rfc3490.txt revision 09233633dadbd7878e60dd383a814e24e5eda1c6
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David LawrenceNetwork Working Group P. Faltstrom
dafcb997e390efa4423883dafd100c975c4095d6Mark AndrewsRequest for Comments: 3490 Cisco
dafcb997e390efa4423883dafd100c975c4095d6Mark AndrewsCategory: Standards Track P. Hoffman
866d106459313499d0ca7bfccb4b2d23d5e4377cDavid Lawrence Internationalizing Domain Names in Applications (IDNA)
866d106459313499d0ca7bfccb4b2d23d5e4377cDavid LawrenceStatus of this Memo
7c74e180c206e6ed99e8beb820da5f399d845c3eDavid Lawrence This document specifies an Internet standards track protocol for the
4423c99613db1399dbb5c51e86ef0d351a1418c2Mark Andrews Internet community, and requests discussion and suggestions for
ea31416b4fcdf23732355a8002f93f29e3b3d2dbAndreas Gustafsson improvements. Please refer to the current edition of the "Internet
866d106459313499d0ca7bfccb4b2d23d5e4377cDavid Lawrence Official Protocol Standards" (STD 1) for the standardization state
64e41159a919b0711321fe688ca5da4f4d1b7d80Bob Halley and status of this protocol. Distribution of this memo is unlimited.
a5d43b72413db3edd6b36a58f9bdf2cf6ff692f2Bob HalleyCopyright Notice
a5d43b72413db3edd6b36a58f9bdf2cf6ff692f2Bob Halley Copyright (C) The Internet Society (2003). All Rights Reserved.
ccdac53c027e8964753b36c4d8c7b0e98af501c2Michael Graff Until now, there has been no standard method for domain names to use
ccdac53c027e8964753b36c4d8c7b0e98af501c2Michael Graff characters outside the ASCII repertoire. This document defines
ccdac53c027e8964753b36c4d8c7b0e98af501c2Michael Graff internationalized domain names (IDNs) and a mechanism called
ccdac53c027e8964753b36c4d8c7b0e98af501c2Michael Graff Internationalizing Domain Names in Applications (IDNA) for handling
ccdac53c027e8964753b36c4d8c7b0e98af501c2Michael Graff them in a standard fashion. IDNs use characters drawn from a large
ccdac53c027e8964753b36c4d8c7b0e98af501c2Michael Graff repertoire (Unicode), but IDNA allows the non-ASCII characters to be
3d776d762914d1b675b4fd49728ce353ccf6f77eBrian Wellington represented using only the ASCII characters already allowed in so-
ccdac53c027e8964753b36c4d8c7b0e98af501c2Michael Graff called host names today. This backward-compatible representation is
75a4dd0d377dca2f85cea44e28bf110314c1fe8cDavid Lawrence required in existing protocols like DNS, so that IDNs can be
75a4dd0d377dca2f85cea44e28bf110314c1fe8cDavid Lawrence introduced with no changes to the existing infrastructure. IDNA is
75a4dd0d377dca2f85cea44e28bf110314c1fe8cDavid Lawrence only meant for processing domain names, not free text.
75a4dd0d377dca2f85cea44e28bf110314c1fe8cDavid LawrenceTable of Contents
91306d962f9d147d94b82fb14edb28f8d907cae7Andreas Gustafsson 1. Introduction.................................................. 2
91306d962f9d147d94b82fb14edb28f8d907cae7Andreas Gustafsson 1.1 Problem Statement......................................... 3
91306d962f9d147d94b82fb14edb28f8d907cae7Andreas Gustafsson 1.2 Limitations of IDNA....................................... 3
91306d962f9d147d94b82fb14edb28f8d907cae7Andreas Gustafsson 1.3 Brief overview for application developers................. 4
e893dce91279d7313a579f72caae3941f6dc5a27David Lawrence 2. Terminology................................................... 5
e893dce91279d7313a579f72caae3941f6dc5a27David Lawrence 3. Requirements and applicability................................ 7
e893dce91279d7313a579f72caae3941f6dc5a27David Lawrence 3.1 Requirements.............................................. 7
e893dce91279d7313a579f72caae3941f6dc5a27David Lawrence 3.2 Applicability............................................. 8
e893dce91279d7313a579f72caae3941f6dc5a27David Lawrence 3.2.1. DNS resource records................................ 8
e893dce91279d7313a579f72caae3941f6dc5a27David LawrenceFaltstrom, et al. Standards Track [Page 1]
3b77946b751f39bd4db5a7d1fe48a81e6b1e7a28Bob HalleyRFC 3490 IDNA March 2003
8e06cea14c857429ab7e7299af2dce5eeeaa5ff0Michael Graff 3.2.2. Non-domain-name data types stored in domain names... 9
ce8c568e0d6106bb87069453505e09bc66754b40Andreas Gustafsson 4. Conversion operations......................................... 9
3b77946b751f39bd4db5a7d1fe48a81e6b1e7a28Bob Halley 4.1 ToASCII................................................... 10
3b77946b751f39bd4db5a7d1fe48a81e6b1e7a28Bob Halley 4.2 ToUnicode................................................. 11
3b77946b751f39bd4db5a7d1fe48a81e6b1e7a28Bob Halley 5. ACE prefix.................................................... 12
3b77946b751f39bd4db5a7d1fe48a81e6b1e7a28Bob Halley 6. Implications for typical applications using DNS............... 13
3b77946b751f39bd4db5a7d1fe48a81e6b1e7a28Bob Halley 6.1 Entry and display in applications......................... 14
3b77946b751f39bd4db5a7d1fe48a81e6b1e7a28Bob Halley 6.2 Applications and resolver libraries....................... 15
3b77946b751f39bd4db5a7d1fe48a81e6b1e7a28Bob Halley 6.3 DNS servers............................................... 15
3b77946b751f39bd4db5a7d1fe48a81e6b1e7a28Bob Halley 6.4 Avoiding exposing users to the raw ACE encoding........... 16
3b77946b751f39bd4db5a7d1fe48a81e6b1e7a28Bob Halley 6.5 DNSSEC authentication of IDN domain names................ 16
3b77946b751f39bd4db5a7d1fe48a81e6b1e7a28Bob Halley 7. Name server considerations.................................... 17
3b77946b751f39bd4db5a7d1fe48a81e6b1e7a28Bob Halley 8. Root server considerations.................................... 17
3b77946b751f39bd4db5a7d1fe48a81e6b1e7a28Bob Halley 9. References.................................................... 18
3b77946b751f39bd4db5a7d1fe48a81e6b1e7a28Bob Halley 9.1 Normative References...................................... 18
8e06cea14c857429ab7e7299af2dce5eeeaa5ff0Michael Graff 9.2 Informative References.................................... 18
8e06cea14c857429ab7e7299af2dce5eeeaa5ff0Michael Graff 10. Security Considerations...................................... 19
3ecf3394e37dc2848a09ffc643565d454e9e6974Andreas Gustafsson 11. IANA Considerations.......................................... 20
3ecf3394e37dc2848a09ffc643565d454e9e6974Andreas Gustafsson 12. Authors' Addresses........................................... 21
3ecf3394e37dc2848a09ffc643565d454e9e6974Andreas Gustafsson 13. Full Copyright Statement..................................... 22
3ecf3394e37dc2848a09ffc643565d454e9e6974Andreas Gustafsson1. Introduction
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence IDNA works by allowing applications to use certain ASCII name labels
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence (beginning with a special prefix) to represent non-ASCII name labels.
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence Lower-layer protocols need not be aware of this; therefore IDNA does
b587e1d83f007ce68a9ae93097c461d8eb7aa373Mark Andrews not depend on changes to any infrastructure. In particular, IDNA
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence does not depend on any changes to DNS servers, resolvers, or protocol
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence elements, because the ASCII name service provided by the existing DNS
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence is entirely sufficient for IDNA.
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence This document does not require any applications to conform to IDNA,
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence but applications can elect to use IDNA in order to support IDN while
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence maintaining interoperability with existing infrastructure. If an
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence application wants to use non-ASCII characters in domain names, IDNA
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence is the only currently-defined option. Adding IDNA support to an
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence existing application entails changes to the application only, and
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence leaves room for flexibility in the user interface.
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence A great deal of the discussion of IDN solutions has focused on
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence transition issues and how IDN will work in a world where not all of
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence the components have been updated. Proposals that were not chosen by
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence the IDN Working Group would depend on user applications, resolvers,
ae4cbb69eef32ced103fe4561e8d2031ee4c3497David Lawrence and DNS servers being updated in order for a user to use an
ae4cbb69eef32ced103fe4561e8d2031ee4c3497David Lawrence internationalized domain name. Rather than rely on widespread
ae4cbb69eef32ced103fe4561e8d2031ee4c3497David Lawrence updating of all components, IDNA depends on updates to user
ae4cbb69eef32ced103fe4561e8d2031ee4c3497David Lawrence applications only; no changes are needed to the DNS protocol or any
ae4cbb69eef32ced103fe4561e8d2031ee4c3497David Lawrence DNS servers or the resolvers on user's computers.
ae4cbb69eef32ced103fe4561e8d2031ee4c3497David LawrenceFaltstrom, et al. Standards Track [Page 2]
ae4cbb69eef32ced103fe4561e8d2031ee4c3497David LawrenceRFC 3490 IDNA March 2003
ae4cbb69eef32ced103fe4561e8d2031ee4c3497David Lawrence1.1 Problem Statement
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence The IDNA specification solves the problem of extending the repertoire
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence of characters that can be used in domain names to include the Unicode
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence repertoire (with some restrictions).
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence IDNA does not extend the service offered by DNS to the applications.
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence Instead, the applications (and, by implication, the users) continue
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence to see an exact-match lookup service. Either there is a single
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence exactly-matching name or there is no match. This model has served
0293ad13207aa29bd5844cdc87d085ffc009d749David Lawrence the existing applications well, but it requires, with or without
0293ad13207aa29bd5844cdc87d085ffc009d749David Lawrence internationalized domain names, that users know the exact spelling of
0293ad13207aa29bd5844cdc87d085ffc009d749David Lawrence the domain names that the users type into applications such as web
0293ad13207aa29bd5844cdc87d085ffc009d749David Lawrence browsers and mail user agents. The introduction of the larger
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence repertoire of characters potentially makes the set of misspellings
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence larger, especially given that in some cases the same appearance, for
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence example on a business card, might visually match several Unicode code
0293ad13207aa29bd5844cdc87d085ffc009d749David Lawrence points or several sequences of code points.
0293ad13207aa29bd5844cdc87d085ffc009d749David Lawrence IDNA allows the graceful introduction of IDNs not only by avoiding
0293ad13207aa29bd5844cdc87d085ffc009d749David Lawrence upgrades to existing infrastructure (such as DNS servers and mail
0293ad13207aa29bd5844cdc87d085ffc009d749David Lawrence transport agents), but also by allowing some rudimentary use of IDNs
0293ad13207aa29bd5844cdc87d085ffc009d749David Lawrence in applications by using the ASCII representation of the non-ASCII
0293ad13207aa29bd5844cdc87d085ffc009d749David Lawrence name labels. While such names are very user-unfriendly to read and
0293ad13207aa29bd5844cdc87d085ffc009d749David Lawrence type, and hence are not suitable for user input, they allow (for
0293ad13207aa29bd5844cdc87d085ffc009d749David Lawrence instance) replying to email and clicking on URLs even though the
0293ad13207aa29bd5844cdc87d085ffc009d749David Lawrence domain name displayed is incomprehensible to the user. In order to
0293ad13207aa29bd5844cdc87d085ffc009d749David Lawrence allow user-friendly input and output of the IDNs, the applications
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence need to be modified to conform to this specification.
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence IDNA uses the Unicode character repertoire, which avoids the
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence significant delays that would be inherent in waiting for a different
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence and specific character set be defined for IDN purposes by some other
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence standards developing organization.
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence1.2 Limitations of IDNA
657ce0b9d84fbd66514df53d61a087e8f1161187Michael Graff The IDNA protocol does not solve all linguistic issues with users
657ce0b9d84fbd66514df53d61a087e8f1161187Michael Graff inputting names in different scripts. Many important language-based
657ce0b9d84fbd66514df53d61a087e8f1161187Michael Graff and script-based mappings are not covered in IDNA and need to be
657ce0b9d84fbd66514df53d61a087e8f1161187Michael Graff handled outside the protocol. For example, names that are entered in
1ce985ab3c6670662d555c108b35fed84a6a1001David Lawrence a mix of traditional and simplified Chinese characters will not be
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence mapped to a single canonical name. Another example is Scandinavian
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence names that are entered with U+00F6 (LATIN SMALL LETTER O WITH
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence DIAERESIS) will not be mapped to U+00F8 (LATIN SMALL LETTER O WITH
4bcaefbcd3ced942139fdc830e007c6ea2b8d2feDavid LawrenceFaltstrom, et al. Standards Track [Page 3]
4bcaefbcd3ced942139fdc830e007c6ea2b8d2feDavid LawrenceRFC 3490 IDNA March 2003
4bcaefbcd3ced942139fdc830e007c6ea2b8d2feDavid Lawrence An example of an important issue that is not considered in detail in
4bcaefbcd3ced942139fdc830e007c6ea2b8d2feDavid Lawrence IDNA is how to provide a high probability that a user who is entering
4bcaefbcd3ced942139fdc830e007c6ea2b8d2feDavid Lawrence a domain name based on visual information (such as from a business
4bcaefbcd3ced942139fdc830e007c6ea2b8d2feDavid Lawrence card or billboard) or aural information (such as from a telephone or
4bcaefbcd3ced942139fdc830e007c6ea2b8d2feDavid Lawrence radio) would correctly enter the IDN. Similar issues exist for ASCII
4bcaefbcd3ced942139fdc830e007c6ea2b8d2feDavid Lawrence domain names, for example the possible visual confusion between the
4bcaefbcd3ced942139fdc830e007c6ea2b8d2feDavid Lawrence letter 'O' and the digit zero, but the introduction of the larger
4bcaefbcd3ced942139fdc830e007c6ea2b8d2feDavid Lawrence repertoire of characters creates more opportunities of similar
657ce0b9d84fbd66514df53d61a087e8f1161187Michael Graff looking and similar sounding names. Note that this is a complex
657ce0b9d84fbd66514df53d61a087e8f1161187Michael Graff issue relating to languages, input methods on computers, and so on.
657ce0b9d84fbd66514df53d61a087e8f1161187Michael Graff Furthermore, the kind of matching and searching necessary for a high
657ce0b9d84fbd66514df53d61a087e8f1161187Michael Graff probability of success would not fit the role of the DNS and its
657ce0b9d84fbd66514df53d61a087e8f1161187Michael Graff exact matching function.
657ce0b9d84fbd66514df53d61a087e8f1161187Michael Graff1.3 Brief overview for application developers
657ce0b9d84fbd66514df53d61a087e8f1161187Michael Graff Applications can use IDNA to support internationalized domain names
657ce0b9d84fbd66514df53d61a087e8f1161187Michael Graff anywhere that ASCII domain names are already supported, including DNS
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson master files and resolver interfaces. (Applications can also define
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson protocols and interfaces that support IDNs directly using non-ASCII
641da3ca1184d9951d5cf91538524a345bf5f271Mark Andrews representations. IDNA does not prescribe any particular
641da3ca1184d9951d5cf91538524a345bf5f271Mark Andrews representation for new protocols, but it still defines which names
641da3ca1184d9951d5cf91538524a345bf5f271Mark Andrews are valid and how they are compared.)
641da3ca1184d9951d5cf91538524a345bf5f271Mark Andrews The IDNA protocol is contained completely within applications. It is
80badf38c74c326a694e24281ee258aa26984171Mark Andrews not a client-server or peer-to-peer protocol: everything is done
641da3ca1184d9951d5cf91538524a345bf5f271Mark Andrews inside the application itself. When used with a DNS resolver
641da3ca1184d9951d5cf91538524a345bf5f271Mark Andrews library, IDNA is inserted as a "shim" between the application and the
641da3ca1184d9951d5cf91538524a345bf5f271Mark Andrews resolver library. When used for writing names into a DNS zone, IDNA
641da3ca1184d9951d5cf91538524a345bf5f271Mark Andrews is used just before the name is committed to the zone.
9fe28a624c659e380d47dbf45527637dab03b998Mark Andrews There are two operations described in section 4 of this document:
9fe28a624c659e380d47dbf45527637dab03b998Mark Andrews - The ToASCII operation is used before sending an IDN to something
9fe28a624c659e380d47dbf45527637dab03b998Mark Andrews that expects ASCII names (such as a resolver) or writing an IDN
774c3a62d9adca187b44fe90919bb409a43a2f2aMark Andrews into a place that expects ASCII names (such as a DNS master file).
9fe28a624c659e380d47dbf45527637dab03b998Mark Andrews - The ToUnicode operation is used when displaying names to users,
9fe28a624c659e380d47dbf45527637dab03b998Mark Andrews for example names obtained from a DNS zone.
9fe28a624c659e380d47dbf45527637dab03b998Mark Andrews It is important to note that the ToASCII operation can fail. If it
774c3a62d9adca187b44fe90919bb409a43a2f2aMark Andrews fails when processing a domain name, that domain name cannot be used
774c3a62d9adca187b44fe90919bb409a43a2f2aMark Andrews as an internationalized domain name and the application has to have
774c3a62d9adca187b44fe90919bb409a43a2f2aMark Andrews some method of dealing with this failure.
774c3a62d9adca187b44fe90919bb409a43a2f2aMark Andrews IDNA requires that implementations process input strings with
774c3a62d9adca187b44fe90919bb409a43a2f2aMark Andrews Nameprep [NAMEPREP], which is a profile of Stringprep [STRINGPREP],
774c3a62d9adca187b44fe90919bb409a43a2f2aMark Andrews and then with Punycode [PUNYCODE]. Implementations of IDNA MUST
774c3a62d9adca187b44fe90919bb409a43a2f2aMark AndrewsFaltstrom, et al. Standards Track [Page 4]
9fe28a624c659e380d47dbf45527637dab03b998Mark AndrewsRFC 3490 IDNA March 2003
39b973d8873996c3bfb6e5b4cc69731f6c3b77b5Mark Andrews fully implement Nameprep and Punycode; neither Nameprep nor Punycode
6342df69b05f2f62d060fd4affdf536e51504084Mark Andrews are optional.
6342df69b05f2f62d060fd4affdf536e51504084Mark Andrews2. Terminology
6342df69b05f2f62d060fd4affdf536e51504084Mark Andrews The key words "MUST", "SHALL", "REQUIRED", "SHOULD", "RECOMMENDED",
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson and "MAY" in this document are to be interpreted as described in BCP
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson 14, RFC 2119 [RFC2119].
c654449ccf403ccd2b81be2038b1013d6fbb06ccMark Andrews A code point is an integer value associated with a character in a
6fcb2f0faad67a6d2cb2e30ec57157d75fbfe58fAndreas Gustafsson coded character set.
6fcb2f0faad67a6d2cb2e30ec57157d75fbfe58fAndreas Gustafsson Unicode [UNICODE] is a coded character set containing tens of
6fcb2f0faad67a6d2cb2e30ec57157d75fbfe58fAndreas Gustafsson thousands of characters. A single Unicode code point is denoted by
6fcb2f0faad67a6d2cb2e30ec57157d75fbfe58fAndreas Gustafsson "U+" followed by four to six hexadecimal digits, while a range of
6fcb2f0faad67a6d2cb2e30ec57157d75fbfe58fAndreas Gustafsson Unicode code points is denoted by two hexadecimal numbers separated
47fd46791da765e3dbedd987e9b263b3bee25986Brian Wellington by "..", with no prefixes.
47fd46791da765e3dbedd987e9b263b3bee25986Brian Wellington ASCII means US-ASCII [USASCII], a coded character set containing 128
47fd46791da765e3dbedd987e9b263b3bee25986Brian Wellington characters associated with code points in the range 0..7F. Unicode
47fd46791da765e3dbedd987e9b263b3bee25986Brian Wellington is an extension of ASCII: it includes all the ASCII characters and
47fd46791da765e3dbedd987e9b263b3bee25986Brian Wellington associates them with the same code points.
47fd46791da765e3dbedd987e9b263b3bee25986Brian Wellington The term "LDH code points" is defined in this document to mean the
47fd46791da765e3dbedd987e9b263b3bee25986Brian Wellington code points associated with ASCII letters, digits, and the hyphen-
47fd46791da765e3dbedd987e9b263b3bee25986Brian Wellington minus; that is, U+002D, 30..39, 41..5A, and 61..7A. "LDH" is an
47fd46791da765e3dbedd987e9b263b3bee25986Brian Wellington abbreviation for "letters, digits, hyphen".
6fcb2f0faad67a6d2cb2e30ec57157d75fbfe58fAndreas Gustafsson [STD13] talks about "domain names" and "host names", but many people
6fcb2f0faad67a6d2cb2e30ec57157d75fbfe58fAndreas Gustafsson use the terms interchangeably. Further, because [STD13] was not
6fcb2f0faad67a6d2cb2e30ec57157d75fbfe58fAndreas Gustafsson terribly clear, many people who are sure they know the exact
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson definitions of each of these terms disagree on the definitions. In
8f3dd8f8e73e4465221a5297819db70e6b383138Mark Andrews this document the term "domain name" is used in general. This
43fe2897fc80bbec2115310ca79d432a252f3ea4Mark Andrews document explicitly cites [STD3] whenever referring to the host name
43fe2897fc80bbec2115310ca79d432a252f3ea4Mark Andrews syntax restrictions defined therein.
43fe2897fc80bbec2115310ca79d432a252f3ea4Mark Andrews A label is an individual part of a domain name. Labels are usually
43fe2897fc80bbec2115310ca79d432a252f3ea4Mark Andrews shown separated by dots; for example, the domain name
43fe2897fc80bbec2115310ca79d432a252f3ea4Mark Andrews "www.example.com" is composed of three labels: "www", "example", and
43fe2897fc80bbec2115310ca79d432a252f3ea4Mark Andrews "com". (The zero-length root label described in [STD13], which can
43fe2897fc80bbec2115310ca79d432a252f3ea4Mark Andrews be explicit as in "www.example.com." or implicit as in
43fe2897fc80bbec2115310ca79d432a252f3ea4Mark Andrews "www.example.com", is not considered a label in this specification.)
43fe2897fc80bbec2115310ca79d432a252f3ea4Mark Andrews IDNA extends the set of usable characters in labels that are text.
43fe2897fc80bbec2115310ca79d432a252f3ea4Mark Andrews For the rest of this document, the term "label" is shorthand for
43fe2897fc80bbec2115310ca79d432a252f3ea4Mark Andrews "text label", and "every label" means "every text label".
754cca729dd82ae8363917dc00ad44f9d900635bMark AndrewsFaltstrom, et al. Standards Track [Page 5]
754cca729dd82ae8363917dc00ad44f9d900635bMark AndrewsRFC 3490 IDNA March 2003
754cca729dd82ae8363917dc00ad44f9d900635bMark Andrews An "internationalized label" is a label to which the ToASCII
754cca729dd82ae8363917dc00ad44f9d900635bMark Andrews operation (see section 4) can be applied without failing (with the
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson UseSTD3ASCIIRules flag unset). This implies that every ASCII label
40dd9cb8cc240c33d820fe79f176ed51e4c06a1aMark Andrews that satisfies the [STD13] length restriction is an internationalized
40dd9cb8cc240c33d820fe79f176ed51e4c06a1aMark Andrews label. Therefore the term "internationalized label" is a
40dd9cb8cc240c33d820fe79f176ed51e4c06a1aMark Andrews generalization, embracing both old ASCII labels and new non-ASCII
40dd9cb8cc240c33d820fe79f176ed51e4c06a1aMark Andrews labels. Although most Unicode characters can appear in
40dd9cb8cc240c33d820fe79f176ed51e4c06a1aMark Andrews internationalized labels, ToASCII will fail for some input strings,
40dd9cb8cc240c33d820fe79f176ed51e4c06a1aMark Andrews and such strings are not valid internationalized labels.
40dd9cb8cc240c33d820fe79f176ed51e4c06a1aMark Andrews An "internationalized domain name" (IDN) is a domain name in which
40dd9cb8cc240c33d820fe79f176ed51e4c06a1aMark Andrews every label is an internationalized label. This implies that every
40dd9cb8cc240c33d820fe79f176ed51e4c06a1aMark Andrews ASCII domain name is an IDN (which implies that it is possible for a
40dd9cb8cc240c33d820fe79f176ed51e4c06a1aMark Andrews name to be an IDN without it containing any non-ASCII characters).
40dd9cb8cc240c33d820fe79f176ed51e4c06a1aMark Andrews This document does not attempt to define an "internationalized host
40dd9cb8cc240c33d820fe79f176ed51e4c06a1aMark Andrews name". Just as has been the case with ASCII names, some DNS zone
40dd9cb8cc240c33d820fe79f176ed51e4c06a1aMark Andrews administrators may impose restrictions, beyond those imposed by DNS
40dd9cb8cc240c33d820fe79f176ed51e4c06a1aMark Andrews or IDNA, on the characters or strings that may be registered as
40dd9cb8cc240c33d820fe79f176ed51e4c06a1aMark Andrews labels in their zones. Such restrictions have no impact on the
40dd9cb8cc240c33d820fe79f176ed51e4c06a1aMark Andrews syntax or semantics of DNS protocol messages; a query for a name that
40dd9cb8cc240c33d820fe79f176ed51e4c06a1aMark Andrews matches no records will yield the same response regardless of the
40dd9cb8cc240c33d820fe79f176ed51e4c06a1aMark Andrews reason why it is not in the zone. Clients issuing queries or
40dd9cb8cc240c33d820fe79f176ed51e4c06a1aMark Andrews interpreting responses cannot be assumed to have any knowledge of
40dd9cb8cc240c33d820fe79f176ed51e4c06a1aMark Andrews zone-specific restrictions or conventions.
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson In IDNA, equivalence of labels is defined in terms of the ToASCII
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson operation, which constructs an ASCII form for a given label, whether
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson or not the label was already an ASCII label. Labels are defined to
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson be equivalent if and only if their ASCII forms produced by ToASCII
963c48ba4d06a112c70d50328e827749e95f58dbMark Andrews match using a case-insensitive ASCII comparison. ASCII labels
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson already have a notion of equivalence: upper case and lower case are
963c48ba4d06a112c70d50328e827749e95f58dbMark Andrews considered equivalent. The IDNA notion of equivalence is an
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson extension of that older notion. Equivalent labels in IDNA are
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson treated as alternate forms of the same label, just as "foo" and "Foo"
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson are treated as alternate forms of the same label.
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson To allow internationalized labels to be handled by existing
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson applications, IDNA uses an "ACE label" (ACE stands for ASCII
a1898260ad19d02e88ab76c1855d33c67add9defMark Andrews Compatible Encoding). An ACE label is an internationalized label
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson that can be rendered in ASCII and is equivalent to an
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson internationalized label that cannot be rendered in ASCII. Given any
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson internationalized label that cannot be rendered in ASCII, the ToASCII
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson operation will convert it to an equivalent ACE label (whereas an
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson ASCII label will be left unaltered by ToASCII). ACE labels are
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson unsuitable for display to users. The ToUnicode operation will
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson convert any label to an equivalent non-ACE label. In fact, an ACE
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson label is formally defined to be any label that the ToUnicode
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson operation would alter (whereas non-ACE labels are left unaltered by
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas GustafssonFaltstrom, et al. Standards Track [Page 6]
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas GustafssonRFC 3490 IDNA March 2003
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson ToUnicode). Every ACE label begins with the ACE prefix specified in
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson section 5. The ToASCII and ToUnicode operations are specified in
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson The "ACE prefix" is defined in this document to be a string of ASCII
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson characters that appears at the beginning of every ACE label. It is
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson specified in section 5.
90407942d3afe50f04ccea361de3b164a5a1702dMichael Graff A "domain name slot" is defined in this document to be a protocol
90407942d3afe50f04ccea361de3b164a5a1702dMichael Graff element or a function argument or a return value (and so on)
90407942d3afe50f04ccea361de3b164a5a1702dMichael Graff explicitly designated for carrying a domain name. Examples of domain
90407942d3afe50f04ccea361de3b164a5a1702dMichael Graff name slots include: the QNAME field of a DNS query; the name argument
90407942d3afe50f04ccea361de3b164a5a1702dMichael Graff of the gethostbyname() library function; the part of an email address
13faa8b6a2d0d45e0659049983928366252ab3faMichael Graff following the at-sign (@) in the From: field of an email message
13faa8b6a2d0d45e0659049983928366252ab3faMichael Graff header; and the host portion of the URI in the src attribute of an
13faa8b6a2d0d45e0659049983928366252ab3faMichael Graff HTML <IMG> tag. General text that just happens to contain a domain
5989aea4bbe79e09290792f04aeb557e2b2da02eAndreas Gustafsson name is not a domain name slot; for example, a domain name appearing
13faa8b6a2d0d45e0659049983928366252ab3faMichael Graff in the plain text body of an email message is not occupying a domain
3d8dfd44a3be708f00380064411c16b2fa28303aMark Andrews An "IDN-aware domain name slot" is defined in this document to be a
13faa8b6a2d0d45e0659049983928366252ab3faMichael Graff domain name slot explicitly designated for carrying an
a53259c4cc558f86dd008eccc60cc89b6734a03cMark Andrews internationalized domain name as defined in this document. The
a53259c4cc558f86dd008eccc60cc89b6734a03cMark Andrews designation may be static (for example, in the specification of the
a53259c4cc558f86dd008eccc60cc89b6734a03cMark Andrews protocol or interface) or dynamic (for example, as a result of
a53259c4cc558f86dd008eccc60cc89b6734a03cMark Andrews negotiation in an interactive session).
a53259c4cc558f86dd008eccc60cc89b6734a03cMark Andrews An "IDN-unaware domain name slot" is defined in this document to be
a53259c4cc558f86dd008eccc60cc89b6734a03cMark Andrews any domain name slot that is not an IDN-aware domain name slot.
a53259c4cc558f86dd008eccc60cc89b6734a03cMark Andrews Obviously, this includes any domain name slot whose specification
a53259c4cc558f86dd008eccc60cc89b6734a03cMark Andrews predates IDNA.
a53259c4cc558f86dd008eccc60cc89b6734a03cMark Andrews3. Requirements and applicability
5f9e583552f53de12062bfff12e47250abce378fBrian Wellington3.1 Requirements
3fcf6b956f47405750724bd84e1b2290b61c9186Brian Wellington IDNA conformance means adherence to the following four requirements:
3fcf6b956f47405750724bd84e1b2290b61c9186Brian Wellington 1) Whenever dots are used as label separators, the following
5f9e583552f53de12062bfff12e47250abce378fBrian Wellington characters MUST be recognized as dots: U+002E (full stop), U+3002
a53259c4cc558f86dd008eccc60cc89b6734a03cMark Andrews (ideographic full stop), U+FF0E (fullwidth full stop), U+FF61
a53259c4cc558f86dd008eccc60cc89b6734a03cMark Andrews (halfwidth ideographic full stop).
a53259c4cc558f86dd008eccc60cc89b6734a03cMark Andrews 2) Whenever a domain name is put into an IDN-unaware domain name slot
a53259c4cc558f86dd008eccc60cc89b6734a03cMark Andrews (see section 2), it MUST contain only ASCII characters. Given an
5f9e583552f53de12062bfff12e47250abce378fBrian Wellington internationalized domain name (IDN), an equivalent domain name
a53259c4cc558f86dd008eccc60cc89b6734a03cMark Andrews satisfying this requirement can be obtained by applying the
68f72235f8f41fa949823551d8e6476057ec5bd6Andreas GustafssonFaltstrom, et al. Standards Track [Page 7]
68f72235f8f41fa949823551d8e6476057ec5bd6Andreas GustafssonRFC 3490 IDNA March 2003
68f72235f8f41fa949823551d8e6476057ec5bd6Andreas Gustafsson ToASCII operation (see section 4) to each label and, if dots are
68f72235f8f41fa949823551d8e6476057ec5bd6Andreas Gustafsson used as label separators, changing all the label separators to
5989aea4bbe79e09290792f04aeb557e2b2da02eAndreas Gustafsson 3) ACE labels obtained from domain name slots SHOULD be hidden from
80f323528ac699026a609a5e3b765dc6e88fe37cAndreas Gustafsson users when it is known that the environment can handle the non-ACE
5989aea4bbe79e09290792f04aeb557e2b2da02eAndreas Gustafsson form, except when the ACE form is explicitly requested. When it
5989aea4bbe79e09290792f04aeb557e2b2da02eAndreas Gustafsson is not known whether or not the environment can handle the non-ACE
3fcf6b956f47405750724bd84e1b2290b61c9186Brian Wellington form, the application MAY use the non-ACE form (which might fail,
c5826852e6c789f59b301f8197e65a1dd4e09a44Mark Andrews such as by not being displayed properly), or it MAY use the ACE
c5826852e6c789f59b301f8197e65a1dd4e09a44Mark Andrews form (which will look unintelligle to the user). Given an
c5826852e6c789f59b301f8197e65a1dd4e09a44Mark Andrews internationalized domain name, an equivalent domain name
c5826852e6c789f59b301f8197e65a1dd4e09a44Mark Andrews containing no ACE labels can be obtained by applying the ToUnicode
c5826852e6c789f59b301f8197e65a1dd4e09a44Mark Andrews operation (see section 4) to each label. When requirements 2 and
c5826852e6c789f59b301f8197e65a1dd4e09a44Mark Andrews 3 both apply, requirement 2 takes precedence.
c5826852e6c789f59b301f8197e65a1dd4e09a44Mark Andrews 4) Whenever two labels are compared, they MUST be considered to match
c5826852e6c789f59b301f8197e65a1dd4e09a44Mark Andrews if and only if they are equivalent, that is, their ASCII forms
c5826852e6c789f59b301f8197e65a1dd4e09a44Mark Andrews (obtained by applying ToASCII) match using a case-insensitive
c5826852e6c789f59b301f8197e65a1dd4e09a44Mark Andrews ASCII comparison. Whenever two names are compared, they MUST be
c5826852e6c789f59b301f8197e65a1dd4e09a44Mark Andrews considered to match if and only if their corresponding labels
c5826852e6c789f59b301f8197e65a1dd4e09a44Mark Andrews match, regardless of whether the names use the same forms of label
5f9e583552f53de12062bfff12e47250abce378fBrian Wellington3.2 Applicability
5989aea4bbe79e09290792f04aeb557e2b2da02eAndreas Gustafsson IDNA is applicable to all domain names in all domain name slots
5989aea4bbe79e09290792f04aeb557e2b2da02eAndreas Gustafsson except where it is explicitly excluded.
5989aea4bbe79e09290792f04aeb557e2b2da02eAndreas Gustafsson This implies that IDNA is applicable to many protocols that predate
bc53aacc6e9302b1f8d01467fc39585584652782Andreas Gustafsson IDNA. Note that IDNs occupying domain name slots in those protocols
bc53aacc6e9302b1f8d01467fc39585584652782Andreas Gustafsson MUST be in ASCII form (see section 3.1, requirement 2).
bc53aacc6e9302b1f8d01467fc39585584652782Andreas Gustafsson3.2.1. DNS resource records
d906600f7d1e86a4315e65a500f806ca1e4caa9bAndreas Gustafsson IDNA does not apply to domain names in the NAME and RDATA fields of
bc53aacc6e9302b1f8d01467fc39585584652782Andreas Gustafsson DNS resource records whose CLASS is not IN. This exclusion applies
bc53aacc6e9302b1f8d01467fc39585584652782Andreas Gustafsson to every non-IN class, present and future, except where future
bc53aacc6e9302b1f8d01467fc39585584652782Andreas Gustafsson standards override this exclusion by explicitly inviting the use of
2995f8205eaa0d4bc3a57900a413b5cfdb83564fAndreas Gustafsson There are currently no other exclusions on the applicability of IDNA
2995f8205eaa0d4bc3a57900a413b5cfdb83564fAndreas Gustafsson to DNS resource records; it depends entirely on the CLASS, and not on
2995f8205eaa0d4bc3a57900a413b5cfdb83564fAndreas Gustafsson the TYPE. This will remain true, even as new types are defined,
bc53aacc6e9302b1f8d01467fc39585584652782Andreas Gustafsson unless there is a compelling reason for a new type to complicate
d73de275987d29627dc11d5bd4a22874a29f7874Mark Andrews matters by imposing type-specific rules.
d73de275987d29627dc11d5bd4a22874a29f7874Mark AndrewsFaltstrom, et al. Standards Track [Page 8]
d73de275987d29627dc11d5bd4a22874a29f7874Mark AndrewsRFC 3490 IDNA March 2003
d73de275987d29627dc11d5bd4a22874a29f7874Mark Andrews3.2.2. Non-domain-name data types stored in domain names
d73de275987d29627dc11d5bd4a22874a29f7874Mark Andrews Although IDNA enables the representation of non-ASCII characters in
d73de275987d29627dc11d5bd4a22874a29f7874Mark Andrews domain names, that does not imply that IDNA enables the
d73de275987d29627dc11d5bd4a22874a29f7874Mark Andrews representation of non-ASCII characters in other data types that are
d73de275987d29627dc11d5bd4a22874a29f7874Mark Andrews stored in domain names. For example, an email address local part is
d73de275987d29627dc11d5bd4a22874a29f7874Mark Andrews sometimes stored in a domain label (hostmaster@example.com would be
d73de275987d29627dc11d5bd4a22874a29f7874Mark Andrews represented as hostmaster.example.com in the RDATA field of an SOA
d73de275987d29627dc11d5bd4a22874a29f7874Mark Andrews record). IDNA does not update the existing email standards, which
7f32428506d55083fe5ac9aa515294bdef7c6e27Mark Andrews allow only ASCII characters in local parts. Therefore, unless the
7f32428506d55083fe5ac9aa515294bdef7c6e27Mark Andrews email standards are revised to invite the use of IDNA for local
7f32428506d55083fe5ac9aa515294bdef7c6e27Mark Andrews parts, a domain label that holds the local part of an email address
7f32428506d55083fe5ac9aa515294bdef7c6e27Mark Andrews SHOULD NOT begin with the ACE prefix, and even if it does, it is to
7f32428506d55083fe5ac9aa515294bdef7c6e27Mark Andrews be interpreted literally as a local part that happens to begin with
7f32428506d55083fe5ac9aa515294bdef7c6e27Mark Andrews the ACE prefix.
5989aea4bbe79e09290792f04aeb557e2b2da02eAndreas Gustafsson4. Conversion operations
5989aea4bbe79e09290792f04aeb557e2b2da02eAndreas Gustafsson An application converts a domain name put into an IDN-unaware slot or
5989aea4bbe79e09290792f04aeb557e2b2da02eAndreas Gustafsson displayed to a user. This section specifies the steps to perform in
7f32428506d55083fe5ac9aa515294bdef7c6e27Mark Andrews the conversion, and the ToASCII and ToUnicode operations.
bd1db480f30e025bba719799f910b34848a9a997Mark Andrews The input to ToASCII or ToUnicode is a single label that is a
bd1db480f30e025bba719799f910b34848a9a997Mark Andrews sequence of Unicode code points (remember that all ASCII code points
7f32428506d55083fe5ac9aa515294bdef7c6e27Mark Andrews are also Unicode code points). If a domain name is represented using
5989aea4bbe79e09290792f04aeb557e2b2da02eAndreas Gustafsson a character set other than Unicode or US-ASCII, it will first need to
5989aea4bbe79e09290792f04aeb557e2b2da02eAndreas Gustafsson be transcoded to Unicode.
5989aea4bbe79e09290792f04aeb557e2b2da02eAndreas Gustafsson Starting from a whole domain name, the steps that an application
5989aea4bbe79e09290792f04aeb557e2b2da02eAndreas Gustafsson takes to do the conversions are:
caa736a754e90f44bbc249e22f96bcbf4e04b849Andreas Gustafsson 1) Decide whether the domain name is a "stored string" or a "query
7f32428506d55083fe5ac9aa515294bdef7c6e27Mark Andrews string" as described in [STRINGPREP]. If this conversion follows
7f32428506d55083fe5ac9aa515294bdef7c6e27Mark Andrews the "queries" rule from [STRINGPREP], set the flag called
7f32428506d55083fe5ac9aa515294bdef7c6e27Mark Andrews "AllowUnassigned".
7f32428506d55083fe5ac9aa515294bdef7c6e27Mark Andrews 2) Split the domain name into individual labels as described in
7f32428506d55083fe5ac9aa515294bdef7c6e27Mark Andrews section 3.1. The labels do not include the separator.
7f32428506d55083fe5ac9aa515294bdef7c6e27Mark Andrews 3) For each label, decide whether or not to enforce the restrictions
7f32428506d55083fe5ac9aa515294bdef7c6e27Mark Andrews on ASCII characters in host names [STD3]. (Applications already
7f32428506d55083fe5ac9aa515294bdef7c6e27Mark Andrews faced this choice before the introduction of IDNA, and can
7f32428506d55083fe5ac9aa515294bdef7c6e27Mark Andrews continue to make the decision the same way they always have; IDNA
7f32428506d55083fe5ac9aa515294bdef7c6e27Mark Andrews makes no new recommendations regarding this choice.) If the
7f32428506d55083fe5ac9aa515294bdef7c6e27Mark Andrews restrictions are to be enforced, set the flag called
7f32428506d55083fe5ac9aa515294bdef7c6e27Mark Andrews "UseSTD3ASCIIRules" for that label.
7f32428506d55083fe5ac9aa515294bdef7c6e27Mark AndrewsFaltstrom, et al. Standards Track [Page 9]
7f32428506d55083fe5ac9aa515294bdef7c6e27Mark AndrewsRFC 3490 IDNA March 2003
c0707105f60934d59321c2fccbc254f9e31ff28aMark Andrews 4) Process each label with either the ToASCII or the ToUnicode
c0707105f60934d59321c2fccbc254f9e31ff28aMark Andrews operation as appropriate. Typically, you use the ToASCII
c0707105f60934d59321c2fccbc254f9e31ff28aMark Andrews operation if you are about to put the name into an IDN-unaware
c0707105f60934d59321c2fccbc254f9e31ff28aMark Andrews slot, and you use the ToUnicode operation if you are displaying
c0707105f60934d59321c2fccbc254f9e31ff28aMark Andrews the name to a user; section 3.1 gives greater detail on the
c0707105f60934d59321c2fccbc254f9e31ff28aMark Andrews applicable requirements.
5989aea4bbe79e09290792f04aeb557e2b2da02eAndreas Gustafsson 5) If ToASCII was applied in step 4 and dots are used as label
5f9e583552f53de12062bfff12e47250abce378fBrian Wellington separators, change all the label separators to U+002E (full stop).
08a768e82ad64ede97f640c88e02984b59122753Michael Graff The following two subsections define the ToASCII and ToUnicode
08a768e82ad64ede97f640c88e02984b59122753Michael Graff operations that are used in step 4.
08a768e82ad64ede97f640c88e02984b59122753Michael Graff This description of the protocol uses specific procedure names, names
08a768e82ad64ede97f640c88e02984b59122753Michael Graff of flags, and so on, in order to facilitate the specification of the
08a768e82ad64ede97f640c88e02984b59122753Michael Graff protocol. These names, as well as the actual steps of the
3fcf6b956f47405750724bd84e1b2290b61c9186Brian Wellington procedures, are not required of an implementation. In fact, any
0e40083fdd5445703bd30e46e5bfe7d047bced12Brian Wellington implementation which has the same external behavior as specified in
0e40083fdd5445703bd30e46e5bfe7d047bced12Brian Wellington this document conforms to this specification.
3ec6b563d7b6cb11a047f23faa2a0f206ccd93e7Brian Wellington The ToASCII operation takes a sequence of Unicode code points that
fee5012c43744322c1785e5c3e0c322443faa304Brian Wellington make up one label and transforms it into a sequence of code points in
fee5012c43744322c1785e5c3e0c322443faa304Brian Wellington the ASCII range (0..7F). If ToASCII succeeds, the original sequence
fee5012c43744322c1785e5c3e0c322443faa304Brian Wellington and the resulting sequence are equivalent labels.
fee5012c43744322c1785e5c3e0c322443faa304Brian Wellington It is important to note that the ToASCII operation can fail. ToASCII
fee5012c43744322c1785e5c3e0c322443faa304Brian Wellington fails if any step of it fails. If any step of the ToASCII operation
fee5012c43744322c1785e5c3e0c322443faa304Brian Wellington fails on any label in a domain name, that domain name MUST NOT be
fee5012c43744322c1785e5c3e0c322443faa304Brian Wellington used as an internationalized domain name. The method for dealing
fee5012c43744322c1785e5c3e0c322443faa304Brian Wellington with this failure is application-specific.
fee5012c43744322c1785e5c3e0c322443faa304Brian Wellington The inputs to ToASCII are a sequence of code points, the
fee5012c43744322c1785e5c3e0c322443faa304Brian Wellington AllowUnassigned flag, and the UseSTD3ASCIIRules flag. The output of
fee5012c43744322c1785e5c3e0c322443faa304Brian Wellington ToASCII is either a sequence of ASCII code points or a failure
fee5012c43744322c1785e5c3e0c322443faa304Brian Wellington ToASCII never alters a sequence of code points that are all in the
fee5012c43744322c1785e5c3e0c322443faa304Brian Wellington ASCII range to begin with (although it could fail). Applying the
fee5012c43744322c1785e5c3e0c322443faa304Brian Wellington ToASCII operation multiple times has exactly the same effect as
fee5012c43744322c1785e5c3e0c322443faa304Brian Wellington applying it just once.
fee5012c43744322c1785e5c3e0c322443faa304Brian Wellington ToASCII consists of the following steps:
fee5012c43744322c1785e5c3e0c322443faa304Brian Wellington 1. If the sequence contains any code points outside the ASCII range
fee5012c43744322c1785e5c3e0c322443faa304Brian Wellington (0..7F) then proceed to step 2, otherwise skip to step 3.
3ec6b563d7b6cb11a047f23faa2a0f206ccd93e7Brian WellingtonFaltstrom, et al. Standards Track [Page 10]
0e40083fdd5445703bd30e46e5bfe7d047bced12Brian WellingtonRFC 3490 IDNA March 2003
0e40083fdd5445703bd30e46e5bfe7d047bced12Brian Wellington 2. Perform the steps specified in [NAMEPREP] and fail if there is an
0e40083fdd5445703bd30e46e5bfe7d047bced12Brian Wellington error. The AllowUnassigned flag is used in [NAMEPREP].
3ec6b563d7b6cb11a047f23faa2a0f206ccd93e7Brian Wellington 3. If the UseSTD3ASCIIRules flag is set, then perform these checks:
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington (a) Verify the absence of non-LDH ASCII code points; that is, the
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington absence of 0..2C, 2E..2F, 3A..40, 5B..60, and 7B..7F.
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington (b) Verify the absence of leading and trailing hyphen-minus; that
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington is, the absence of U+002D at the beginning and end of the
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington 4. If the sequence contains any code points outside the ASCII range
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington (0..7F) then proceed to step 5, otherwise skip to step 8.
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington 5. Verify that the sequence does NOT begin with the ACE prefix.
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington 6. Encode the sequence using the encoding algorithm in [PUNYCODE] and
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington fail if there is an error.
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington 7. Prepend the ACE prefix.
b495fd2992c63472b3ad2d9517ffe9b50118840aAndreas Gustafsson 8. Verify that the number of code points is in the range 1 to 63
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington The ToUnicode operation takes a sequence of Unicode code points that
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington make up one label and returns a sequence of Unicode code points. If
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington the input sequence is a label in ACE form, then the result is an
dee520f1be8c59e10a55b6995844395e811c310fBrian Wellington equivalent internationalized label that is not in ACE form, otherwise
dee520f1be8c59e10a55b6995844395e811c310fBrian Wellington the original sequence is returned unaltered.
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington ToUnicode never fails. If any step fails, then the original input
529ff4b4959fb157194f985394951108ff5286e4Brian Wellington sequence is returned immediately in that step.
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington The ToUnicode output never contains more code points than its input.
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington Note that the number of octets needed to represent a sequence of code
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington points depends on the particular character encoding used.
5b76a09697bfc76f5acefd65d5b37b1214d271a8Mark Andrews The inputs to ToUnicode are a sequence of code points, the
5b76a09697bfc76f5acefd65d5b37b1214d271a8Mark Andrews AllowUnassigned flag, and the UseSTD3ASCIIRules flag. The output of
5b76a09697bfc76f5acefd65d5b37b1214d271a8Mark Andrews ToUnicode is always a sequence of Unicode code points.
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence 1. If all code points in the sequence are in the ASCII range (0..7F)
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence then skip to step 3.
e2b585787f4779f49bd0982562acbbb7d0b65a95Andreas GustafssonFaltstrom, et al. Standards Track [Page 11]
e2b585787f4779f49bd0982562acbbb7d0b65a95Andreas GustafssonRFC 3490 IDNA March 2003
e2b585787f4779f49bd0982562acbbb7d0b65a95Andreas Gustafsson 2. Perform the steps specified in [NAMEPREP] and fail if there is an
e2b585787f4779f49bd0982562acbbb7d0b65a95Andreas Gustafsson error. (If step 3 of ToASCII is also performed here, it will not
e2b585787f4779f49bd0982562acbbb7d0b65a95Andreas Gustafsson affect the overall behavior of ToUnicode, but it is not
7f9bc71eca311843611a4b0cfdeb12eda324b689Mark Andrews necessary.) The AllowUnassigned flag is used in [NAMEPREP].
e2b585787f4779f49bd0982562acbbb7d0b65a95Andreas Gustafsson 3. Verify that the sequence begins with the ACE prefix, and save a
e2b585787f4779f49bd0982562acbbb7d0b65a95Andreas Gustafsson copy of the sequence.
e2b585787f4779f49bd0982562acbbb7d0b65a95Andreas Gustafsson 4. Remove the ACE prefix.
e2b585787f4779f49bd0982562acbbb7d0b65a95Andreas Gustafsson 5. Decode the sequence using the decoding algorithm in [PUNYCODE] and
6ef891fbe943d6776ed17439ccb8bbb8e314b7d8Andreas Gustafsson fail if there is an error. Save a copy of the result of this
9d266ed4d7630d8366fea0a4a627d8c3873821c5Brian Wellington 6. Apply ToASCII.
9d266ed4d7630d8366fea0a4a627d8c3873821c5Brian Wellington 7. Verify that the result of step 6 matches the saved copy from step
712bf9b0cc4ed34f4bf33b437f8b0e45853b93ceMark Andrews 3, using a case-insensitive ASCII comparison.
e2b585787f4779f49bd0982562acbbb7d0b65a95Andreas Gustafsson 8. Return the saved copy from step 5.
712bf9b0cc4ed34f4bf33b437f8b0e45853b93ceMark Andrews5. ACE prefix
e2b585787f4779f49bd0982562acbbb7d0b65a95Andreas Gustafsson The ACE prefix, used in the conversion operations (section 4), is two
50105afc551903541608b11851d73278b23579a3Mark Andrews alphanumeric ASCII characters followed by two hyphen-minuses. It
50105afc551903541608b11851d73278b23579a3Mark Andrews cannot be any of the prefixes already used in earlier documents,
50105afc551903541608b11851d73278b23579a3Mark Andrews which includes the following: "bl--", "bq--", "dq--", "lq--", "mq--",
50105afc551903541608b11851d73278b23579a3Mark Andrews "ra--", "wq--" and "zq--". The ToASCII and ToUnicode operations MUST
50105afc551903541608b11851d73278b23579a3Mark Andrews recognize the ACE prefix in a case-insensitive manner.
50105afc551903541608b11851d73278b23579a3Mark Andrews The ACE prefix for IDNA is "xn--" or any capitalization thereof.
e2b585787f4779f49bd0982562acbbb7d0b65a95Andreas Gustafsson This means that an ACE label might be "xn--de-jg4avhby1noc0d", where
1c0ff8a9cc1e1edd55acff6802f8811966732653Brian Wellington "de-jg4avhby1noc0d" is the part of the ACE label that is generated by
e2b585787f4779f49bd0982562acbbb7d0b65a95Andreas Gustafsson the encoding steps in [PUNYCODE].
e2b585787f4779f49bd0982562acbbb7d0b65a95Andreas Gustafsson While all ACE labels begin with the ACE prefix, not all labels
e2b585787f4779f49bd0982562acbbb7d0b65a95Andreas Gustafsson beginning with the ACE prefix are necessarily ACE labels. Non-ACE
5e9f6125246cec57771bcdeefed03153d41c23fdMark Andrews labels that begin with the ACE prefix will confuse users and SHOULD
5e9f6125246cec57771bcdeefed03153d41c23fdMark Andrews NOT be allowed in DNS zones.
e2b585787f4779f49bd0982562acbbb7d0b65a95Andreas GustafssonFaltstrom, et al. Standards Track [Page 12]
e2b585787f4779f49bd0982562acbbb7d0b65a95Andreas GustafssonRFC 3490 IDNA March 2003
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence6. Implications for typical applications using DNS
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence In IDNA, applications perform the processing needed to input
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence internationalized domain names from users, display internationalized
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence domain names to users, and process the inputs and outputs from DNS
e2b585787f4779f49bd0982562acbbb7d0b65a95Andreas Gustafsson and other protocols that carry domain names.
e2b585787f4779f49bd0982562acbbb7d0b65a95Andreas Gustafsson The components and interfaces between them can be represented
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence pictorially as:
e2b585787f4779f49bd0982562acbbb7d0b65a95Andreas Gustafsson | Input and display: local interface methods
e2b585787f4779f49bd0982562acbbb7d0b65a95Andreas Gustafsson | (pen, keyboard, glowing phosphorus, ...)
e2b585787f4779f49bd0982562acbbb7d0b65a95Andreas Gustafsson +-------------------|-------------------------------+
e2b585787f4779f49bd0982562acbbb7d0b65a95Andreas Gustafsson | +-----------------------------+ |
e2b585787f4779f49bd0982562acbbb7d0b65a95Andreas Gustafsson | | Application | |
9ce476812c93a1bb8b416adbe707ee5000a015f1Andreas Gustafsson | | (ToASCII and ToUnicode | |
9ceaa92a8ca8a0270ba296d44599e94d95033759Andreas Gustafsson | | operations may be | |
9ceaa92a8ca8a0270ba296d44599e94d95033759Andreas Gustafsson | | called here) | |
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson | +-----------------------------+ |
9ceaa92a8ca8a0270ba296d44599e94d95033759Andreas Gustafsson | ^ ^ | End system
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson | Call to resolver: | | Application-specific |
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson | ACE | | protocol: |
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson | v | ACE unless the |
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson | +----------+ | protocol is updated |
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson | | Resolver | | to handle other |
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson | +----------+ | encodings |
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson +-----------------|----------|----------------------+
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson DNS protocol: | |
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson +-------------+ +---------------------+
1706598239da403b86f4befa4c08175d9e101014Andreas Gustafsson | DNS servers | | Application servers |
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson +-------------+ +---------------------+
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson The box labeled "Application" is where the application splits a
971d1fe83172bce09d6319c5735d243d68d8cb47Andreas Gustafsson domain name into labels, sets the appropriate flags, and performs the
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson ToASCII and ToUnicode operations. This is described in section 4.
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas GustafssonFaltstrom, et al. Standards Track [Page 13]
50105afc551903541608b11851d73278b23579a3Mark AndrewsRFC 3490 IDNA March 2003
50105afc551903541608b11851d73278b23579a3Mark Andrews6.1 Entry and display in applications
50105afc551903541608b11851d73278b23579a3Mark Andrews Applications can accept domain names using any character set or sets
50105afc551903541608b11851d73278b23579a3Mark Andrews desired by the application developer, and can display domain names in
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson any charset. That is, the IDNA protocol does not affect the
50105afc551903541608b11851d73278b23579a3Mark Andrews interface between users and applications.
50105afc551903541608b11851d73278b23579a3Mark Andrews An IDNA-aware application can accept and display internationalized
50105afc551903541608b11851d73278b23579a3Mark Andrews domain names in two formats: the internationalized character set(s)
50105afc551903541608b11851d73278b23579a3Mark Andrews supported by the application, and as an ACE label. ACE labels that
50105afc551903541608b11851d73278b23579a3Mark Andrews are displayed or input MUST always include the ACE prefix.
50105afc551903541608b11851d73278b23579a3Mark Andrews Applications MAY allow input and display of ACE labels, but are not
50105afc551903541608b11851d73278b23579a3Mark Andrews encouraged to do so except as an interface for special purposes,
50105afc551903541608b11851d73278b23579a3Mark Andrews possibly for debugging, or to cope with display limitations as
50105afc551903541608b11851d73278b23579a3Mark Andrews described in section 6.4.. ACE encoding is opaque and ugly, and
c356cd618dacb13d47ee9bee78d22a9802d4645eBrian Wellington should thus only be exposed to users who absolutely need it. Because
1706598239da403b86f4befa4c08175d9e101014Andreas Gustafsson name labels encoded as ACE name labels can be rendered either as the
566a01eb745d49bd866971062388cd11d525b60dDavid Lawrence encoded ASCII characters or the proper decoded characters, the
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson application MAY have an option for the user to select the preferred
ce7994d137a013133e874b92604183923267fc94Brian Wellington method of display; if it does, rendering the ACE SHOULD NOT be the
ce7994d137a013133e874b92604183923267fc94Brian Wellington Domain names are often stored and transported in many places. For
ce7994d137a013133e874b92604183923267fc94Brian Wellington example, they are part of documents such as mail messages and web
e2b585787f4779f49bd0982562acbbb7d0b65a95Andreas Gustafsson pages. They are transported in many parts of many protocols, such as
566a01eb745d49bd866971062388cd11d525b60dDavid Lawrence both the control commands and the RFC 2822 body parts of SMTP, and
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson the headers and the body content in HTTP. It is important to
489b76292622f5bc18bf1a18845f8166a73bd797Brian Wellington remember that domain names appear both in domain name slots and in
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson the content that is passed over protocols.
489b76292622f5bc18bf1a18845f8166a73bd797Brian Wellington In protocols and document formats that define how to handle
2271edc0b4ba96e69a283eced420b94ffb678beeBrian Wellington specification or negotiation of charsets, labels can be encoded in
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson any charset allowed by the protocol or document format. If a
2271edc0b4ba96e69a283eced420b94ffb678beeBrian Wellington protocol or document format only allows one charset, the labels MUST
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson be given in that charset.
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson In any place where a protocol or document format allows transmission
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson of the characters in internationalized labels, internationalized
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson labels SHOULD be transmitted using whatever character encoding and
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson escape mechanism that the protocol or document format uses at that
489b76292622f5bc18bf1a18845f8166a73bd797Brian Wellington All protocols that use domain name slots already have the capacity
489b76292622f5bc18bf1a18845f8166a73bd797Brian Wellington for handling domain names in the ASCII charset. Thus, ACE labels
489b76292622f5bc18bf1a18845f8166a73bd797Brian Wellington (internationalized labels that have been processed with the ToASCII
3184ff5e45c8f821e5165ea60d674bfb87faf5b8Mark Andrews operation) can inherently be handled by those protocols.
9ceaa92a8ca8a0270ba296d44599e94d95033759Andreas GustafssonFaltstrom, et al. Standards Track [Page 14]
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas GustafssonRFC 3490 IDNA March 2003
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson6.2 Applications and resolver libraries
70e854766f5304f43e94212dc38ebaefe214148cMark Andrews Applications normally use functions in the operating system when they
70e854766f5304f43e94212dc38ebaefe214148cMark Andrews resolve DNS queries. Those functions in the operating system are
70e854766f5304f43e94212dc38ebaefe214148cMark Andrews often called "the resolver library", and the applications communicate
70e854766f5304f43e94212dc38ebaefe214148cMark Andrews with the resolver libraries through a programming interface (API).
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson Because these resolver libraries today expect only domain names in
fa280ff02ad0c29616a0c3a22ef02cbb3f6db7efDavid Lawrence ASCII, applications MUST prepare labels that are passed to the
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson resolver library using the ToASCII operation. Labels received from
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson the resolver library contain only ASCII characters; internationalized
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson labels that cannot be represented directly in ASCII use the ACE form.
fa280ff02ad0c29616a0c3a22ef02cbb3f6db7efDavid Lawrence ACE labels always include the ACE prefix.
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson An operating system might have a set of libraries for performing the
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson ToASCII operation. The input to such a library might be in one or
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson more charsets that are used in applications (UTF-8 and UTF-16 are
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson likely candidates for almost any operating system, and script-
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson specific charsets are likely for localized operating systems).
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson IDNA-aware applications MUST be able to work with both non-
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson internationalized labels (those that conform to [STD13] and [STD3])
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson and internationalized labels.
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson It is expected that new versions of the resolver libraries in the
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson future will be able to accept domain names in other charsets than
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson ASCII, and application developers might one day pass not only domain
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson names in Unicode, but also in local script to a new API for the
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson resolver libraries in the operating system. Thus the ToASCII and
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson ToUnicode operations might be performed inside these new versions of
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson the resolver libraries.
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson Domain names passed to resolvers or put into the question section of
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson DNS requests follow the rules for "queries" from [STRINGPREP].
aa30ee42c4b6da9bab4fb84d6cbbda6036a4d426Mark Andrews6.3 DNS servers
9ceaa92a8ca8a0270ba296d44599e94d95033759Andreas Gustafsson Domain names stored in zones follow the rules for "stored strings"
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson from [STRINGPREP].
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson For internationalized labels that cannot be represented directly in
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson ASCII, DNS servers MUST use the ACE form produced by the ToASCII
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson operation. All IDNs served by DNS servers MUST contain only ASCII
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson If a signaling system which makes negotiation possible between old
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson and new DNS clients and servers is standardized in the future, the
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson encoding of the query in the DNS protocol itself can be changed from
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas GustafssonFaltstrom, et al. Standards Track [Page 15]
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas GustafssonRFC 3490 IDNA March 2003
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson ACE to something else, such as UTF-8. The question whether or not
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson this should be used is, however, a separate problem and is not
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson discussed in this memo.
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson6.4 Avoiding exposing users to the raw ACE encoding
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson Any application that might show the user a domain name obtained from
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson a domain name slot, such as from gethostbyaddr or part of a mail
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson header, will need to be updated if it is to prevent users from seeing
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson If an application decodes an ACE name using ToUnicode but cannot show
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson all of the characters in the decoded name, such as if the name
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson contains characters that the output system cannot display, the
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson application SHOULD show the name in ACE format (which always includes
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson the ACE prefix) instead of displaying the name with the replacement
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson character (U+FFFD). This is to make it easier for the user to
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson transfer the name correctly to other programs. Programs that by
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson default show the ACE form when they cannot show all the characters in
712bf9b0cc4ed34f4bf33b437f8b0e45853b93ceMark Andrews a name label SHOULD also have a mechanism to show the name that is
aa30ee42c4b6da9bab4fb84d6cbbda6036a4d426Mark Andrews produced by the ToUnicode operation with as many characters as
aa30ee42c4b6da9bab4fb84d6cbbda6036a4d426Mark Andrews possible and replacement characters in the positions where characters
aa30ee42c4b6da9bab4fb84d6cbbda6036a4d426Mark Andrews cannot be displayed.
712bf9b0cc4ed34f4bf33b437f8b0e45853b93ceMark Andrews The ToUnicode operation does not alter labels that are not valid ACE
712bf9b0cc4ed34f4bf33b437f8b0e45853b93ceMark Andrews labels, even if they begin with the ACE prefix. After ToUnicode has
712bf9b0cc4ed34f4bf33b437f8b0e45853b93ceMark Andrews been applied, if a label still begins with the ACE prefix, then it is
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson not a valid ACE label, and is not equivalent to any of the
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson intermediate Unicode strings constructed by ToUnicode.
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence6.5 DNSSEC authentication of IDN domain names
fafb62400d2f1b1da4f3908447e1f3935fc5155bBrian Wellington DNS Security [RFC2535] is a method for supplying cryptographic
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence verification information along with DNS messages. Public Key
fafb62400d2f1b1da4f3908447e1f3935fc5155bBrian Wellington Cryptography is used in conjunction with digital signatures to
620de5a4b1f23dc9b4ec30d30c0607ff389be0daBob Halley provide a means for a requester of domain information to authenticate
9ceaa92a8ca8a0270ba296d44599e94d95033759Andreas Gustafsson the source of the data. This ensures that it can be traced back to a
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence trusted source, either directly, or via a chain of trust linking the
620de5a4b1f23dc9b4ec30d30c0607ff389be0daBob Halley source of the information to the top of the DNS hierarchy.
9ceaa92a8ca8a0270ba296d44599e94d95033759Andreas Gustafsson IDNA specifies that all internationalized domain names served by DNS
fafb62400d2f1b1da4f3908447e1f3935fc5155bBrian Wellington servers that cannot be represented directly in ASCII must use the ACE
fafb62400d2f1b1da4f3908447e1f3935fc5155bBrian Wellington form produced by the ToASCII operation. This operation must be
fafb62400d2f1b1da4f3908447e1f3935fc5155bBrian Wellington performed prior to a zone being signed by the private key for that
23ac30603a7639bea1d331537634b079b046b122Mark Andrews zone. Because of this ordering, it is important to recognize that
23ac30603a7639bea1d331537634b079b046b122Mark Andrews DNSSEC authenticates the ASCII domain name, not the Unicode form or
64b92523f9333ba053f4b2860335583be455b0b3Brian WellingtonFaltstrom, et al. Standards Track [Page 16]
3f123dcc2fe5d2cd08ca91b732741d86a4036906Brian WellingtonRFC 3490 IDNA March 2003
3f123dcc2fe5d2cd08ca91b732741d86a4036906Brian Wellington the mapping between the Unicode form and the ASCII form. In the
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence presence of DNSSEC, this is the name that MUST be signed in the zone
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence and MUST be validated against.
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence One consequence of this for sites deploying IDNA in the presence of
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence DNSSEC is that any special purpose proxies or forwarders used to
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence transform user input into IDNs must be earlier in the resolution flow
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence than DNSSEC authenticating nameservers for DNSSEC to work.
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence7. Name server considerations
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence Existing DNS servers do not know the IDNA rules for handling non-
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence ASCII forms of IDNs, and therefore need to be shielded from them.
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence All existing channels through which names can enter a DNS server
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence database (for example, master files [STD13] and DNS update messages
03f4c76f95f75e2b0d1206e784e35bed6041305cBob Halley [RFC2136]) are IDN-unaware because they predate IDNA, and therefore
03f4c76f95f75e2b0d1206e784e35bed6041305cBob Halley requirement 2 of section 3.1 of this document provides the needed
03f4c76f95f75e2b0d1206e784e35bed6041305cBob Halley shielding, by ensuring that internationalized domain names entering
03f4c76f95f75e2b0d1206e784e35bed6041305cBob Halley DNS server databases through such channels have already been
03f4c76f95f75e2b0d1206e784e35bed6041305cBob Halley converted to their equivalent ASCII forms.
03f4c76f95f75e2b0d1206e784e35bed6041305cBob Halley It is imperative that there be only one ASCII encoding for a
03f4c76f95f75e2b0d1206e784e35bed6041305cBob Halley particular domain name. Because of the design of the ToASCII and
03f4c76f95f75e2b0d1206e784e35bed6041305cBob Halley ToUnicode operations, there are no ACE labels that decode to ASCII
03f4c76f95f75e2b0d1206e784e35bed6041305cBob Halley labels, and therefore name servers cannot contain multiple ASCII
03f4c76f95f75e2b0d1206e784e35bed6041305cBob Halley encodings of the same domain name.
03f4c76f95f75e2b0d1206e784e35bed6041305cBob Halley [RFC2181] explicitly allows domain labels to contain octets beyond
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence the ASCII range (0..7F), and this document does not change that.
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence Note, however, that there is no defined interpretation of octets
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence 80..FF as characters. If labels containing these octets are returned
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence to applications, unpredictable behavior could result. The ASCII form
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence defined by ToASCII is the only standard representation for
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence internationalized labels in the current DNS protocol.
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence8. Root server considerations
3ea6d4dc33482a752553c59ed94bcecd23d254b0Mark Andrews IDNs are likely to be somewhat longer than current domain names, so
3ea6d4dc33482a752553c59ed94bcecd23d254b0Mark Andrews the bandwidth needed by the root servers is likely to go up by a
3ea6d4dc33482a752553c59ed94bcecd23d254b0Mark Andrews small amount. Also, queries and responses for IDNs will probably be
3ea6d4dc33482a752553c59ed94bcecd23d254b0Mark Andrews somewhat longer than typical queries today, so more queries and
3ea6d4dc33482a752553c59ed94bcecd23d254b0Mark Andrews responses may be forced to go to TCP instead of UDP.
9a2574531e3d2ced31072200b416467fdee0c29cDavid LawrenceFaltstrom, et al. Standards Track [Page 17]
9a2574531e3d2ced31072200b416467fdee0c29cDavid LawrenceRFC 3490 IDNA March 2003
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence9.1 Normative References
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence Requirement Levels", BCP 14, RFC 2119, March 1997.
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence [STRINGPREP] Hoffman, P. and M. Blanchet, "Preparation of
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence Internationalized Strings ("stringprep")", RFC 3454,
3ea6d4dc33482a752553c59ed94bcecd23d254b0Mark Andrews December 2002.
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence [NAMEPREP] Hoffman, P. and M. Blanchet, "Nameprep: A Stringprep
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence Profile for Internationalized Domain Names (IDN)", RFC
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence 3491, March 2003.
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence [PUNYCODE] Costello, A., "Punycode: A Bootstring encoding of
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence Unicode for use with Internationalized Domain Names in
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence Applications (IDNA)", RFC 3492, March 2003.
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence [STD3] Braden, R., "Requirements for Internet Hosts --
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence Communication Layers", STD 3, RFC 1122, and
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence "Requirements for Internet Hosts -- Application and
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence Support", STD 3, RFC 1123, October 1989.
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence [STD13] Mockapetris, P., "Domain names - concepts and
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence facilities", STD 13, RFC 1034 and "Domain names -
3fafd7c0c42134ff2964b74a31500465a96dee90Andreas Gustafsson implementation and specification", STD 13, RFC 1035,
aa30ee42c4b6da9bab4fb84d6cbbda6036a4d426Mark Andrews November 1987.
aa30ee42c4b6da9bab4fb84d6cbbda6036a4d426Mark Andrews9.2 Informative References
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence [RFC2535] Eastlake, D., "Domain Name System Security Extensions",
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence RFC 2535, March 1999.
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence [RFC2181] Elz, R. and R. Bush, "Clarifications to the DNS
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence Specification", RFC 2181, July 1997.
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence [UAX9] Unicode Standard Annex #9, The Bidirectional Algorithm,
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence <http://www.unicode.org/unicode/reports/tr9/>.
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence [UNICODE] The Unicode Consortium. The Unicode Standard, Version
d8dcd6ad4617cc8d7df979bd62101fa9c4bac1bcBob Halley 3.2.0 is defined by The Unicode Standard, Version 3.0
d8dcd6ad4617cc8d7df979bd62101fa9c4bac1bcBob Halley (Reading, MA, Addison-Wesley, 2000. ISBN 0-201-61633-5),
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence as amended by the Unicode Standard Annex #27: Unicode
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence 3.1 (http://www.unicode.org/reports/tr27/) and by the
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence Unicode Standard Annex #28: Unicode 3.2
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid LawrenceFaltstrom, et al. Standards Track [Page 18]
882350d11c90de9de6fc1cead25690c8114b0b95Michael GraffRFC 3490 IDNA March 2003
882350d11c90de9de6fc1cead25690c8114b0b95Michael Graff [USASCII] Cerf, V., "ASCII format for Network Interchange", RFC
882350d11c90de9de6fc1cead25690c8114b0b95Michael Graff 20, October 1969.
882350d11c90de9de6fc1cead25690c8114b0b95Michael Graff10. Security Considerations
64ba6e4cc3a0ccf8c8c6349fa75b937ca9bad9a6Michael Graff Security on the Internet partly relies on the DNS. Thus, any change
d901b2252d664a5b96bae117416f8ee822dc6691Stephen Jacob to the characteristics of the DNS can change the security of much of
d901b2252d664a5b96bae117416f8ee822dc6691Stephen Jacob the Internet.
d901b2252d664a5b96bae117416f8ee822dc6691Stephen Jacob This memo describes an algorithm which encodes characters that are
d901b2252d664a5b96bae117416f8ee822dc6691Stephen Jacob not valid according to STD3 and STD13 into octet values that are
547f79ea44f0a91442fd942b04c11c1958f75136Andreas Gustafsson valid. No security issues such as string length increases or new
d901b2252d664a5b96bae117416f8ee822dc6691Stephen Jacob allowed values are introduced by the encoding process or the use of
d901b2252d664a5b96bae117416f8ee822dc6691Stephen Jacob these encoded values, apart from those introduced by the ACE encoding
d901b2252d664a5b96bae117416f8ee822dc6691Stephen Jacob Domain names are used by users to identify and connect to Internet
d901b2252d664a5b96bae117416f8ee822dc6691Stephen Jacob servers. The security of the Internet is compromised if a user
d901b2252d664a5b96bae117416f8ee822dc6691Stephen Jacob entering a single internationalized name is connected to different
d901b2252d664a5b96bae117416f8ee822dc6691Stephen Jacob servers based on different interpretations of the internationalized
d901b2252d664a5b96bae117416f8ee822dc6691Stephen Jacob When systems use local character sets other than ASCII and Unicode,
d901b2252d664a5b96bae117416f8ee822dc6691Stephen Jacob this specification leaves the the problem of transcoding between the
d901b2252d664a5b96bae117416f8ee822dc6691Stephen Jacob local character set and Unicode up to the application. If different
d901b2252d664a5b96bae117416f8ee822dc6691Stephen Jacob applications (or different versions of one application) implement
d901b2252d664a5b96bae117416f8ee822dc6691Stephen Jacob different transcoding rules, they could interpret the same name
d901b2252d664a5b96bae117416f8ee822dc6691Stephen Jacob differently and contact different servers. This problem is not
d901b2252d664a5b96bae117416f8ee822dc6691Stephen Jacob solved by security protocols like TLS that do not take local
d901b2252d664a5b96bae117416f8ee822dc6691Stephen Jacob character sets into account.
d901b2252d664a5b96bae117416f8ee822dc6691Stephen Jacob Because this document normatively refers to [NAMEPREP], [PUNYCODE],
d901b2252d664a5b96bae117416f8ee822dc6691Stephen Jacob and [STRINGPREP], it includes the security considerations from those
d901b2252d664a5b96bae117416f8ee822dc6691Stephen Jacob documents as well.
d901b2252d664a5b96bae117416f8ee822dc6691Stephen Jacob If or when this specification is updated to use a more recent Unicode
d901b2252d664a5b96bae117416f8ee822dc6691Stephen Jacob normalization table, the new normalization table will need to be
d901b2252d664a5b96bae117416f8ee822dc6691Stephen Jacob compared with the old to spot backwards incompatible changes. If
d901b2252d664a5b96bae117416f8ee822dc6691Stephen Jacob there are such changes, they will need to be handled somehow, or
d901b2252d664a5b96bae117416f8ee822dc6691Stephen Jacob there will be security as well as operational implications. Methods
d901b2252d664a5b96bae117416f8ee822dc6691Stephen Jacob to handle the conflicts could include keeping the old normalization,
d901b2252d664a5b96bae117416f8ee822dc6691Stephen Jacob or taking care of the conflicting characters by operational means, or
d901b2252d664a5b96bae117416f8ee822dc6691Stephen Jacob some other method.
d901b2252d664a5b96bae117416f8ee822dc6691Stephen Jacob Implementations MUST NOT use more recent normalization tables than
d901b2252d664a5b96bae117416f8ee822dc6691Stephen Jacob the one referenced from this document, even though more recent tables
d901b2252d664a5b96bae117416f8ee822dc6691Stephen Jacob may be provided by operating systems. If an application is unsure of
d901b2252d664a5b96bae117416f8ee822dc6691Stephen Jacob which version of the normalization tables are in the operating
64e41159a919b0711321fe688ca5da4f4d1b7d80Bob HalleyFaltstrom, et al. Standards Track [Page 19]
64e41159a919b0711321fe688ca5da4f4d1b7d80Bob HalleyRFC 3490 IDNA March 2003
64e41159a919b0711321fe688ca5da4f4d1b7d80Bob Halley system, the application needs to include the normalization tables
64e41159a919b0711321fe688ca5da4f4d1b7d80Bob Halley itself. Using normalization tables other than the one referenced
64e41159a919b0711321fe688ca5da4f4d1b7d80Bob Halley from this specification could have security and operational
64e41159a919b0711321fe688ca5da4f4d1b7d80Bob Halley implications.
74cb99072c4b0ebd2ccafcfa284288fa760f7a1aMark Andrews To help prevent confusion between characters that are visually
74cb99072c4b0ebd2ccafcfa284288fa760f7a1aMark Andrews similar, it is suggested that implementations provide visual
74cb99072c4b0ebd2ccafcfa284288fa760f7a1aMark Andrews indications where a domain name contains multiple scripts. Such
aceae69c7f3e76e8842de178851928619c65b61cMark Andrews mechanisms can also be used to show when a name contains a mixture of
aceae69c7f3e76e8842de178851928619c65b61cMark Andrews simplified and traditional Chinese characters, or to distinguish zero
aceae69c7f3e76e8842de178851928619c65b61cMark Andrews and one from O and l. DNS zone adminstrators may impose restrictions
6e1141e6e83b3907b8b187d97932f30fa82470efMark Andrews (subject to the limitations in section 2) that try to minimize
6e1141e6e83b3907b8b187d97932f30fa82470efMark Andrews Domain names (or portions of them) are sometimes compared against a
64e41159a919b0711321fe688ca5da4f4d1b7d80Bob Halley set of privileged or anti-privileged domains. In such situations it
64e41159a919b0711321fe688ca5da4f4d1b7d80Bob Halley is especially important that the comparisons be done properly, as
64e41159a919b0711321fe688ca5da4f4d1b7d80Bob Halley specified in section 3.1 requirement 4. For labels already in ASCII
64e41159a919b0711321fe688ca5da4f4d1b7d80Bob Halley form, the proper comparison reduces to the same case-insensitive
64e41159a919b0711321fe688ca5da4f4d1b7d80Bob Halley ASCII comparison that has always been used for ASCII labels.
c64aeaf419a7ef156b4aabfa2a913831e773157eBob Halley The introduction of IDNA means that any existing labels that start
74cb99072c4b0ebd2ccafcfa284288fa760f7a1aMark Andrews with the ACE prefix and would be altered by ToUnicode will
74cb99072c4b0ebd2ccafcfa284288fa760f7a1aMark Andrews automatically be ACE labels, and will be considered equivalent to
74cb99072c4b0ebd2ccafcfa284288fa760f7a1aMark Andrews non-ASCII labels, whether or not that was the intent of the zone
aceae69c7f3e76e8842de178851928619c65b61cMark Andrews adminstrator or registrant.
64e41159a919b0711321fe688ca5da4f4d1b7d80Bob Halley11. IANA Considerations
193738b819e3c699f9edd18864a6810fcfcec855Andreas Gustafsson IANA has assigned the ACE prefix in consultation with the IESG.
9ed37e8b9ccd53bc37b546fffe487b9547dda3a0Mark AndrewsFaltstrom, et al. Standards Track [Page 20]
9ed37e8b9ccd53bc37b546fffe487b9547dda3a0Mark AndrewsRFC 3490 IDNA March 2003
9ed37e8b9ccd53bc37b546fffe487b9547dda3a0Mark Andrews12. Authors' Addresses
9ed37e8b9ccd53bc37b546fffe487b9547dda3a0Mark Andrews Patrik Faltstrom
9ed37e8b9ccd53bc37b546fffe487b9547dda3a0Mark Andrews Cisco Systems
9ed37e8b9ccd53bc37b546fffe487b9547dda3a0Mark Andrews Arstaangsvagen 31 J
905e0c15332d3209dd73ff8b2334f6b80f7fe3a6David Lawrence S-117 43 Stockholm Sweden
905e0c15332d3209dd73ff8b2334f6b80f7fe3a6David Lawrence EMail: paf@cisco.com
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence Internet Mail Consortium and VPN Consortium
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence 127 Segre Place
7bb707a34778fc4bd9624d6c5de95675424ea59fDavid Lawrence Santa Cruz, CA 95060 USA
7bb707a34778fc4bd9624d6c5de95675424ea59fDavid Lawrence EMail: phoffman@imc.org
4108eed5092156cf0407a97a9bd8ab7775164694Brian Wellington Adam M. Costello
4108eed5092156cf0407a97a9bd8ab7775164694Brian Wellington University of California, Berkeley
0adde9f4f9369b23c67b9a29e824dda09b19022fDavid LawrenceFaltstrom, et al. Standards Track [Page 21]
0adde9f4f9369b23c67b9a29e824dda09b19022fDavid LawrenceRFC 3490 IDNA March 2003
0adde9f4f9369b23c67b9a29e824dda09b19022fDavid Lawrence13. Full Copyright Statement
0adde9f4f9369b23c67b9a29e824dda09b19022fDavid Lawrence Copyright (C) The Internet Society (2003). All Rights Reserved.
0adde9f4f9369b23c67b9a29e824dda09b19022fDavid Lawrence This document and translations of it may be copied and furnished to
0adde9f4f9369b23c67b9a29e824dda09b19022fDavid Lawrence others, and derivative works that comment on or otherwise explain it
0adde9f4f9369b23c67b9a29e824dda09b19022fDavid Lawrence or assist in its implementation may be prepared, copied, published
0adde9f4f9369b23c67b9a29e824dda09b19022fDavid Lawrence and distributed, in whole or in part, without restriction of any
0adde9f4f9369b23c67b9a29e824dda09b19022fDavid Lawrence kind, provided that the above copyright notice and this paragraph are
0adde9f4f9369b23c67b9a29e824dda09b19022fDavid Lawrence included on all such copies and derivative works. However, this
0adde9f4f9369b23c67b9a29e824dda09b19022fDavid Lawrence document itself may not be modified in any way, such as by removing
0adde9f4f9369b23c67b9a29e824dda09b19022fDavid Lawrence the copyright notice or references to the Internet Society or other
0adde9f4f9369b23c67b9a29e824dda09b19022fDavid Lawrence Internet organizations, except as needed for the purpose of
0adde9f4f9369b23c67b9a29e824dda09b19022fDavid Lawrence developing Internet standards in which case the procedures for
0adde9f4f9369b23c67b9a29e824dda09b19022fDavid Lawrence copyrights defined in the Internet Standards process must be
0adde9f4f9369b23c67b9a29e824dda09b19022fDavid Lawrence followed, or as required to translate it into languages other than
0adde9f4f9369b23c67b9a29e824dda09b19022fDavid Lawrence The limited permissions granted above are perpetual and will not be
0adde9f4f9369b23c67b9a29e824dda09b19022fDavid Lawrence revoked by the Internet Society or its successors or assigns.
0adde9f4f9369b23c67b9a29e824dda09b19022fDavid Lawrence This document and the information contained herein is provided on an
0adde9f4f9369b23c67b9a29e824dda09b19022fDavid Lawrence "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
0adde9f4f9369b23c67b9a29e824dda09b19022fDavid Lawrence TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
0adde9f4f9369b23c67b9a29e824dda09b19022fDavid Lawrence BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
0adde9f4f9369b23c67b9a29e824dda09b19022fDavid Lawrence HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
0adde9f4f9369b23c67b9a29e824dda09b19022fDavid Lawrence MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
0adde9f4f9369b23c67b9a29e824dda09b19022fDavid LawrenceAcknowledgement
0adde9f4f9369b23c67b9a29e824dda09b19022fDavid Lawrence Funding for the RFC Editor function is currently provided by the
dc97fe4ed08488d314ab5bc8e99ed839542cf411David Lawrence Internet Society.
aa30ee42c4b6da9bab4fb84d6cbbda6036a4d426Mark AndrewsFaltstrom, et al. Standards Track [Page 22]