TOC |
|
Traditional Network News (Netnews) systems handle only ASCII characters in newsgroup names used in NNTP commands and message headers.
This memo defines an extension to allow Internationalised Newsgroup Names, the characters of which can be drawn from the large Unicode repertoire, based on the Extending IDNA to Other Protocols (X-IDNA) base specification.
This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as “work in progress.”
The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html.
This Internet-Draft will expire on September 24, 2010.
Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the BSD License.
1.
Introduction
2.
The X-IDNA Profile for Network News Group Names
2.1.
Applicability
2.2.
Normalisation
2.3.
Validation
3.
Submitting Messages to Moderators
4.
IANA Considerations
5.
Security Considerations
5.1.
Visually Similar Characters
5.2.
Other Issues
6.
References
6.1.
Normative References
6.2.
Informative References
Appendix A.
Examples
§
Author's Address
TOC |
The X-IDNA base specification ([I‑D.teint‑xidna‑base] (Teint, N., “Extending IDNA to Other Protocols (X-IDNA),” February 2010.)) provides a generic framework for internationalisation of addresses, based on IDNA. This memo defines an X-IDNA Profile for use with Netnews newsgroup names.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119] (Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels,” March 1997.).
TOC |
TOC |
This X-IDNA Profile ([I‑D.teint‑xidna‑base] (Teint, N., “Extending IDNA to Other Protocols (X-IDNA),” February 2010.)) applies to newsgroup names defined in [RFC3977] (Feather, C., “Network News Transfer Protocol (NNTP),” October 2006.) and [RFC5536] (Murchison, K., Lindsey, C., and D. Kohn, “Netnews Article Format,” November 2009.), i.e. to the following syntax elements:
It also applies to other specifications based on these definitions (or their precedessors) if the elements are to be used as newsgroup names.
TOC |
Newsgroup names do not require normalisation.
TOC |
Validation of internationalised newsgroup names is the responsibility of whoever creates a newsgroup:
The following types newsgroup names SHOULD not be created:
TOC |
This section is non-normative.
A common method for deriving the email address of the moderator of a group, which is described in a NOTE in section 3.5.1 of [RFC5537] (Allbery, R. and C. Lindsey, “Netnews Architecture and Protocols,” November 2009.), is forming the submission address for a moderated group by replacing each "." in the newsgroup name with "-" and then using that value as the <local-part> of a <mailbox> formed by appending a set domain.
When a forwarding service supports newsgroups the name of which is internationalised, they ought to provide two different addresses to accomodate both X-IDNA-aware and X-IDNA-unaware users:
NOTE: This method not only produces fake labels, which are discouraged in [I‑D.teint‑xidna‑email] (Teint, N., “An X-IDNA Profile for Electronic Mail Addresses,” February 2010.), but can also produce clashes where newsgroup names only differ in "-" and "." characters.
TOC |
This memo includes no request to IANA.
TOC |
TOC |
By using visually similar characters, an attacker can create newsgroup names that are confusingly similar to other newsgroup names and newsgroup hierarchies that are confusingly similar to other hierarchies.
This may not only create a denial of service situation, where communication fails because users are tricked into posting into different groups, but may also create a leak for information where the distribution of the "fake" newsgroup is wider than that of the indented group.
This issue most prominently occurs if a single newsgroup servers carries multiple confusingly similar addresses. However, it can also occur if a user agent combines newsgroup lists from multiple servers, such as a private intranet NNTP server and a public, less trusted server, into a single list. Furthermore, even if the user agent clearly identifies the server carrying the group, users might still confuse the newsgroups when they see the familiar name and don't pay attention to the server identification.
It is suggested that Netnews server operators take care not to carry hierarchies that exploit confusingly similar newsgroup names.
In addition, user agent implementations ought to provide visual indications where a domain name contains multiple scripts, especially when the scripts contain characters that are easily confused visually, such as an omicron in Greek mixed with Latin text.
See Section 4.4 of [I‑D.ietf‑idnabis‑defs] (Klensin, J., “Internationalized Domain Names for Applications (IDNA): Definitions and Document Framework,” January 2010.) for further information on visually similar characters.
TOC |
See the Security Considerations of [I‑D.ietf‑idnabis‑defs] (Klensin, J., “Internationalized Domain Names for Applications (IDNA): Definitions and Document Framework,” January 2010.) and [I‑D.ietf‑idnabis‑bidi] (Alvestrand, H. and C. Karp, “Right-to-left scripts for IDNA,” January 2010.) for information on other issues.
TOC |
TOC |
[I-D.ietf-idnabis-bidi] | Alvestrand, H. and C. Karp, “Right-to-left scripts for IDNA,” draft-ietf-idnabis-bidi-07 (work in progress), January 2010 (TXT). |
[I-D.ietf-idnabis-defs] | Klensin, J., “Internationalized Domain Names for Applications (IDNA): Definitions and Document Framework,” draft-ietf-idnabis-defs-13 (work in progress), January 2010 (TXT). |
[I-D.teint-xidna-base] | Teint, N., “Extending IDNA to Other Protocols (X-IDNA),” draft-teint-xidna-base-00 (work in progress), February 2010. |
[RFC2119] | Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels,” BCP 14, RFC 2119, March 1997 (TXT, HTML, XML). |
[RFC3977] | Feather, C., “Network News Transfer Protocol (NNTP),” RFC 3977, October 2006 (TXT). |
[RFC5536] | Murchison, K., Lindsey, C., and D. Kohn, “Netnews Article Format,” RFC 5536, November 2009 (TXT). |
[RFC5537] | Allbery, R. and C. Lindsey, “Netnews Architecture and Protocols,” RFC 5537, November 2009 (TXT). |
TOC |
[I-D.teint-xidna-email] | Teint, N., “An X-IDNA Profile for Electronic Mail Addresses,” draft-teint-xidna-base-00 (work in progress), February 2010. |
TOC |
In the plain text version of this memo, the sequence "nnnn;" denotes the literal Unicode character number nnnn (decimal).
- Unicode:
- alt.αλφα-βῆτα-γάμμα@example.com
- Normalised:
- alt.αλφα-βῆτα-γάμμα@example.com
- Extracted:
- L: "alt" S:"." L:"αλφα-βῆτα-γάμμα"
- Converted:
- L: "alt" S:"." L:"xn-----x8brabcel8esaa2hya7368h"
- Re-Assembled:
- alt.xn-----x8brabcel8esaa2hya7368h
TOC |
Nick Teint | |
Email: | nick.teint@googlemail.com |