PRECIS | P. Saint-Andre |
Internet-Draft | &yet |
Intended status: Standards Track | November 26, 2014 |
Expires: May 30, 2015 |
Preparation, Enforcement, and Comparison of Internationalized Strings Representing Nicknames
draft-ietf-precis-nickname-13
This document describes methods for handling Unicode strings representing nicknames.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 30, 2015.
Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
Technologies for textual chatrooms customarily enable participants to specify a nickname for use in the room; e.g., this is true of Internet Relay Chat [RFC2811] as well as multi-party chat technologies based on the Extensible Messaging and Presence Protocol (XMPP) [RFC6120] [XEP-0045], the Message Session Relay Protocol (MSRP) [RFC4975] [I-D.ietf-simple-chat], and Centralized Conferencing (XCON) [RFC5239] [I-D.boulton-xcon-session-chat]. Recent chatroom technologies also allow internationalized nicknames because they support characters from outside the ASCII range [RFC20], typically by means of the Unicode character set [UNICODE]. Although such nicknames tend to be used primarily for display purposes, they are sometimes used for programmatic purposes as well (e.g., kicking users or avoiding nickname conflicts). Note too that nicknames can be used not only in chatrooms but also more generally as a user's preferred display name (see for instance [XEP-0172]).
Nicknames (also called "petnames") are also used in contexts other than messaging, such as petnames for devices, bank accounts, and the like. The rules specified in this document can also be applied to such nicknames.
To increase the likelihood that nicknames will work in ways that make sense for typical users throughout the world, this document defines rules for preparing, enforcing, and comparing internationalized nicknames.
Many important terms used in this document are defined in [I-D.ietf-precis-framework], [RFC6365], and [UNICODE].
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].
Detailed rules for the preparation, enforcement, and comparision of nicknames are provided in the following sections, which define the Nickname profile of the PRECIS FreeformClass (on the distinction between these actions, refer to [I-D.ietf-precis-framework]).
An entity that prepares a string according to this profile MUST ensure that the string consists only of Unicode code points that conform to the "FreeformClass" base string class defined in [I-D.ietf-precis-framework]. In addition, the string MUST be encoded as UTF-8 [RFC3629].
An entity that performs enforcement according to this profile MUST prepare a string as described in the previous section and MUST also apply the rules specified below for the Nickname profile (these rules MUST be applied in the order shown).
An entity that performs comparison of two strings according to this profile MUST prepare each string and enforce the normalization, case-mapping, and width-mapping rules specified in the previous two sections. The two strings are to be considered equivalent if they are an exact octet-for-octet match (sometimes called "bit-string identity").
The following examples illustrate a small number of nicknames that are consistent with the format defined above, along with the output string resulting from application of the PRECIS rules, which would be used for comparison purposes (note that the characters < and > are used to delineate the actual nickname and are not part of the nickname strings).
Table 1: A sample of legal nicknames
+---------------------------+-----------------------------------+ | # | Nickname | Output for Comparison | +---------------------------+-----------------------------------+ | 1 | <Foo> | <foo> | +---------------------------+-----------------------------------+ | 2 | <foo> | <foo> | +---------------------------+-----------------------------------+ | 3 | <Foo Bar> | <foo bar> | +---------------------------+-----------------------------------+ | 4 | <foo bar> | <foo bar> | +---------------------------+-----------------------------------+ | 5 | <Σ> | GREEK SMALL LETTER SIGMA (U+03C3) | +---------------------------+-----------------------------------+ | 6 | <σ> | GREEK SMALL LETTER SIGMA (U+03C3) | +---------------------------+-----------------------------------+ | 7 | <ς> | GREEK SMALL LETTER FINAL SIGMA | | | | (U+03C2) | +---------------------------+-----------------------------------+ | 8 | <♚> | BLACK CHESS KING (U+265A) | +---------------------------+-----------------------------------+
Regarding examples 5, 6, and 7: case-mapping of GREEK CAPITAL LETTER SIGMA (U+03A3) to lowercase (i.e., to GREEK SMALL LETTER SIGMA, U+03C3) during comparison would result in matching the nicknames in examples 5 and 6; however, because the PRECIS mapping rules do not account for the special status of GREEK SMALL LETTER FINAL SIGMA (U+03C2), the nicknames in examples 5 and 7 or examples 6 and 7 would not be matched. Regarding example 8: symbol characters such as BLACK CHESS KING (U+265A) are allowed by the PRECIS FreeformClass and thus can be used in nicknames.
The following examples illustrate strings that are not valid nicknames because they violate the format defined above.
Table 2: A sample of strings that violate the nickname rules
+---------------------------------+---------------------------------+ | # | Non-Nickname string | Notes | +---------------------------------+---------------------------------+ | 9 | < foo > | Leading spaces | +---------------------------------+---------------------------------+ | 10 | <foo bar> | Multiple spaces | +---------------------------------+---------------------------------+ | 10| <> | Zero-length string | +---------------------------------+---------------------------------+
This specification defines only the PRECIS-based rules for handling of nickname strings. It is the responsibility of an application protocol (e.g., MSRP, XCON, or XMPP) to specify the protocol slots in which nickname strings can appear, as well as the entities that are expected to enforce the rules governing nickname strings in that protocol.
Above and beyond the PRECIS-based rules specified here, application protocols can also define application-specific rules governing nickname strings (rules regarding the minimum or maximum length of nicknames, further restrictions on allowable characters or character ranges, safeguards to mitigate the effects of visually similar characters, etc.).
Naturally, application protocols can also specify rules governing the actual use of nicknames in applications (reserved nicknames, authorization requirements for using nicknames, whether certain nicknames can be prohibited, handling of duplicates, the relationship between nicknames and underlying identifiers such as SIP URIs or Jabber IDs, etc.).
Entities that enforce the rules specified in this document are encouraged to be liberal in what they accept by following this procedure:
The IANA shall add the following entry to the PRECIS Profiles Registry:
The security considerations described in [I-D.ietf-precis-framework] apply to the "FreeformClass" string class used in this document for nicknames.
The security considerations described in [UTS39] apply to the use of Unicode characters in nicknames.
[I-D.ietf-precis-framework] describes some of the security considerations related to visually similar characters, also called "confusable characters" or "confusables".
Although the mapping rules defined under Section 2 of this document are designed in part to reduce the possibility of confusion about nicknames, this document does not provide more detailed recommendations regarding the handling of visually similar characters, such as those provided in [UTS39].
[I-D.ietf-precis-framework] | Saint-Andre, P. and M. Blanchet, "Precis Framework: Handling Internationalized Strings in Protocols", Internet-Draft draft-ietf-precis-framework-20, November 2014. |
[RFC2119] | Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. |
[RFC3629] | Yergeau, F., "UTF-8, a transformation format of ISO 10646", STD 63, RFC 3629, November 2003. |
[RFC5893] | Alvestrand, H. and C. Karp, "Right-to-Left Scripts for Internationalized Domain Names for Applications (IDNA)", RFC 5893, August 2010. |
[UNICODE] | The Unicode Consortium, "The Unicode Standard, Version 6.3", 2013. |
[UTS39] | The Unicode Consortium, "Unicode Technical Standard #39: Unicode Security Mechanisms", November 2013. |
Thanks to Kim Alvefur, Mary Barnes, Dave Cridland, Miguel Garcia, Salvatore Loreto, and Enrico Marocco for their reviews and comments.
Peter Saint-Andre wishes to acknowledge Cisco Systems, Inc., for employing him during his work on earlier versions of this document.