| Network Working Group | M. Blanchet |
| Internet-Draft | Viagenie |
| Obsoletes: 3454 (if approved) | P. Saint-Andre |
| Intended status: Standards Track | Cisco |
| Expires: May 02, 2012 | October 30, 2011 |
PRECIS Framework: Handling Internationalized Strings in Protocols
draft-ietf-precis-framework-01
Application protocols that make use of Unicode code points in protocol strings need to prepare such strings in order to perform comparison operations (e.g., for purposes of authentication or authorization). In general, this problem has been labeled the "preparation and comparison of internationalized strings" or "PRECIS". This document defines a framework that enables application protocols to prepare various classes of strings in a way that depends on the properties of Unicode code points. Because this framework does not depend on large tables of Unicode code points as in stringprep (RFC 3454), it is more agile with regard to changes in the underlying Unicode database and thus provides improved flexibility to application protocols. A specification that uses this framework either can directly use the base string classes defined in this document or can subclass the base string classes as needed. This framework uses an approach similar to that of the revised internationalized domain names in applications (IDNA) technology (RFC 5890, RFC 5891, RFC 5892, RFC 5893, RFC 5894) and thus adheres to the high-level design goals described in RFC 4690, albeit for application technologies other than the Domain Name System (DNS). This document obsoletes RFC 3454.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 02, 2012.
Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
A number of IETF application technologies use stringprep [RFC3454] as the basis for comparing protocol strings that contain Unicode characters or "code points" [UNICODE]. Since the publication of [RFC3454] in 2002, the Internet community has gained much more experience with internationalization, some of it reflected in [RFC4690]. In particular, the IETF's technology for internationalized domain names (IDNs) has changed significantly: IDNA2003 [RFC3490], which was based on stringprep, has been superseded by IDNA2008 ([RFC5890], [RFC5891], [RFC5892], [RFC5893], [RFC5894]), which does not use stringprep. This migration away from stringprep for internationalized domain names has prompted other "customers" of stringprep to consider new approaches to the preparation and comparison of internationalized strings ("PRECIS"), as described in [PROBLEM].
This document proposes a technical framework for a post-stringprep approach to the preparation and comparison of internationalized strings in application protocols. The framework is based on several principles:
It is expected that this framework will yield the following benefits:
Although this framework is similar to IDNA2008 and borrows some of the character categories defined in [RFC5892], it defines additional string classes and character categories to meet the needs of common application protocols.
Many important terms used in this document are defined in [PROBLEM], [RFC6365], [RFC5890], and [UNICODE].
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
IDNA2008 essentially defines a base string class of internationalized domain name, although it does not use the term "string class". (This document does not define a string class for domain names, and application protocols are strongly encouraged to use IDNA2008 as the appropriate method to prepare domain names and hostnames.)
We propose the following additional base string classes for use in application protocols:
Note: [PROBLEM] mentions a class of "string blobs" containing "elements of the protocol that look like strings to users, but that are passed around in the protocol unchanged and that cannot be used for comparison or other purposes." It is an open question whether application protocols need to apply preparation and comparison rules to such strings.
The following subsections discuss these string classes in more detail, with reference to the dimensions described in Section 3 of [PROBLEM].
Each string class is defined by the following behavioral rules:
This document defines the valid, disallowed, and unassigned rules. Application protocols that use the PRECIS string classes MUST define the directionality, casemapping, and normalization rules, as further described under Section 9.2.
Most application technologies need a special class of strings that can be used to refer to, include, or communicate things like usernames, file names, data feed names, and chatroom names. We group such things into a bucket called "NameClass" having the following features.
Any code points that are not yet assigned in the Unicode character set SHALL be considered Unassigned for purposes of the NameClass.
The directionality rule MUST be specified by each application protocol that uses or subclasses the NameClass.
The casemapping rule MUST be specified by each application protocol that uses or subclasses the NameClass.
The normalization form MUST be specified by each application protocol that uses or subclasses the NameClass.
However, in accordance with [RFC5198], normalization form C (NFC) is RECOMMENDED.
Some application technologies need a special class of strings that can be used in a free-form way (e.g., as a passphrase or a nickname in a chatroom). We group such things into a bucket called "FreeClass" having the following features.
NOTE: Consult Section 10.4 for relevant security considerations when strings conforming to the FreeClass, or a subclass thereof, are used as passwords or passphrases.
Any code points that are not yet assigned in the Unicode character set SHALL be considered Unassigned for purposes of the FreeClass.
The directionality rule MUST be specified by each application protocol that uses or subclasses the FreeClass.
The casemapping rule MUST be specified by each application protocol that uses or subclasses the FreeClass.
In order to maximize entropy, it is NOT RECOMMENDED for application protocols to map uppercase and titlecase code points to their lowercase equivalents when strings conforming to the FreeClass, or a subclass thereof, are used in passwords or passphrases; instead, it is RECOMMENDED to preserve the case of all code points contained in such strings.
The normalization form MUST be specified by each application protocol that uses or subclasses the FreeClass.
However, in accordance with [RFC5198], normalization form C (NFC) is RECOMMENDED.
This document defines the valid, disallowed, and unassigned rules. Application protocols that use the PRECIS string classes MUST define the directionality, casemapping, and normalization rules. Such definitions MUST at a minimum specify the following:
Application protocols are allowed to subclass the base string classes specified in this document. As the word "subclass" implies, a subclass MUST NOT add as valid any code points or character categories that are disallowed by the base string class. However, a subclass MAY do either of the following:
Application protocols that use the PRECIS string classes MUST register with the IANA as described under Section 9.2. This is especially important for protocols that subclass the PRECIS string classes.
In order to implement the string classes described above, this document does the following:
This document is not intended to specify precisely how derived property values are to be applied in protocol strings. That information should be defined in the protocol specification that uses or subclasses a base string class from this document.
The value of the property is to be interpreted as follows.
The mechanisms described here allow determination of the value of the property for future versions of Unicode (including characters added after Unicode 5.2 or 6.0 depending on the category, since some categories in this document are reused from IDNA2008). Changes in Unicode properties that do not affect the outcome of this process do not affect this framework. For example, a character can have its Unicode General_Category value [UNICODE] change from So to Sm, or from Lo to Ll, without affecting the algorithm results. Moreover, even if such changes were to result, the BackwardCompatible list [G] can be adjusted to ensure the stability of the results.
Some code points need to be allowed in exceptional circumstances, but should be excluded in all other cases; these rules are also described in other documents. The most notable of these are the Join Control characters, U+200D ZERO WIDTH JOINER and U+200C ZERO WIDTH NON-JOINER. Both of them have the derived property value CONTEXTJ. A character with the derived property value CONTEXTJ or CONTEXTO (CONTEXTUAL RULE REQUIRED) is not to be used unless an appropriate rule has been established and the context of the character is consistent with that rule. It is invalid to generate a string containing these characters unless such a contextual rule is found and satisfied. PRECIS does not define its own contextual rules, but instead re-uses the contextual rules defined for IDNA2008; please see Appendix A of [RFC5892] for more information.
The derived property obtains its value based on a two-step procedure:
(NOTE: Unicode property names and property value names might have short abbreviations, such as "gc" for the General_Category property and "Ll" for the Lowercase_Letter property value of the gc property.)
In the following specification of character categories, the operation that returns the value of a particular Unicode character property for a code point is designated by using the formal name of that property (from the Unicode PropertyAliases.txt) followed by '(cp)' for "code point". For example, the value of the General_Category property for a code point is indicated by General_Category(cp).
The first ten categories (A-J) shown below were previously defined for IDNA2008 and are copied directly from [RFC5892]. Some of these categories are reused in PRECIS and some of them are not; however, the lettering of categories is retained to prevent overlap and to ease implementation of both IDNA2008 and PRECIS in a single software application. The next seven categories (K-Q) are specific to PRECIS.
NOTE: This category is defined in [RFC5892] and copied here for use in PRECIS.
A: General_Category(cp) is in {Ll, Lu, Lo, Nd, Lm, Mn, Mc}
These rules identify characters commonly used in mnemonics and often informally described as "language characters".
For more information, see section 4.5 of [UNICODE].
The categories used in this rule are:
NOTE: This category is defined in [RFC5892] but not used in PRECIS.
NOTE: This category is defined in [RFC5892] but not used in PRECIS. See the "PrecisIgnorableProperties (M)" category below for a more inclusive category used in PRECIS identifiers.
NOTE: This category is defined in [RFC5892] but not used in PRECIS.
NOTE: This category is defined in [RFC5892] but not used in PRECIS. See the "ASCII7 (K)" category below for a more inclusive category used in PRECIS identifiers.
NOTE: This category is defined in [RFC5892] and might be used in a future version of this specification.
F: cp is in {00B7, 00DF, 0375, 03C2, 05F3, 05F4, 0640, 0660,
0661, 0662, 0663, 0664, 0665, 0666, 0667, 0668,
0669, 06F0, 06F1, 06F2, 06F3, 06F4, 06F5, 06F6,
06F7, 06F8, 06F9, 06FD, 06FE, 07FA, 0F0B, 3007,
302E, 302F, 3031, 3032, 3033, 3034, 3035, 303B,
30FB}
This category explicitly lists code points for which the category cannot be assigned using only the core property values that exist in the Unicode standard. The values are according to the table below:
PVALID -- Would otherwise have been DISALLOWED
00DF; PVALID # LATIN SMALL LETTER SHARP S
03C2; PVALID # GREEK SMALL LETTER FINAL SIGMA
06FD; PVALID # ARABIC SIGN SINDHI AMPERSAND
06FE; PVALID # ARABIC SIGN SINDHI POSTPOSITION MEN
0F0B; PVALID # TIBETAN MARK INTERSYLLABIC TSHEG
3007; PVALID # IDEOGRAPHIC NUMBER ZERO
CONTEXTO -- Would otherwise have been DISALLOWED
00B7; CONTEXTO # MIDDLE DOT
0375; CONTEXTO # GREEK LOWER NUMERAL SIGN (KERAIA)
05F3; CONTEXTO # HEBREW PUNCTUATION GERESH
05F4; CONTEXTO # HEBREW PUNCTUATION GERSHAYIM
30FB; CONTEXTO # KATAKANA MIDDLE DOT
CONTEXTO -- Would otherwise have been PVALID
0660; CONTEXTO # ARABIC-INDIC DIGIT ZERO
0661; CONTEXTO # ARABIC-INDIC DIGIT ONE
0662; CONTEXTO # ARABIC-INDIC DIGIT TWO
0663; CONTEXTO # ARABIC-INDIC DIGIT THREE
0664; CONTEXTO # ARABIC-INDIC DIGIT FOUR
0665; CONTEXTO # ARABIC-INDIC DIGIT FIVE
0666; CONTEXTO # ARABIC-INDIC DIGIT SIX
0667; CONTEXTO # ARABIC-INDIC DIGIT SEVEN
0668; CONTEXTO # ARABIC-INDIC DIGIT EIGHT
0669; CONTEXTO # ARABIC-INDIC DIGIT NINE
06F0; CONTEXTO # EXTENDED ARABIC-INDIC DIGIT ZERO
06F1; CONTEXTO # EXTENDED ARABIC-INDIC DIGIT ONE
06F2; CONTEXTO # EXTENDED ARABIC-INDIC DIGIT TWO
06F3; CONTEXTO # EXTENDED ARABIC-INDIC DIGIT THREE
06F4; CONTEXTO # EXTENDED ARABIC-INDIC DIGIT FOUR
06F5; CONTEXTO # EXTENDED ARABIC-INDIC DIGIT FIVE
06F6; CONTEXTO # EXTENDED ARABIC-INDIC DIGIT SIX
06F7; CONTEXTO # EXTENDED ARABIC-INDIC DIGIT SEVEN
06F8; CONTEXTO # EXTENDED ARABIC-INDIC DIGIT EIGHT
06F9; CONTEXTO # EXTENDED ARABIC-INDIC DIGIT NINE
DISALLOWED -- Would otherwise have been PVALID
0640; DISALLOWED # ARABIC TATWEEL
07FA; DISALLOWED # NKO LAJANYALAN
302E; DISALLOWED # HANGUL SINGLE DOT TONE MARK
302F; DISALLOWED # HANGUL DOUBLE DOT TONE MARK
3031; DISALLOWED # VERTICAL KANA REPEAT MARK
3032; DISALLOWED # VERTICAL KANA REPEAT WITH VOICED SOUND MARK
3033; DISALLOWED # VERTICAL KANA REPEAT MARK UPPER HALF
3034; DISALLOWED # VERTICAL KANA REPEAT WITH VOICED SOUND MARK
UPPER HA
3035; DISALLOWED # VERTICAL KANA REPEAT MARK LOWER HALF
303B; DISALLOWED # VERTICAL IDEOGRAPHIC ITERATION MARK
NOTE: This category is defined in [RFC5892] and copied here for use in PRECIS. Because of how the PRECIS string classes are defined, only changes that would result in code points being added to or removed from the LetterDigits ("A") category would result in backward-incompatible modifications to code point assignments. Therefore, management of this category is handled via the processes specified in [RFC5892].
G: cp is in {}
This category includes the code points for which property values in versions of Unicode after 5.2 have changed in such a way that the derived property value would no longer be PVALID or DISALLOWED. If changes are made to future versions of Unicode so that code points might change property value from PVALID or DISALLOWED, then this table can be updated and keep special exception values so that the property values for code points stay stable.
NOTE: This category is defined in [RFC5892] and copied here for use in PRECIS.
H: Join_Control(cp) = True
This category consists of Join Control characters (i.e., they are not in LetterDigits [A]) but are still required in strings under some circumstances.
NOTE: This category is defined in [RFC5892] and copied here for use in PRECIS.
I: Hangul_Syllable_Type(cp) is in {L, V, T}
This category consists of all conjoining Hangul Jamo (Leading Jamo, Vowel Jamo, and Trailing Jamo).
Elimination of conjoining Hangul Jamos from the set of PVALID characters results in restricting the set of Korean PVALID characters just to preformed, modern Hangul syllable characters. Old Hangul syllables, which must be spelled with sequences of conjoining Hangul Jamos, are not PVALID for string classes.
NOTE: This category is defined in [RFC5892] and copied here for use in PRECIS.
J: General_Category(cp) is in {Cn} and
Noncharacter_Code_Point(cp) = False
This category consists of code points in the Unicode character set that are not (yet) assigned. It should be noted that Unicode distinguishes between 'unassigned code points' and 'unassigned characters'. The unassigned code points are all but (Cn - Noncharacters), while the unassigned *characters* are all but (Cn + Cs).
This PRECIS-specific category exempts most characters in the ASCII-7 range from other rules that might be applied during PRECIS processing, on the assumption that these code points are in such wide use that disallowing them would be counter-productive.
K: cp is in {0021..007E}
L: Control(cp) = True
This PRECIS-specific category is used to group code points that are not recommended for use in PRECIS string classes.
M: Default_Ignorable_Code_Point(cp) = True or
Noncharacter_Code_Point(cp) = True
The definition for Default_Ignorable_Code_Point can be found in the DerivedCoreProperties.txt file, and at the time of Unicode 6.0 is as follows:
Other_Default_Ignorable_Code_Point
+ Cf (Format characters)
+ Variation_Selector
- White_Space
- FFF9..FFFB (Annotation Characters)
- 0600..0603, 06DD, 070F (exceptional Cf characters
that should be visible)
This PRECIS-specific category is used to group code points that are space characters.
N: General_Category(cp) is in {Zs}
This PRECIS-specific category is used to group code points that are symbols.
O: General_Category(cp) is in {Sc}
This PRECIS-specific category is used to group code points that are punctuation marks.
P: General_Category(cp) is in {Pi}
This PRECIS-specific category is used to group code points that have compatibility equivalents as explained in Chapter 2 and Chapter 3 of [UNICODE].
Q: toNFKC(cp) != cp
The toNFKC() operation returns the code point in normalization form KC. For more information, see Section 5 of [UAX15].
Possible values of the derived property are:
NOTE: In some instances, the value of the derived property calculated depends on the string class (e.g., if an identifier used in an application protocol is defined as using or subclassing the PRECIS NameClass, then a space character would be assigned to NAMECLASS_DISALLOWED).
The algorithm to calculate the value of the derived property is as follows. (NOTE: Use of the name of a rule (such as "Exception") implies the set of code points that the rule defines, whereas the same name as a function call (such as "Exception(cp)") implies the value that the code point has in the Exceptions table.)
If .cp. .in. Exceptions Then Exceptions(cp);
Else If .cp. .in. BackwardCompatible Then BackwardCompatible(cp);
Else If .cp. .in. Unassigned Then UNASSIGNED;
Else If .cp. .in. ASCII7 Then PVALID;
Else If .cp. .in. JoinControl Then CONTEXTJ;
Else If .cp. .in. PrecisIgnorableProperties Then DISALLOWED;
Else If .cp. .in. Controls Then DISALLOWED;
Else If .cp. .in. OldHangulJamo Then DISALLOWED;
Else If .cp. .in. LetterDigits Then PVALID;
Else If .cp. .in. Spaces Then NAMECLASS_DISALLOWED
or SECRETCLASS_DISALLOWED
or FREECLASS_VALID;
Else If .cp. .in. Symbols Then NAMECLASS_DISALLOWED
or SECRETCLASS_DISALLOWED
or FREECLASS_VALID;
Else If .cp. .in. Punctuation Then NAMECLASS_DISALLOWED
or SECRETCLASS_DISALLOWED
or FREECLASS_VALID;
Else If .cp. .in. HasCompat Then NAMECLASS_DISALLOWED
or SECRETCLASS_VALID
or FREECLASS_VALID;
Else DISALLOWED;
The Categories and Rules defined in Section 6 and Section 7 apply to all Unicode code points. The table in Section 13 shows, for illustrative purposes, the consequences of the categories and classification rules, and the resulting property values.
The list of code points that can be found in Section 13 is non-normative. Instead, the rules defined by Section 6 and Section 7 are normative, and any tables are derived from the rules.
IANA is requested to create a PRECIS-specific registry with the Derived Properties for the versions of Unicode that are released after (and including) version 6.0. The derived property value is to be calculated in cooperation with a designated expert [RFC5226] according to the specifications in Section 6 and Section 7, and not by copying the non-normative table found in Section 13.
If during this process (creation of the table of derived property values) followed by a designated expert review, either backward-incompatible changes to the table of derived properties are discovered, or otherwise problems during the creation of the table arises, that is to be flagged to the IESG. Changes to the rules (as specified in Section 6 and Section 7) require IETF Review, as described in [RFC5226].
IANA is requested to create a registry of application protocols that use the base string classes. The registry will include one entry for each use (e.g., if a protocol uses both the NameClass and the FreeClass then the specification for that protocol would submit two registrations). In accordance with [RFC5226], the registration policy is "First Come First Served".
The registration template is as follows:
The security of applications that use this framework can depend in part on the proper preparation and comparison of internationalized strings. For example, such strings can be used to make authentication and authorization decisions, and the security of an application could be compromised if an entity providing a given string is connected to the wrong account or online resource based on different interpretations of the string.
Specifications of application protocols that use this framework are encouraged to describe how internationalized strings are used in the protocol, including the security implications of any false positives and false negatives that might result from various comparison operations. For some helpful guidelines, refer to [IDENTIFIER], [RFC5890], [UTR36], and [UTR39].
When systems use local character sets other than ASCII and Unicode, these specifications leave the problem of converting between the local character set and Unicode up to the application or local system. If different applications (or different versions of one application) implement different rules for conversions among coded character sets, they could interpret the same name differently and contact different application servers or other network entities. This problem is not solved by security protocols, such as Transport Layer Security (TLS) [RFC5246] and the Simple Authentication and Security Layer (SASL) [RFC4422], that do not take local character sets into account.
Some characters are visually similar and thus can cause confusion among humans. Such characters are often called "confusable characters" or "confusables".
The problem of confusable characters is not necessarily caused by the use of Unicode code points outside the US-ASCII range. For example, in some presentations and to some individuals the string "ju1iet" (spelled with the Arabic numeral one as the third character) might appear to be the same as "juliet" (spelled with the lowercase version of the letter "L"), especially on casual visual inspection. This phenomenon is sometimes called "typejacking".
However, the problem is made more serious by introducing the full range of Unicode code points into protocol strings. For example, the characters U+13DA U+13A2 U+13B5 U+13AC U+13A2 U+13AC U+13D2 from the Cherokee block look similar to the US-ASCII characters "STPETER" as they might look when presented in a "creative" font.
In some examples of confusable characters, it is unlikely that the average human could tell the difference between the real string and the fake string. (Indeed, there is no programmatic way to distinguish with full certainty which is the fake string and which is the real string; in some contexts, the string formed of Cherokee characters might be the real string and the string formed of US-ASCII characters might be the fake string.) Because PRECIS-compliant strings can contain almost any properly encoded Unicode code point, it can be relatively easy to fake or mimic some strings in systems that use the PRECIS framework. The fact that some strings are easily confused introduces security vulnerabilities of the kind that have also plagued the World Wide Web, specifically the phenomenon known as phishing.
Despite the fact that some specific suggestions about identification and handling of confusable characters appear in the Unicode Security Considerations [UTR36], it is also true (as noted in [RFC5890]) that "there are no comprehensive technical solutions to the problems of confusable characters". Because it is impossible to map visually similar characters without a great deal of context (such as knowing the fonts used), the PRECIS framework does nothing to map similar-looking characters together, nor does it prohibit some characters because they look like others.
However, specifications for application protocols that use this framework MUST describe how confusable characters can be used to compromise the security of systems that use the protocol in question, and any protocol-specific suggestions for overcoming those threats. In particular, software implementations and service deployments that use PRECIS-based technologies are strongly encouraged to define and implement consistent policies regarding the registration, storage, and presentation of visually similar characters. The following recommendations are appropriate:
One goal of passwords and passphrases is to maximize the amount of entropy, for example by allowing a wide range of code points and by ensuring that secrets are not prepared in such a way that code points are compared aggressively. Therefore, it is NOT RECOMMENDED for application protocols to subclass the FreeClass for use in passwords and passphrases in a way that removes entire categories (e.g., by disallowing symbols or punctuation). Furthermore, it is NOT RECOMMENDED for application protocols to map uppercase and titlecase code points to their lowercase equivalents in such strings; instead, it is RECOMMENDED to preserve the case of all code points contained in such strings.
That said, software implementers need to be aware that there exist tradeoffs between entropy and usability. For example, allowing a user to establish a password containing "uncommon" code points might make it difficult for the user to access an application when using an unfamiliar or constrained input device.
Some application protocols use passwords and passphrases directly, whereas others reuse technologies that themselves process passwords (one example is the Simple Authentication and Security Layer [RFC4422]). Moreover, passwords are often carried by a sequence of protocols with backends authentication systems or data storage systems such as RADIUS [RFC2865] and LDAP [RFC4510]. Developers of application protocols are encouraged to look into reusing these profiles instead of defining new ones, so that end-user expectations about passwords are consistent no matter which application protocol is used.
Although strings that are consumed in PRECIS-based application protocols are often encoded using UTF-8 [RFC3629], the exact encoding is a matter for the using protocol, not the PRECIS framework.
It is known that some existing systems are unable to support the full Unicode character set, or even any characters outside the US-ASCII range. If two (or more) applications need to interoperate when exchanging data (e.g., for the purpose of authenticating a username or password), they will naturally need have in common at least one coded character set (as defined by [RFC6365]). Establishing such a baseline is a matter for the using protocol, not the PRECIS framework.
The authors would like to acknowledge the comments and contributions of the following individuals: David Black, Mark Davis, Alan DeKok, Martin Duerst, Patrik Faltstrom, Ted Hardie, Joe Hildebrand, Paul Hoffman, Jeffrey Hutzelman, Simon Josefsson, John Klensin, Alexey Melnikov, Yoav Nir, Mike Parker, Pete Resnick, Andrew Sullivan, Dave Thaler, and Yoshiro Yoneya.
Some algorithms and textual descriptions have been borrowed from [RFC5892]. Some text regarding security has been borrowed from [RFC5890] and [XMPP-ADDR].
To follow.
To follow.
| [RFC2119] | Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. |
| [RFC5198] | Klensin, J. and M. Padlipsky, "Unicode Format for Network Interchange", RFC 5198, March 2008. |
| [UNICODE] | The Unicode Consortium, "The Unicode Standard, Version 6.0", 2010. |