TOC 
Network Working GroupP. Saint-Andre
Internet-DraftJabber Software Foundation
Expires: October 19, 2003J. Hildebrand
 Jabber, Inc.
 April 20, 2003

Nodeprep: A Stringprep Profile for Node Identifiers in XMPP
draft-ietf-xmpp-nodeprep-02

Status of this Memo

This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt.

The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html.

This Internet-Draft will expire on October 19, 2003.

Copyright Notice

Copyright (C) The Internet Society (2003). All Rights Reserved.

Abstract

This document defines a stringprep profile for node identifiers in the Extensible Messaging and Presence Protocol (XMPP).



 TOC 

Table of Contents




 TOC 

1. Introduction

This document, which defines a profile of stringprep (RFC 3454[1]), specifies processing rules that will enable users to enter internationalized node identifiers in XMPP (see XMPP Core[2]) and have the highest chance of getting the content of the strings correct. These processing rules are intended only for XMPP node identifiers (which are often associated with usernames), and not intended for arbitrary text.

This profile defines the following, as required by RFC 3454[1]:

1.1 Terminology

This document inherits the terminology defined in XMPP Core[2].

The capitalized key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119[3].

1.2 Discussion Venue

The authors welcome discussion and comments related to the topics presented in this document. The preferred forum is the <xmppwg@jabber.org> mailing list, for which archives and subscription information are available at <http://www.jabber.org/cgi-bin/mailman/listinfo/xmppwg/>.

1.3 Intellectual Property Notice

This document is in full compliance with all provisions of Section 10 of RFC 2026. Parts of this specification use the term "jabber" for identifying namespaces and other protocol syntax. Jabber[tm] is a registered trademark of Jabber, Inc. Jabber, Inc. grants permission to the IETF for use of the Jabber trademark in association with this specification and its successors, if any.



 TOC 

2. Character Repertoire

This profile uses Unicode 3.2 with the list of unassigned code points being Table A.1, both defined in Appendix A of RFC 3454[1].



 TOC 

3. Mapping

This profile specifies mapping using the following tables from RFC 3454[1]:

Table B.1
Table B.2



 TOC 

4. Normalization

This profile specifies using Unicode normalization form KC, as described in RFC 3454[1].



 TOC 

5. Prohibited Output

This profile specifies prohibiting use of the following tables from RFC 3454[1].

Table C.1.1
Table C.1.2
Table C.2.1
Table C.2.2
Table C.3
Table C.4
Table C.5
Table C.6
Table C.7
Table C.8
Table C.9

In addition, the following Unicode characters are also prohibited:

#x22 (")
#x26 (&)
#x27 (')
#x2F (/)
#x3A (:)
#x3C (<)
#x3E (>)
#x40 (@)



 TOC 

6. Bidirectional Characters

This profile specifies checking bidirectional strings as described in section 6 of RFC 3454[1].



 TOC 

7. Security Considerations

The Unicode and ISO/IEC 10646 repertoires have many characters that look similar. In many cases, users of security protocols might do visual matching, such as when comparing the names of trusted third parties. Because it is impossible to map similar-looking characters without a great deal of context such as knowing the fonts used, stringprep does nothing to map similar-looking characters together nor to prohibit some characters because they look like others.

Node identifiers are commonly employed as the username of entities that connect to XMPP/Jabber servers for instant messaging and presence services. The security of such services could be compromised if a user entering a single internationalized node identifier could access another user's account information based on different interpretations of the internationalized node identifier.



 TOC 

8. IANA Considerations

This is a profile of stringprep. If and when it becomes an RFC, it should be registered in the stringprep profile registry maintained by the IANA[4].

Name of this profile:

Nodeprep

RFC in which the profile is defined:

This document

Indicator whether or not this is the newest version of the profile:

This is the first version of Nodeprep



 TOC 

Normative References

[1] Hoffman, P. and M. Blanchet, "Preparation of Internationalized Strings ("stringprep")", RFC 3454, December 2002.
[2] Saint-Andre, P. and J. Miller, "XMPP Core (draft-ietf-xmpp-core-10, work in progress)", April 2003.
[3] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[4] Internet Assigned Numbers Authority, "Internet Assigned Numbers Authority", January 1998.


 TOC 

Authors' Addresses

  Peter Saint-Andre
  Jabber Software Foundation
EMail:  stpeter@jabber.org
URI:  http://www.jabber.org/people/stpeter.php
  
  Joe Hildebrand
  Jabber, Inc.
EMail:  jhildebrand@jabber.com
URI:  http://www.jabber.org/people/hildjj.php


 TOC 

Appendix A. Revision History

Note to RFC Editor: please remove this entire appendix, and the corresponding entries in the table of contents, prior to publication.

A.1 Changes from draft-ietf-xmpp-nodeprep-01

A.2 Changes from draft-ietf-xmpp-nodeprep-00



 TOC 

Full Copyright Statement

Acknowledgement