Network Working GroupP. Saint-Andre
Internet-DraftJabber Software Foundation
Expires: December 3, 2003J. Hildebrand
 Jabber, Inc.
 June 04, 2003

Nodeprep: A Stringprep Profile for Node Identifiers in XMPP

Status of this Memo

This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

The list of current Internet-Drafts can be accessed at

The list of Internet-Draft Shadow Directories can be accessed at

This Internet-Draft will expire on December 3, 2003.

Copyright Notice

Copyright (C) The Internet Society (2003). All Rights Reserved.


This document defines a stringprep profile for node identifiers in the Extensible Messaging and Presence Protocol (XMPP).


Table of Contents


1. Introduction

This document, which defines a profile of stringprep (RFC 3454[1]), specifies processing rules that will enable users to enter internationalized node identifiers in XMPP (see XMPP Core[2]) and have the highest chance of getting the content of the strings correct. These processing rules are intended only for XMPP node identifiers (which are often associated with usernames), and are not intended for arbitrary text.

This profile defines the following, as required by RFC 3454[1]:

1.1 Terminology

This document inherits the terminology defined in XMPP Core[2].

The capitalized key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119[3].

1.2 Discussion Venue

The authors welcome discussion and comments related to the topics presented in this document. The preferred forum is the <> mailing list, for which archives and subscription information are available at <>.

1.3 Intellectual Property Notice

This document is in full compliance with all provisions of Section 10 of RFC 2026. Parts of this specification use the term "jabber" for identifying namespaces and other protocol syntax. Jabber[tm] is a registered trademark of Jabber, Inc. Jabber, Inc. grants permission to the IETF for use of the Jabber trademark in association with this specification and its successors, if any.


2. Character Repertoire

This profile uses Unicode 3.2 with the list of unassigned code points being Table A.1, both defined in Appendix A of RFC 3454[1].


3. Mapping

This profile specifies mapping using the following tables from RFC 3454[1]:

Table B.1
Table B.2


4. Normalization

This profile specifies using Unicode normalization form KC, as described in RFC 3454[1].


5. Prohibited Output

This profile specifies prohibiting use of the following tables from RFC 3454[1].

Table C.1.1
Table C.1.2
Table C.2.1
Table C.2.2
Table C.3
Table C.4
Table C.5
Table C.6
Table C.7
Table C.8
Table C.9

In addition, the following Unicode characters are also prohibited:

#x22 (")
#x26 (&)
#x27 (')
#x2F (/)
#x3A (:)
#x3C (<)
#x3E (>)
#x40 (@)


6. Bidirectional Characters

This profile specifies checking bidirectional strings as described in section 6 of RFC 3454[1].


7. Security Considerations

The Unicode and ISO/IEC 10646 repertoires have many characters that look similar. In many cases, users of security protocols might do visual matching, such as when comparing the names of trusted third parties. Because it is impossible to map similar-looking characters without a great deal of context such as knowing the fonts used, stringprep does nothing to map similar-looking characters together nor to prohibit some characters because they look like others.

A node identifier can be employed as one part of an entity's address in XMPP. One common usage is as the username of an instant messaging user; another is as the name of a multi-user chat room; and many other kinds of entities could use node identifiers as part of their addresses. The security of such services could be compromised based on different interpretations of the internationalized node identifier; for example, a user entering a single internationalized node identifier could access another user's account information, or a user could gain access to an otherwise restricted chat room or service.


8. IANA Considerations

This is a profile of stringprep. If and when it becomes an RFC, it should be registered in the stringprep profile registry maintained by the IANA[4].

Name of this profile:


RFC in which the profile is defined:

This document

Indicator whether or not this is the newest version of the profile:

This is the first version of Nodeprep


Normative References

[1] Hoffman, P. and M. Blanchet, "Preparation of Internationalized Strings ("stringprep")", RFC 3454, December 2002.
[2] Saint-Andre, P. and J. Miller, "XMPP Core", draft-ietf-xmpp-core-13 (work in progress), June 2003.
[3] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[4] Internet Assigned Numbers Authority, "Internet Assigned Numbers Authority", January 1998.


Authors' Addresses

  Peter Saint-Andre
  Jabber Software Foundation
  Joe Hildebrand
  Jabber, Inc.


Appendix A. Revision History

Note to RFC Editor: please remove this entire appendix, and the corresponding entries in the table of contents, prior to publication.

A.1 Changes from draft-ietf-xmpp-nodeprep-02

A.2 Changes from draft-ietf-xmpp-nodeprep-01

A.3 Changes from draft-ietf-xmpp-nodeprep-00


Intellectual Property Statement

Full Copyright Statement