Network Working Group M. Blanchet
Internet-Draft Viagenie
Obsoletes: 3454 (if approved) P. Saint-Andre
Intended status: Standards Track Cisco
Expires: February 23, 2012 August 22, 2011

PRECIS Framework: Handling Internationalized Strings in Protocols
draft-ietf-precis-framework-00

Abstract

Application protocols that make use of Unicode code points in protocol strings need to prepare such strings in order to perform comparison operations (e.g., for purposes of authentication or authorization). In general, this problem has been labeled the "preparation and comparison of internationalized strings" or "PRECIS". This document defines a framework that enables application protocols to prepare various classes of strings in a way that depends on the properties of Unicode code points. Because this framework does not depend on large tables of Unicode code points as in stringprep (RFC 3454), it is more agile with regard to changes in the underlying Unicode database and thus provides improved flexibility to application protocols. A specification that uses this framework either can directly use the base string classes defined in this document or can subclass the base string classes as needed. This framework uses an approach similar to that of the revised internationalized domain names in applications (IDNA) technology (RFC 5890, RFC 5891, RFC 5892, RFC 5893, RFC 5894) and thus adheres to the high-level design goals described in RFC 4690, albeit for application technologies other than the Domain Name System (DNS). This document obsoletes RFC 3454.

Status of this Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on February 23, 2012.

Copyright Notice

Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.


Table of Contents

1. Introduction

A number of IETF application technologies use stringprep [RFC3454] as the basis for comparing protocol strings that contain Unicode characters or "code points" [UNICODE]. Since the publication of [RFC3454] in 2002, the Internet community has gained much more experience with internationalization, some of it reflected in [RFC4690]. In particular, the IETF's technology for internationalized domain names (IDNs) has changed significantly: IDNA2003 [RFC3490], which was based on stringprep, has been superseded by IDNA2008 ([RFC5890], [RFC5891], [RFC5892], [RFC5893], [RFC5894]), which does not use stringprep. This migration away from stringprep for internationalized domain names has prompted other "customers" of stringprep to consider new approaches to the preparation and comparison of internationalized strings ("PRECIS"), as described in [PROBLEM].

This document proposes a technical framework for a post-stringprep approach to the preparation and comparison of internationalized strings in application protocols. The framework is based on several principles:

  1. Define a small set of base string classes appropriate for common application protocol constructs such as usernames, passwords, and free-form identifiers.

  2. Define each base string class in terms of Unicode code points and their properties, specifying whether each code point or character category is valid, disallowed, or unassigned.

  3. Enable application protocols to subclass the base string classes, mainly to disallow particular code points that are currently disallowed in the relevant application protocol (e.g., characters with special or reserved meaning, such as "@" and "/" when used as separators within identifiers).

  4. Leave various mapping operations (e.g., case preservation or lowercasing, Unicode normalization, right-to-left characters) as the responsibility of application protocols, as was done for IDNA2008 via [RFC5895].

It is expected that this framework will yield the following benefits:

Although this framework is similar to IDNA2008 and borrows some of the character categories defined in [RFC5892], it defines additional string classes and character categories to meet the needs of common application protocols.

2. Terminology

Many important terms used in this document are defined in [PROBLEM], [I18N-TERMS], [RFC5890], and [UNICODE].

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].

3. String Classes

IDNA2008 essentially defines a base string class of internationalized domain name, although it does not use the term "string class". (This document does not define a string class for domain names, and application protocols are strongly encouraged to use IDNA2008 as the appropriate method to prepare domain names and hostnames.)

We propose the following additional base string classes for use in application protocols:

NameClass:
a sequence of letters, numbers, and symbols that is used to identify or address a network entity such as a user, an account, a venue (e.g., a chatroom), an information source (e.g., a data feed), or a collection of data (e.g., a file).

SecretClass:
a sequence of letters, numbers, and symbols that is used as a secret for access to some resource on a network (e.g., a password or passphrase).

FreeClass:
a sequence of letters, numbers, symbols, spaces, and other code points that is used for more expressive purposes in an application protocol (e.g., a free-form identifier such as a human-friendly nickname in a chatroom).

Note: [PROBLEM] mentions a class of "string blobs" containing "elements of the protocol that look like strings to users, but that are passed around in the protocol unchanged and that cannot be used for comparison or other purposes." It is an open question whether application protocols need to apply preparation and comparison rules to such strings.

The following subsections discuss these string classes in more detail, with reference to the dimensions described in Section 3 of [PROBLEM].

Each string class is defined by the following behavioral rules:

Valid:
defines which code points and character categories are treated as valid input to preparation of the string.

Disallowed:
defines which code points and character categories are treated as disallowed during preparation of the string.

Unassigned:
defines application behavior in the presence of code points that are unassigned, i.e. unknown for the version of Unicode the application is built upon.

Directionality:
defines application behavior in the presence of code points that have directionality, in particular right-to-left code points as defined in the Unicode database (see [UAX9]).

Casemapping:
defines if case mapping is used for this class, and how the mapping is done.

Normalization:
defines which Unicode normalization form (D, KD, C, or KC) is to be applied (see [UAX15]).

This document defines the valid, disallowed, and unassigned rules. Application protocols that use the PRECIS string classes MUST define the directionality, casemapping, and normalization rules, as further described under Section 9.2.

3.1. NameClass

Most application technologies need a special class of strings that can be used to refer to, include, or communicate things like usernames, chatroom names, file names, and data feed names. We group such things into a bucket called "NameClass" having the following features.

3.1.1. Valid

3.1.2. Disallowed

3.1.3. Unassigned

Any code points that are not yet assigned in the Unicode character set SHALL be considered Unassigned for purposes of the NameClass.

3.1.4. Directionality

The directionality rule MUST be specified by each application protocol that uses or subclasses the NameClass.

3.1.5. Case Mapping

The casemapping rule MUST be specified by each application protocol that uses or subclasses the NameClass.

3.1.6. Normalization

The normalization form MUST be specified by each application protocol that uses or subclasses the NameClass.

However, in accordance with [RFC5198], normalization form C (NFC) is RECOMMENDED.

3.2. SecretClass

Many application technologies need a special class of strings that can be used to communicate secrets of the kind that are typically used as passwords or passphrases. We group such things into a bucket called "SecretClass" having the following features.

NOTE: Consult Section 10.4 for relevant security considerations.

3.2.1. Valid

3.2.2. Disallowed

3.2.3. Unassigned

Any code points that are not yet assigned in the Unicode character set SHALL be considered Unassigned for purposes of the SecretClass.

3.2.4. Directionality

The directionality rule MUST be specified by each application protocol that uses or subclasses the SecretClass.

3.2.5. Case Mapping

The casemapping rule MUST be specified by each application protocol that uses or subclasses the SecretClass.

However, in order to maximize the entropy of passwords and passphrases, it is NOT RECOMMENDED for application protocols to map uppercase and titlecase code points to their lowercase equivalents; instead, it is RECOMMENDED to preserve the case of all code points contained in string that conform to or subclass the SecretClass.

3.2.6. Normalization

The normalization form MUST be specified by each application protocol that uses or subclasses the SecretClass.

However, in accordance with [RFC5198], normalization form C (NFC) is RECOMMENDED.

3.3. FreeClass

Some application technologies need a special class of strings that can be used in a free-form way (e.g., a nickname in a chatroom). We group such things into a bucket called "FreeClass" having the following features.

3.3.1. Valid

3.3.2. Disallowed

3.3.3. Unassigned

Any code points that are not yet assigned in the Unicode character set SHALL be considered Unassigned for purposes of the FreeClass.

3.3.4. Directionality

The directionality rule MUST be specified by each application protocol that uses or subclasses the FreeClass.

3.3.5. Case Mapping

The casemapping rule MUST be specified by each application protocol that uses or subclasses the FreeClass.

3.3.6. Normalization

The normalization form MUST be specified by each application protocol that uses or subclasses the FreeClass.

However, in accordance with [RFC5198], normalization form C (NFC) is RECOMMENDED.

4. Use of PRECIS String Classes

4.1. Principles

This document defines the valid, disallowed, and unassigned rules. Application protocols that use the PRECIS string classes MUST define the directionality, casemapping, and normalization rules. Such definitions MUST at a minimum specify the following:

Directionality:
Whether any instance of the class that contains a right-to-left code point is to be considered a right-to-left string, or whether some other rule is to be applied (e.g., the "Bidi Rule" from [RFC5893]).

Casemapping:
Whether uppercase and titlecase code points are to be (a) preserved or (b) mapped to lowercase.

Normalization:
Which Unicode normalization form (D, KD, C, or KC) is to be applied (see [UAX15] for background information); in accordance with [RFC5198], NFC is RECOMMENDED.

4.2. Subclassing

Application protocols are allowed to subclass the base string classes specified in this document. As the word "subclass" implies, a subclass MUST NOT add as valid any code points or character categories that are disallowed by the base string class. However, a subclass MAY do either of the following:

  1. Exclude specific code points that are included in the base string class.
  2. Exclude characters matching certain Unicode properties (e.g., math symbols) that are included in the base string class.

4.3. Registration

Application protocols that use the PRECIS string classes MUST register with the IANA as described under Section 9.2. This is especially important for protocols that subclass the PRECIS string classes.

5. Code Point Properties

In order to implement the string classes described above, this document does the following:

  1. Reviews and classifies the collections of code points in the Unicode character set by examining various code point properties.

  2. Defines an algorithm for determining a derived property value, which can vary depending on the string class being used by the relevant application protocol.

This document is not intended to specify precisely how derived property values are to be applied in protocol strings. That information should be defined in the protocol specification that uses or subclasses a base string class from this document.

The value of the property is to be interpreted as follows.

PROTOCOL VALID
Those code points that are allowed to be used in any PRECIS string class (NameClass, SecretClass, and FreeClass). Code points with this property value are permitted for general use in any string class. The abbreviated term PVALID is used to refer to this value in the remainder of this document.

SPECIFIC CLASS PROTOCOL VALID
Those code points that are allowed to be used in specific string classes. Code points with this property value are permitted for use in specific string classes. In the remainder of this document, the abbreviated term *_PVALID is used, where * = (NAMECLASS | SECRETCLASS | FREECLASS).

CONTEXTUAL RULE REQUIRED
Some characteristics of the character, such as its being invisible in certain contexts or problematic in others, require that it not be used in labels unless specific other characters or properties are present. The abbreviated term CONTEXT is used to refer to this value in the remainder of this document. There are two subdivisions of CONTEXTUAL RULE REQUIRED, the first for Join_controls (called CONTEXTJ) and the second for other characters (called CONTEXTO).

DISALLOWED
Those code points that must not be included in any string class. Code points with this property value are not permitted in any string class.

SPECIFIC CLASS DISALLOWED
Those code points that are not to be included in a specific string class. Code points with this property value are not permitted in one of the string classes but might be permitted in others. In the remainder of this document, the abbreviated term *_DISALLOWED is used, where * = (NAMECLASS | SECRETCLASS | FREECLASS).

UNASSIGNED
Those code points that are not designated (i.e. are unassigned) in the Unicode Standard.

The mechanisms described here allow determination of the value of the property for future versions of Unicode (including characters added after Unicode 5.2 or 6.0 depending on the category, since some categories in this document are reused from IDNA2008). Changes in Unicode properties that do not affect the outcome of this process do not affect this framework. For example, a character can have its Unicode General_Category value [UNICODE] change from So to Sm, or from Lo to Ll, without affecting the algorithm results. Moreover, even if such changes were to result, the BackwardCompatible list [G] can be adjusted to ensure the stability of the results.

Some code points need to be allowed in exceptional circumstances, but should be excluded in all other cases; these rules are also described in other documents. The most notable of these are the Join Control characters, U+200D ZERO WIDTH JOINER and U+200C ZERO WIDTH NON-JOINER. Both of them have the derived property value CONTEXTJ. A character with the derived property value CONTEXTJ or CONTEXTO (CONTEXTUAL RULE REQUIRED) is not to be used unless an appropriate rule has been established and the context of the character is consistent with that rule. It is invalid to generate a string containing these characters unless such a contextual rule is found and satisfied. PRECIS does not define its own contextual rules, but instead re-uses the contextual rules defined for IDNA2008; please see Appendix A of [RFC5892] for more information.

6. Category Definitions Used to Calculate Derived Property Value

The derived property obtains its value based on a two-step procedure:

  1. Characters are placed in one or more character categories either (1) based on core properties defined by the Unicode Standard or (2) by treating the code point as an exception and addressing the code point as its code point value. These categories are not mutually exclusive.

  2. Set operations are used with these categories to determine the values for a property that is specific to a given string class. These operations are specified under Section 7.

(NOTE: Unicode property names and property value names might have short abbreviations, such as "gc" for the General_Category property and "Ll" for the Lowercase_Letter property value of the gc property.)

In the following specification of character categories, the operation that returns the value of a particular Unicode character property for a code point is designated by using the formal name of that property (from the Unicode PropertyAliases.txt) followed by '(cp)' for "code point". For example, the value of the General_Category property for a code point is indicated by General_Category(cp).

The first ten categories (A-J) shown below were previously defined for IDNA2008 and are copied directly from [RFC5892]. Some of these categories are reused in PRECIS and some of them are not; however, the lettering of categories is retained to prevent overlap and to ease implementation of both IDNA2008 and PRECIS in a single software application. The next seven categories (K-Q) are specific to PRECIS.

6.1. LetterDigits (A)

NOTE: This category is defined in [RFC5892] and copied here for use in PRECIS.

A: General_Category(cp) is in {Ll, Lu, Lo, Nd, Lm, Mn, Mc}
            

These rules identify characters commonly used in mnemonics and often informally described as "language characters".

For more information, see section 4.5 of [UNICODE].

The categories used in this rule are:

6.2. Unstable (B)

NOTE: This category is defined in [RFC5892] but not used in PRECIS.

6.3. IgnorableProperties (C)

NOTE: This category is defined in [RFC5892] but not used in PRECIS. See the "PrecisIgnorableProperties (M)" category below for a more inclusive category used in PRECIS identifiers.

6.4. IgnorableBlocks (D)

NOTE: This category is defined in [RFC5892] but not used in PRECIS.

6.5. LDH (E)

NOTE: This category is defined in [RFC5892] but not used in PRECIS. See the "ASCII7 (K)" category below for a more inclusive category used in PRECIS identifiers.

6.6. Exceptions (F)

NOTE: This category is defined in [RFC5892] and might be used in a future version of this specification.

F: cp is in {00B7, 00DF, 0375, 03C2, 05F3, 05F4, 0640, 0660,
             0661, 0662, 0663, 0664, 0665, 0666, 0667, 0668,
             0669, 06F0, 06F1, 06F2, 06F3, 06F4, 06F5, 06F6,
             06F7, 06F8, 06F9, 06FD, 06FE, 07FA, 0F0B, 3007,
             302E, 302F, 3031, 3032, 3033, 3034, 3035, 303B,
             30FB}
            

This category explicitly lists code points for which the category cannot be assigned using only the core property values that exist in the Unicode standard. The values are according to the table below:

PVALID -- Would otherwise have been DISALLOWED

00DF; PVALID     # LATIN SMALL LETTER SHARP S
03C2; PVALID     # GREEK SMALL LETTER FINAL SIGMA
06FD; PVALID     # ARABIC SIGN SINDHI AMPERSAND
06FE; PVALID     # ARABIC SIGN SINDHI POSTPOSITION MEN
0F0B; PVALID     # TIBETAN MARK INTERSYLLABIC TSHEG
3007; PVALID     # IDEOGRAPHIC NUMBER ZERO

CONTEXTO -- Would otherwise have been DISALLOWED

00B7; CONTEXTO   # MIDDLE DOT
0375; CONTEXTO   # GREEK LOWER NUMERAL SIGN (KERAIA)
05F3; CONTEXTO   # HEBREW PUNCTUATION GERESH
05F4; CONTEXTO   # HEBREW PUNCTUATION GERSHAYIM
30FB; CONTEXTO   # KATAKANA MIDDLE DOT

CONTEXTO -- Would otherwise have been PVALID

0660; CONTEXTO   # ARABIC-INDIC DIGIT ZERO
0661; CONTEXTO   # ARABIC-INDIC DIGIT ONE
0662; CONTEXTO   # ARABIC-INDIC DIGIT TWO
0663; CONTEXTO   # ARABIC-INDIC DIGIT THREE
0664; CONTEXTO   # ARABIC-INDIC DIGIT FOUR
0665; CONTEXTO   # ARABIC-INDIC DIGIT FIVE
0666; CONTEXTO   # ARABIC-INDIC DIGIT SIX
0667; CONTEXTO   # ARABIC-INDIC DIGIT SEVEN
0668; CONTEXTO   # ARABIC-INDIC DIGIT EIGHT
0669; CONTEXTO   # ARABIC-INDIC DIGIT NINE
06F0; CONTEXTO   # EXTENDED ARABIC-INDIC DIGIT ZERO
06F1; CONTEXTO   # EXTENDED ARABIC-INDIC DIGIT ONE
06F2; CONTEXTO   # EXTENDED ARABIC-INDIC DIGIT TWO
06F3; CONTEXTO   # EXTENDED ARABIC-INDIC DIGIT THREE
06F4; CONTEXTO   # EXTENDED ARABIC-INDIC DIGIT FOUR
06F5; CONTEXTO   # EXTENDED ARABIC-INDIC DIGIT FIVE
06F6; CONTEXTO   # EXTENDED ARABIC-INDIC DIGIT SIX
06F7; CONTEXTO   # EXTENDED ARABIC-INDIC DIGIT SEVEN
06F8; CONTEXTO   # EXTENDED ARABIC-INDIC DIGIT EIGHT
06F9; CONTEXTO   # EXTENDED ARABIC-INDIC DIGIT NINE

DISALLOWED -- Would otherwise have been PVALID

0640; DISALLOWED # ARABIC TATWEEL
07FA; DISALLOWED # NKO LAJANYALAN
302E; DISALLOWED # HANGUL SINGLE DOT TONE MARK
302F; DISALLOWED # HANGUL DOUBLE DOT TONE MARK
3031; DISALLOWED # VERTICAL KANA REPEAT MARK
3032; DISALLOWED # VERTICAL KANA REPEAT WITH VOICED SOUND MARK
3033; DISALLOWED # VERTICAL KANA REPEAT MARK UPPER HALF
3034; DISALLOWED # VERTICAL KANA REPEAT WITH VOICED SOUND MARK 
                   UPPER HA
3035; DISALLOWED # VERTICAL KANA REPEAT MARK LOWER HALF
303B; DISALLOWED # VERTICAL IDEOGRAPHIC ITERATION MARK
            

6.7. BackwardCompatible (G)

NOTE: This category is defined in [RFC5892] and copied here for use in PRECIS. Because of how the PRECIS string classes are defined, only changes that would result in code points being added to or removed from the LetterDigits ("A") category would result in backward-incompatible modifications to code point assignments. Therefore, management of this category is handled via the processes specified in [RFC5892].

G: cp is in {}
            

This category includes the code points for which property values in versions of Unicode after 5.2 have changed in such a way that the derived property value would no longer be PVALID or DISALLOWED. If changes are made to future versions of Unicode so that code points might change property value from PVALID or DISALLOWED, then this table can be updated and keep special exception values so that the property values for code points stay stable.

6.8. JoinControl (H)

NOTE: This category is defined in [RFC5892] and copied here for use in PRECIS.

H: Join_Control(cp) = True
            

This category consists of Join Control characters (i.e., they are not in LetterDigits [A]) but are still required in strings under some circumstances.

6.9. OldHangulJamo (I)

NOTE: This category is defined in [RFC5892] and copied here for use in PRECIS.

I: Hangul_Syllable_Type(cp) is in {L, V, T}
            

This category consists of all conjoining Hangul Jamo (Leading Jamo, Vowel Jamo, and Trailing Jamo).

Elimination of conjoining Hangul Jamos from the set of PVALID characters results in restricting the set of Korean PVALID characters just to preformed, modern Hangul syllable characters. Old Hangul syllables, which must be spelled with sequences of conjoining Hangul Jamos, are not PVALID for string classes.

6.10. Unassigned (J)

NOTE: This category is defined in [RFC5892] and copied here for use in PRECIS.

J: General_Category(cp) is in {Cn} and
   Noncharacter_Code_Point(cp) = False
            

This category consists of code points in the Unicode character set that are not (yet) assigned. It should be noted that Unicode distinguishes between 'unassigned code points' and 'unassigned characters'. The unassigned code points are all but (Cn - Noncharacters), while the unassigned *characters* are all but (Cn + Cs).

6.11. ASCII7 (K)

This PRECIS-specific category exempts most characters in the ASCII-7 range from other rules that might be applied during PRECIS processing, on the assumption that these code points are in such wide use that disallowing them would be counter-productive.

K: cp is in {0021..007E}
            

6.12. Controls (L)

L: Control(cp) = True
            

6.13. PrecisIgnorableProperties (M)

This PRECIS-specific category is used to group code points that are not recommended for use in PRECIS string classes.

M: Default_Ignorable_Code_Point(cp) = True or
   Noncharacter_Code_Point(cp) = True
            

The definition for Default_Ignorable_Code_Point can be found in the DerivedCoreProperties.txt file, and at the time of Unicode 6.0 is as follows:

  Other_Default_Ignorable_Code_Point 
+ Cf (Format characters)
+ Variation_Selector 
- White_Space 
- FFF9..FFFB (Annotation Characters) 
- 0600..0603, 06DD, 070F (exceptional Cf characters 
                          that should be visible)
            

6.14. Spaces (N)

This PRECIS-specific category is used to group code points that are space characters.

N: General_Category(cp) is in {Zs}
            

6.15. Symbols (O)

This PRECIS-specific category is used to group code points that are symbols.

O: General_Category(cp) is in {Sc}
            

6.16. Punctuation (P)

This PRECIS-specific category is used to group code points that are punctuation marks.

P: General_Category(cp) is in {Pi}
            

6.17. HasCompat (Q)

This PRECIS-specific category is used to group code points that have compatibility equivalents as explained in Chapter 2 and Chapter 3 of [UNICODE].

Q: toNFKC(cp) != cp
            

The toNFKC() operation returns the code point in normalization form KC. For more information, see Section 5 of [UAX15].

7. Calculation of the Derived Property

Possible values of the derived property are:

NOTE: In some instances, the value of the derived property calculated depends on the string class (e.g., if an identifier used in an application protocol is defined as using or subclassing the PRECIS NameClass, then a space character would be assigned to NAMECLASS_DISALLOWED).

The algorithm to calculate the value of the derived property is as follows. (NOTE: Use of the name of a rule (such as "Exception") implies the set of code points that the rule defines, whereas the same name as a function call (such as "Exception(cp)") implies the value that the code point has in the Exceptions table.)

If .cp. .in. Exceptions Then Exceptions(cp);
Else If .cp. .in. BackwardCompatible Then BackwardCompatible(cp);
Else If .cp. .in. Unassigned Then UNASSIGNED;
Else If .cp. .in. ASCII7 Then PVALID;
Else If .cp. .in. JoinControl Then CONTEXTJ;
Else If .cp. .in. PrecisIgnorableProperties Then DISALLOWED;
Else If .cp. .in. Controls Then DISALLOWED;
Else If .cp. .in. OldHangulJamo Then DISALLOWED;
Else If .cp. .in. LetterDigits Then PVALID;
Else If .cp. .in. Spaces Then NAMECLASS_DISALLOWED 
                  or SECRETCLASS_DISALLOWED 
                  or FREECLASS_VALID;
Else If .cp. .in. Symbols Then NAMECLASS_DISALLOWED 
                  or SECRETCLASS_DISALLOWED 
                  or FREECLASS_VALID;
Else If .cp. .in. Punctuation Then NAMECLASS_DISALLOWED 
                  or SECRETCLASS_DISALLOWED 
                  or FREECLASS_VALID;
Else If .cp. .in. HasCompat Then NAMECLASS_DISALLOWED 
                  or SECRETCLASS_VALID 
                  or FREECLASS_VALID;
Else DISALLOWED;
            

8. Code Points

The Categories and Rules defined in Section 6 and Section 7 apply to all Unicode code points. The table in Section 12 shows, for illustrative purposes, the consequences of the categories and classification rules, and the resulting property values.

The list of code points that can be found in Section 12 is non-normative. Instead, the rules defined by Section 6 and Section 7 are normative, and any tables are derived from the rules.

9. IANA Considerations

9.1. PRECIS Derived Property Value Registry

IANA is requested to create a PRECIS-specific registry with the Derived Properties for the versions of Unicode that are released after (and including) version 6.0. The derived property value is to be calculated in cooperation with a designated expert [RFC5226] according to the specifications in Section 6 and Section 7, and not by copying the non-normative table found in Section 12.

If during this process (creation of the table of derived property values) followed by a designated expert review, either backward-incompatible changes to the table of derived properties are discovered, or otherwise problems during the creation of the table arises, that is to be flagged to the IESG. Changes to the rules (as specified in Section 6 and Section 7) require IETF Review, as described in [RFC5226].

9.2. PRECIS Usage Registry

IANA is requested to create a registry of application protocols that use the base string classes. The registry will include one entry for each use (e.g., if a protocol uses both the NameClass and the FreeClass then the specification for that protocol would submit two registrations). In accordance with [RFC5226], the registration policy is "First Come First Served".

The registration template is as follows:

Application Protocol:
[the application protocol that is using or subclassing the PRECIS string class]
Base Class:
[which base class is being used]
Subclassing:
[whether the base class is being subclassed and, if so, where documentation of the subclassing can be found]
Directionality:
[the behavioral rule for handling of right-to-left code points]
Casemapping:
[the behavioral rule for handling of case]
Normalization:
[which Unicode normalization form is applied]
Specification:
[a pointer to relevant documentation, such as an RFC or Internet-Draft]

10. Security Considerations

10.1. General Issues

The security of applications that use this framework can depend in part on the proper preparation and comparison of internationalized strings. For example, such strings can be used to make authentication and authorization decisions, and the security of an application could be compromised if an entity providing a given string is connected to the wrong account or online resource based on different interpretations of the string.

Specifications of application protocols that use this framework are encouraged to describe how internationalized strings are used in the protocol, including the security implications of any false positives and false negatives that might result from various comparison operations. For some helpful guidelines, refer to [IDENTIFIER], [RFC5890], [UTR36], and [UTR39].

10.2. Local Character Set Issues

When systems use local character sets other than ASCII and Unicode, these specifications leave the problem of converting between the local character set and Unicode up to the application or local system. If different applications (or different versions of one application) implement different rules for conversions among coded character sets, they could interpret the same name differently and contact different application servers or other network entities. This problem is not solved by security protocols, such as Transport Layer Security (TLS) [RFC5246] and the Simple Authentication and Security Layer (SASL) [RFC4422], that do not take local character sets into account.

10.3. Visually Similar Characters

Some characters are visually similar and thus can cause confusion among humans. Such characters are often called "confusable characters" or "confusables".

The problem of confusable characters is not necessarily caused by the use of Unicode code points outside the US-ASCII range. For example, in some presentations and to some individuals the string "ju1iet" (spelled with the Arabic numeral one as the third character) might appear to be the same as "juliet" (spelled with the lowercase version of the letter "L"), especially on casual visual inspection. This phenomenon is sometimes called "typejacking".

However, the problem is made more serious by introducing the full range of Unicode code points into protocol strings. For example, the characters U+13DA U+13A2 U+13B5 U+13AC U+13A2 U+13AC U+13D2 from the Cherokee block look similar to the US-ASCII characters "STPETER" as they might look when presented in a "creative" font.

In some examples of confusable characters, it is unlikely that the average human could tell the difference between the real string and the fake string. (Indeed, there is no programmatic way to distinguish with full certainty which is the fake string and which is the real string; in some contexts, the string formed of Cherokee characters might be the real string and the string formed of US-ASCII characters might be the fake string.) Because PRECIS-compliant strings can contain almost any properly encoded Unicode code point, it can be relatively easy to fake or mimic some strings in systems that use the PRECIS framework. The fact that some strings are easily confused introduces security vulnerabilities of the kind that have also plagued the World Wide Web, specifically the phenomenon known as phishing.

Despite the fact that some specific suggestions about identification and handling of confusable characters appear in the Unicode Security Considerations [UTR36], it is also true (as noted in [RFC5890]) that "there are no comprehensive technical solutions to the problems of confusable characters". Because it is impossible to map visually similar characters without a great deal of context (such as knowing the fonts used), the PRECIS framework does nothing to map similar-looking characters together, nor does it prohibit some characters because they look like others.

However, specifications for application protocols that use this framework MUST describe how confusable characters can be used to compromise the security of systems that use the protocol in question, and any protocol-specific suggestions for overcoming those threats. In particular, software implementations and service deployments that use PRECIS-based technologies are strongly encouraged to define and implement consistent policies regarding the registration, storage, and presentation of visually similar characters. The following recommendations are appropriate:

  1. An application service SHOULD define a policy that specifies the scripts or blocks of characters that the service will allow to be registered (e.g., in an account name) or stored (e.g., in a file name). Such a policy SHOULD be informed by the languages and scripts that are used to write registered account names; in particular, to reduce confusion, the service SHOULD forbid registration or storage of stings that contain characters from more than one script and to restrict registrations to characters drawn from a very small number of scripts (e.g., scripts that are well-understood by the administrators of the service, to improve manageability).

  2. User-oriented application software SHOULD define a policy that specifies how internationalized strings will be presented to a human user. Because every human user of such software has a preferred language or a small set of preferred languages, the software SHOULD gather that information either explicitly from the user or implicitly via the operating system of the user's device. Furthermore, because most languages are typically represented by a single script or a small set of scripts, and because and most scripts are typically contained in one or more blocks of characters, the software SHOULD warn the user when presenting a string that mixes characters from more than one script or block, or that uses characters outside the normal range of the user's preferred language(s). (Such a recommendation is not intended to discourage communication across different communities of language users; instead, it recognizes the existence of such communities and encourages due caution when presenting unfamiliar scripts or characters to human users.)

10.4. Security of the SecretClass

One goal of passwords and passphrases is to maximize the amount of entropy, for example by allowing a wide range of code points and by ensuring that secrets are not prepared in such a way that code points are compared aggressively. Therefore, it is NOT RECOMMENDED for application protocols to subclass the SecretClass in a way that removes entire categories (e.g., by disallowing symbols or punctuation). Furthermore, it is NOT RECOMMENDED for application protocols to map uppercase and titlecase code points to their lowercase equivalents; instead, it is RECOMMENDED to preserve the case of all code points contained in string that conform to or subclass the SecretClass.

That said, software implementers need to be aware that there exist tradeoffs between entropy and usability. For example, allowing a user to establish a password containing "uncommon" code points might make it difficult for the user to access an application when using an unfamiliar or constrained input device.

Some application protocols use passwords and passphrases directly, whereas others reuse technologies that themselves process passwords (one example is the Simple Authentication and Security Layer [RFC4422]). Moreover, passwords are often carried by a sequence of protocols with backends authentication systems or data storage systems such as RADIUS [RFC2865] and LDAP [RFC4510]. Developers of application protocols are encouraged to look into reusing these profiles instead of defining new ones, so that end-user expectations about passwords are consistent no matter which application protocol is used.

11. Acknowledgements

The authors would like to acknowledge the comments and contributions of the following individuals: David Black, Mark Davis, Alan DeKok, Martin Duerst, Patrik Faltstrom, Ted Hardie, Joe Hildebrand, Paul Hoffman, Jeffrey Hutzelman, Simon Josefsson, John Klensin, Alexey Melnikov, Pete Resnick, Andrew Sullivan, and Dave Thaler.

Some algorithms and textual descriptions have been borrowed from [RFC5892]. Some text regarding security has been borrowed from [RFC5890] and [XMPP-ADDR].

12. Codepoints 0x0000 - 0x10FFFF

To follow.

12.1. Codepoints in Unicode Character Database (UCD) format

To follow.

13. References

13.1. Normative References

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC5198] Klensin, J. and M. Padlipsky, "Unicode Format for Network Interchange", RFC 5198, March 2008.
[UNICODE] The Unicode Consortium, "The Unicode Standard, Version 6.0", 2010.

13.2. Informative References

[I18N-TERMS] Hoffman, P and J Klensin, "Terminology Used in Internationalization in the IETF", Internet-Draft draft-ietf-appsawg-rfc3536bis-06, July 2011.
[IDENTIFIER] Thaler, D, "Issues in Identifier Comparison for Security Purposes", Internet-Draft draft-iab-identifier-comparison-00, July 2011.
[PROBLEM] Blanchet, M and A Sullivan, "Stringprep Revision Problem Statement", Internet-Draft draft-ietf-precis-problem-statement-03, July 2011.
[RFC2865] Rigney, C., Willens, S., Rubens, A. and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, June 2000.
[RFC3454] Hoffman, P. and M. Blanchet, "Preparation of Internationalized Strings ("stringprep")", RFC 3454, December 2002.
[RFC3490] Faltstrom, P., Hoffman, P. and A. Costello, "Internationalizing Domain Names in Applications (IDNA)", RFC 3490, March 2003.
[RFC4422] Melnikov, A. and K. Zeilenga, "Simple Authentication and Security Layer (SASL)", RFC 4422, June 2006.
[RFC4510] Zeilenga, K., "Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map", RFC 4510, June 2006.
[RFC4690] Klensin, J., Faltstrom, P., Karp, C., IAB, "Review and Recommendations for Internationalized Domain Names (IDNs)", RFC 4690, September 2006.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, May 2008.
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2", RFC 5246, August 2008.
[RFC5890] Klensin, J., "Internationalized Domain Names for Applications (IDNA): Definitions and Document Framework", RFC 5890, August 2010.
[RFC5891] Klensin, J., "Internationalized Domain Names in Applications (IDNA): Protocol", RFC 5891, August 2010.
[RFC5892] Faltstrom, P., "The Unicode Code Points and Internationalized Domain Names for Applications (IDNA)", RFC 5892, August 2010.
[RFC5893] Alvestrand, H. and C. Karp, "Right-to-Left Scripts for Internationalized Domain Names for Applications (IDNA)", RFC 5893, August 2010.
[RFC5894] Klensin, J., "Internationalized Domain Names for Applications (IDNA): Background, Explanation, and Rationale", RFC 5894, August 2010.
[RFC5895] Resnick, P. and P. Hoffman, "Mapping Characters for Internationalized Domain Names in Applications (IDNA) 2008", RFC 5895, September 2010.
[UAX9] The Unicode Consortium, "Unicode Standard Annex #9: Unicode Bidirectional Algorithm", September 2010.
[UAX15] The Unicode Consortium, "Unicode Standard Annex #15: Unicode Normalization Forms", September 2010.
[UTR36] The Unicode Consortium, "Unicode Technical Report #36: Unicode Security Considerations", August 2010.
[UTR39] The Unicode Consortium, "Unicode Technical Report #39: Unicode Security Mechanisms", August 2010.
[XMPP-ADDR] Saint-Andre, P, "Extensible Messaging and Presence Protocol (XMPP): Address Format", Internet-Draft draft-saintandre-xmpp-6122bis-02, August 2011.

Authors' Addresses

Marc Blanchet Viagenie 2600 boul. Laurier, suite 625 Quebec, QC G1V 4W1 Canada EMail: Marc.Blanchet@viagenie.ca URI: http://www.viagenie.ca/
Peter Saint-Andre Cisco 1899 Wyknoop Street, Suite 600 Denver, CO 80202 USA Phone: +1-303-308-3282 EMail: psaintan@cisco.com