------+
|
||
|
||
The box labeled "Application" is where the application splits a
|
||
domain name into labels, sets the appropriate flags, and performs the
|
||
ToASCII and ToUnicode operations. This is described in section 4.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Faltstrom, et al. Standards Track [Page 13]
|
||
|
||
RFC 3490 IDNA March 2003
|
||
|
||
|
||
6.1 Entry and display in applications
|
||
|
||
Applications can accept domain names using any character set or sets
|
||
desired by the application developer, and can display domain names in
|
||
any charset. That is, the IDNA protocol does not affect the
|
||
interface between users and applications.
|
||
|
||
An IDNA-aware application can accept and display internationalized
|
||
domain names in two formats: the internationalized character set(s)
|
||
supported by the application, and as an ACE label. ACE labels that
|
||
are displayed or input MUST always include the ACE prefix.
|
||
Applications MAY allow input and display of ACE labels, but are not
|
||
encouraged to do so except as an interface for special purposes,
|
||
possibly for debugging, or to cope with display limitations as
|
||
described in section 6.4.. ACE encoding is opaque and ugly, and
|
||
should thus only be exposed to users who absolutely need it. Because
|
||
name labels encoded as ACE name labels can be rendered either as the
|
||
encoded ASCII characters or the proper decoded characters, the
|
||
application MAY have an option for the user to select the preferred
|
||
method of display; if it does, rendering the ACE SHOULD NOT be the
|
||
default.
|
||
|
||
Domain names are often stored and transported in many places. For
|
||
example, they are part of documents such as mail messages and web
|
||
pages. They are transported in many parts of many protocols, such as
|
||
both the control commands and the RFC 2822 body parts of SMTP, and
|
||
the headers and the body content in HTTP. It is important to
|
||
remember that domain names appear both in domain name slots and in
|
||
the content that is passed over protocols.
|
||
|
||
In protocols and document formats that define how to handle
|
||
specification or negotiation of charsets, labels can be encoded in
|
||
any charset allowed by the protocol or document format. If a
|
||
protocol or document format only allows one charset, the labels MUST
|
||
be given in that charset.
|
||
|
||
In any place where a protocol or document format allows transmission
|
||
of the characters in internationalized labels, internationalized
|
||
labels SHOULD be transmitted using whatever character encoding and
|
||
escape mechanism that the protocol or document format uses at that
|
||
place.
|
||
|
||
All protocols that use domain name slots already have the capacity
|
||
for handling domain names in the ASCII charset. Thus, ACE labels
|
||
(internationalized labels that have been processed with the ToASCII
|
||
operation) can inherently be handled by those protocols.
|
||
|
||
|
||
|
||
|
||
|
||
Faltstrom, et al. Standards Track [Page 14]
|
||
|
||
RFC 3490 IDNA March 2003
|
||
|
||
|
||
6.2 Applications and resolver libraries
|
||
|
||
Applications normally use functions in the operating system when they
|
||
resolve DNS queries. Those functions in the operating system are
|
||
often called "the resolver library", and the applications communicate
|
||
with the resolver libraries through a programming interface (API).
|
||
|
||
Because these resolver libraries today expect only domain names in
|
||
ASCII, applications MUST prepare labels that are passed to the
|
||
resolver library using the ToASCII operation. Labels received from
|
||
the resolver library contain only ASCII characters; internationalized
|
||
labels that cannot be represented directly in ASCII use the ACE form.
|
||
ACE labels always include the ACE prefix.
|
||
|
||
An operating system might have a set of libraries for performing the
|
||
ToASCII operation. The input to such a library might be in one or
|
||
more charsets that are used in applications (UTF-8 and UTF-16 are
|
||
likely candidates for almost any operating system, and script-
|
||
specific charsets are likely for localized operating systems).
|
||
|
||
IDNA-aware applications MUST be able to work with both non-
|
||
internationalized labels (those that conform to [STD13] and [STD3])
|
||
and internationalized labels.
|
||
|
||
It is expected that new versions of the resolver libraries in the
|
||
future will be able to accept domain names in other charsets than
|
||
ASCII, and application developers might one day pass not only domain
|
||
names in Unicode, but also in local script to a new API for the
|
||
resolver libraries in the operating system. Thus the ToASCII and
|
||
ToUnicode operations might be performed inside these new versions of
|
||
the resolver libraries.
|
||
|
||
Domain names passed to resolvers or put into the question section of
|
||
DNS requests follow the rules for "queries" from [STRINGPREP].
|
||
|
||
6.3 DNS servers
|
||
|
||
Domain names stored in zones follow the rules for "stored strings"
|
||
from [STRINGPREP].
|
||
|
||
For internationalized labels that cannot be represented directly in
|
||
ASCII, DNS servers MUST use the ACE form produced by the ToASCII
|
||
operation. All IDNs served by DNS servers MUST contain only ASCII
|
||
characters.
|
||
|
||
If a signaling system which makes negotiation possible between old
|
||
and new DNS clients and servers is standardized in the future, the
|
||
encoding of the query in the DNS protocol itself can be changed from
|
||
|
||
|
||
|
||
Faltstrom, et al. Standards Track [Page 15]
|
||
|
||
RFC 3490 IDNA March 2003
|
||
|
||
|
||
ACE to something else, such as UTF-8. The question whether or not
|
||
this should be used is, however, a separate problem and is not
|
||
discussed in this memo.
|
||
|
||
6.4 Avoiding exposing users to the raw ACE encoding
|
||
|
||
Any application that might show the user a domain name obtained from
|
||
a domain name slot, such as from gethostbyaddr or part of a mail
|
||
header, will need to be updated if it is to prevent users from seeing
|
||
the ACE.
|
||
|
||
If an application decodes an ACE name using ToUnicode but cannot show
|
||
all of the characters in the decoded name, such as if the name
|
||
contains characters that the output system cannot display, the
|
||
application SHOULD show the name in ACE format (which always includes
|
||
the ACE prefix) instead of displaying the name with the replacement
|
||
character (U+FFFD). This is to make it easier for the user to
|
||
transfer the name correctly to other programs. Programs that by
|
||
default show the ACE form when they cannot show all the characters in
|
||
a name label SHOULD also have a mechanism to show the name that is
|
||
produced by the ToUnicode operation with as many characters as
|
||
possible and replacement characters in the positions where characters
|
||
cannot be displayed.
|
||
|
||
The ToUnicode operation does not alter labels that are not valid ACE
|
||
labels, even if they begin with the ACE prefix. After ToUnicode has
|
||
been applied, if a label still begins with the ACE prefix, then it is
|
||
not a valid ACE label, and is not equivalent to any of the
|
||
intermediate Unicode strings constructed by ToUnicode.
|
||
|
||
6.5 DNSSEC authentication of IDN domain names
|
||
|
||
DNS Security [RFC2535] is a method for supplying cryptographic
|
||
verification information along with DNS messages. Public Key
|
||
Cryptography is used in conjunction with digital signatures to
|
||
provide a means for a requester of domain information to authenticate
|
||
the source of the data. This ensures that it can be traced back to a
|
||
trusted source, either directly, or via a chain of trust linking the
|
||
source of the information to the top of the DNS hierarchy.
|
||
|
||
IDNA specifies that all internationalized domain names served by DNS
|
||
servers that cannot be represented directly in ASCII must use the ACE
|
||
form produced by the ToASCII operation. This operation must be
|
||
performed prior to a zone being signed by the private key for that
|
||
zone. Because of this ordering, it is important to recognize that
|
||
DNSSEC authenticates the ASCII domain name, not the Unicode form or
|
||
|
||
|
||
|
||
|
||
|
||
Faltstrom, et al. Standards Track [Page 16]
|
||
|
||
RFC 3490 IDNA March 2003
|
||
|
||
|
||
the mapping between the Unicode form and the ASCII form. In the
|
||
presence of DNSSEC, this is the name that MUST be signed in the zone
|
||
and MUST be validated against.
|
||
|
||
One consequence of this for sites deploying IDNA in the presence of
|
||
DNSSEC is that any special purpose proxies or forwarders used to
|
||
transform user input into IDNs must be earlier in the resolution flow
|
||
than DNSSEC authenticating nameservers for DNSSEC to work.
|
||
|
||
7. Name server considerations
|
||
|
||
Existing DNS servers do not know the IDNA rules for handling non-
|
||
ASCII forms of IDNs, and therefore need to be shielded from them.
|
||
All existing channels through which names can enter a DNS server
|
||
database (for example, master files [STD13] and DNS update messages
|
||
[RFC2136]) are IDN-unaware because they predate IDNA, and therefore
|
||
requirement 2 of section 3.1 of this document provides the needed
|
||
shielding, by ensuring that internationalized domain names entering
|
||
DNS server databases through such channels have already been
|
||
converted to their equivalent ASCII forms.
|
||
|
||
It is imperative that there be only one ASCII encoding for a
|
||
particular domain name. Because of the design of the ToASCII and
|
||
ToUnicode operations, there are no ACE labels that decode to ASCII
|
||
labels, and therefore name servers cannot contain multiple ASCII
|
||
encodings of the same domain name.
|
||
|
||
[RFC2181] explicitly allows domain labels to contain octets beyond
|
||
the ASCII range (0..7F), and this document does not change that.
|
||
Note, however, that there is no defined interpretation of octets
|
||
80..FF as characters. If labels containing these octets are returned
|
||
to applications, unpredictable behavior could result. The ASCII form
|
||
defined by ToASCII is the only standard representation for
|
||
internationalized labels in the current DNS protocol.
|
||
|
||
8. Root server considerations
|
||
|
||
IDNs are likely to be somewhat longer than current domain names, so
|
||
the bandwidth needed by the root servers is likely to go up by a
|
||
small amount. Also, queries and responses for IDNs will probably be
|
||
somewhat longer than typical queries today, so more queries and
|
||
responses may be forced to go to TCP instead of UDP.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Faltstrom, et al. Standards Track [Page 17]
|
||
|
||
RFC 3490 IDNA March 2003
|
||
|
||
|
||
9. References
|
||
|
||
9.1 Normative References
|
||
|
||
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
|
||
Requirement Levels", BCP 14, RFC 2119, March 1997.
|
||
|
||
[STRINGPREP] Hoffman, P. and M. Blanchet, "Preparation of
|
||
Internationalized Strings ("stringprep")", RFC 3454,
|
||
December 2002.
|
||
|
||
[NAMEPREP] Hoffman, P. and M. Blanchet, "Nameprep: A Stringprep
|
||
Profile for Internationalized Domain Names (IDN)", RFC
|
||
3491, March 2003.
|
||
|
||
[PUNYCODE] Costello, A., "Punycode: A Bootstring encoding of
|
||
Unicode for use with Internationalized Domain Names in
|
||
Applications (IDNA)", RFC 3492, March 2003.
|
||
|
||
[STD3] Braden, R., "Requirements for Internet Hosts --
|
||
Communication Layers", STD 3, RFC 1122, and
|
||
"Requirements for Internet Hosts -- Application and
|
||
Support", STD 3, RFC 1123, October 1989.
|
||
|
||
[STD13] Mockapetris, P., "Domain names - concepts and
|
||
facilities", STD 13, RFC 1034 and "Domain names -
|
||
implementation and specification", STD 13, RFC 1035,
|
||
November 1987.
|
||
|
||
9.2 Informative References
|
||
|
||
[RFC2535] Eastlake, D., "Domain Name System Security Extensions",
|
||
RFC 2535, March 1999.
|
||
|
||
[RFC2181] Elz, R. and R. Bush, "Clarifications to the DNS
|
||
Specification", RFC 2181, July 1997.
|
||
|
||
[UAX9] Unicode Standard Annex #9, The Bidirectional Algorithm,
|
||
<http://www.unicode.org/unicode/reports/tr9/>.
|
||
|
||
[UNICODE] The Unicode Consortium. The Unicode Standard, Version
|
||
3.2.0 is defined by The Unicode Standard, Version 3.0
|
||
(Reading, MA, Addison-Wesley, 2000. ISBN 0-201-61633-5),
|
||
as amended by the Unicode Standard Annex #27: Unicode
|
||
3.1 (http://www.unicode.org/reports/tr27/) and by the
|
||
Unicode Standard Annex #28: Unicode 3.2
|
||
(http://www.unicode.org/reports/tr28/).
|
||
|
||
|
||
|
||
|
||
Faltstrom, et al. Standards Track [Page 18]
|
||
|
||
RFC 3490 IDNA March 2003
|
||
|
||
|
||
[USASCII] Cerf, V., "ASCII format for Network Interchange", RFC
|
||
20, October 1969.
|
||
|
||
10. Security Considerations
|
||
|
||
Security on the Internet partly relies on the DNS. Thus, any change
|
||
to the characteristics of the DNS can change the security of much of
|
||
the Internet.
|
||
|
||
This memo describes an algorithm which encodes characters that are
|
||
not valid according to STD3 and STD13 into octet values that are
|
||
valid. No security issues such as string length increases or new
|
||
allowed values are introduced by the encoding process or the use of
|
||
these encoded values, apart from those introduced by the ACE encoding
|
||
itself.
|
||
|
||
Domain names are used by users to identify and connect to Internet
|
||
servers. The security of the Internet is compromised if a user
|
||
entering a single internationalized name is connected to different
|
||
servers based on different interpretations of the internationalized
|
||
domain name.
|
||
|
||
When systems use local character sets other than ASCII and Unicode,
|
||
this specification leaves the the problem of transcoding between the
|
||
local character set and Unicode up to the application. If different
|
||
applications (or different versions of one application) implement
|
||
different transcoding rules, they could interpret the same name
|
||
differently and contact different servers. This problem is not
|
||
solved by security protocols like TLS that do not take local
|
||
character sets into account.
|
||
|
||
Because this document normatively refers to [NAMEPREP], [PUNYCODE],
|
||
and [STRINGPREP], it includes the security considerations from those
|
||
documents as well.
|
||
|
||
If or when this specification is updated to use a more recent Unicode
|
||
normalization table, the new normalization table will need to be
|
||
compared with the old to spot backwards incompatible changes. If
|
||
there are such changes, they will need to be handled somehow, or
|
||
there will be security as well as operational implications. Methods
|
||
to handle the conflicts could include keeping the old normalization,
|
||
or taking care of the conflicting characters by operational means, or
|
||
some other method.
|
||
|
||
Implementations MUST NOT use more recent normalization tables than
|
||
the one referenced from this document, even though more recent tables
|
||
may be provided by operating systems. If an application is unsure of
|
||
which version of the normalization tables are in the operating
|
||
|
||
|
||
|
||
Faltstrom, et al. Standards Track [Page 19]
|
||
|
||
RFC 3490 IDNA March 2003
|
||
|
||
|
||
system, the application needs to include the normalization tables
|
||
itself. Using normalization tables other than the one referenced
|
||
from this specification could have security and operational
|
||
implications.
|
||
|
||
To help prevent confusion between characters that are visually
|
||
similar, it is suggested that implementations provide visual
|
||
indications where a domain name contains multiple scripts. Such
|
||
mechanisms can also be used to show when a name contains a mixture of
|
||
simplified and traditional Chinese characters, or to distinguish zero
|
||
and one from O and l. DNS zone adminstrators may impose restrictions
|
||
(subject to the limitations in section 2) that try to minimize
|
||
homographs.
|
||
|
||
Domain names (or portions of them) are sometimes compared against a
|
||
set of privileged or anti-privileged domains. In such situations it
|
||
is especially important that the comparisons be done properly, as
|
||
specified in section 3.1 requirement 4. For labels already in ASCII
|
||
form, the proper comparison reduces to the same case-insensitive
|
||
ASCII comparison that has always been used for ASCII labels.
|
||
|
||
The introduction of IDNA means that any existing labels that start
|
||
with the ACE prefix and would be altered by ToUnicode will
|
||
automatically be ACE labels, and will be considered equivalent to
|
||
non-ASCII labels, whether or not that was the intent of the zone
|
||
adminstrator or registrant.
|
||
|
||
11. IANA Considerations
|
||
|
||
IANA has assigned the ACE prefix in consultation with the IESG.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Faltstrom, et al. Standards Track [Page 20]
|
||
|
||
RFC 3490 IDNA March 2003
|
||
|
||
|
||
12. Authors' Addresses
|
||
|
||
Patrik Faltstrom
|
||
Cisco Systems
|
||
Arstaangsvagen 31 J
|
||
S-117 43 Stockholm Sweden
|
||
|
||
EMail: paf@cisco.com
|
||
|
||
|
||
Paul Hoffman
|
||
Internet Mail Consortium and VPN Consortium
|
||
127 Segre Place
|
||
Santa Cruz, CA 95060 USA
|
||
|
||
EMail: phoffman@imc.org
|
||
|
||
|
||
Adam M. Costello
|
||
University of California, Berkeley
|
||
|
||
URL: http://www.nicemice.net/amc/
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Faltstrom, et al. Standards Track [Page 21]
|
||
|
||
RFC 3490 IDNA March 2003
|
||
|
||
|
||
13. Full Copyright Statement
|
||
|
||
Copyright (C) The Internet Society (2003). All Rights Reserved.
|
||
|
||
This document and translations of it may be copied and furnished to
|
||
others, and derivative works that comment on or otherwise explain it
|
||
or assist in its implementation may be prepared, copied, published
|
||
and distributed, in whole or in part, without restriction of any
|
||
kind, provided that the above copyright notice and this paragraph are
|
||
included on all such copies and derivative works. However, this
|
||
document itself may not be modified in any way, such as by removing
|
||
the copyright notice or references to the Internet Society or other
|
||
Internet organizations, except as needed for the purpose of
|
||
developing Internet standards in which case the procedures for
|
||
copyrights defined in the Internet Standards process must be
|
||
followed, or as required to translate it into languages other than
|
||
English.
|
||
|
||
The limited permissions granted above are perpetual and will not be
|
||
revoked by the Internet Society or its successors or assigns.
|
||
|
||
This document and the information contained herein is provided on an
|
||
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||
|
||
Acknowledgement
|
||
|
||
Funding for the RFC Editor function is currently provided by the
|
||
Internet Society.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Faltstrom, et al. Standards Track [Page 22]
|
||
|