Internet Draft                                            Dan Oscarsson
draft-ietf-idn-udns-03.txt                                Telia ProSoft
Updates: RFC 2181, 1035, 1034, 2535                       19 August 2001
Expires: 19 February 2002

   Using the Universal Character Set in the Domain Name System (UDNS)

Status of this memo

   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC2026.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups. Note that other
   groups may also distribute working documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time. It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

     The list of current Internet-Drafts can be accessed at
     http://www.ietf.org/ietf/1id-abstracts.txt

     The list of Internet-Draft Shadow Directories can be accessed at
     http://www.ietf.org/shadow.html.


Abstract

   Since the Domain Name System (DNS) [RFC1035] was created there have
   been a desire to use other characters than ASCII in domain names.
   Lately this desire have grown very strong and several groups have
   started to experiment with non-ASCII names.  This document defines
   how the Universal Character Set (UCS) [ISO10646] is to be used in
   DNS.  It includes both a transition scheme for older software
   supporting non-ASCII handling in applications only, as well as how to
   use UCS in labels and having more than 63 octets in a label.


1. Introduction

   While the need for non-ASCII domain names have existed since the
   creation of the DNS, the need have increased very much during the
   last few years. Currently there are at least two implementations
   using UTF-8 in use, and others using other methods.

   To avoid several different implementations of non-ASCII names in DNS



Dan Oscarsson          Expires: 19 February 2002                [Page 1]


Internet Draft               Universal DNS                19 August 2001


   that do not work together, and to avoid breaking the current ASCII
   only DNS, there is an immediate need to standardise how DNS shall
   handle non-ASCII names.

   While the DNS protocol allow any octet in character data, so far the
   octets are only defined for the ASCII code points. Octets outside the
   ASCII range have no defined interpretation. This document defines how
   all octets are to be used in character data allowing a standardised
   way to use non-ASCII in DNS.

   The specification here conforms to the IDN requirements [IDNREQ].

1.1 Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

    IDN: Internationalised Domain Name, here used to mean a domain name
      containing non-ASCII characters.

    ACE: ASCII Compatible Encoding. Used to encode IDNs in a way
      compatible with the ASCII host name syntax.

1.2 Previous versions of this document

   This version contains just minor corrections to the 4:th version.

   The third version of this document included a way to return both
   ASCII and non-ASCII versions of a name. As this could not be
   guaranteed to work it has been removed.

   The second version of this document was available as draft-ietf-idn-
   udns-00.txt. It included a lot of possibilities as well as a flag bit
   that is now removed.

   The first version of this document was available as draft-oscarsson-
   i18ndns-00.txt.


2. The DNS Protocol

   The DNS protocol is used when communicating between DNS servers and
   other DNS servers or DNS clients. User interface issues like the
   format of zone files or how to enter or display domain names are not
   part of the protocol.

   The update of the protocol defined here can be used immediately as it



Dan Oscarsson          Expires: 19 February 2002                [Page 2]


Internet Draft               Universal DNS                19 August 2001


   is fully compatible with the DNS of today.

   For a long time there will be software understanding UCS in DNS and
   software only understanding ASCII in DNS. It is therefore necessary
   to support a mixing of both types. For the following text software
   understanding UCS in DNS will be called UDNS aware.

   This specification supports the following scenarios:

    - UDNS unaware client, UDNS aware DNS server
    - UDNS aware client, UDNS unaware DNS server
    - UDNS aware client, UDNS aware DNS server


2.1 Fundamentals

2.1.1 Standard Character Encoding (SCE)

   Character data need to be able to represent as much as possible of
   the characters in the world as well as being compatible with ASCII.
   Character data is used in labels and in text fields in the RDATA part
   of a RR.

   The Standard Character Encoding of character data used in the DNS
   protocol MUST:
    - Use ISO 10646 (UCS) [ISO10646] as coded character set.
    - Be normalised using form C as defined in Unicode technical report
      #15 [UTR15]. See also [CHNORM].
    - Encoded using the UTF-8 [RFC2279] character encoding scheme.

2.1.2 Binary Comparison Format (BCF)

   RFC 1035 states that the labels of a name are matched case-
   insensitively.  When using UCS this is no longer enough as there are
   other forms than case that need to match as equivalent. Form-
   insensitive matching of UCS includes:
    - Letters of different case are compared as the same character.
    - Code points of primary typographical variations of the same
      character are compared as the same character. An example is double
      width/normal width characters or presentation forms of a
      character.
    - Some characters are represented with multiple code points in UCS.
      All code points of one character must compare as the same.  For
      example the degree Kelvin sign is the same as the letter K.

   The original definition is now extended to be: labels must be
   compared using form-insensitivity.




Dan Oscarsson          Expires: 19 February 2002                [Page 3]


Internet Draft               Universal DNS                19 August 2001


   To handle form-insensitivity it is here defined the Binary Comparison
   Format (BCF) to which strings can be mapped.  After strings is mapped
   to BCF they can be compared using binary string comparison.
   Implementors may implement the form-insensitive comparison without
   using BCF, as long as the results are the same.

   Mapping of a label to BCF is typically done by steps like: changing
   all upper case letters to lower case, mapping different forms to one
   form and changing different code points of one character into a
   single code point.

   For the UCS character code range 0-255 (ASCII and ISO 8859-1) the BCF
   MUST be done by mapping all upper case characters to lower case
   following the one to one mapping as defined in the Unicode 3.0
   Character Database [UDATA].

   The definition of the Binary Comparison Format (BCF) for the rest of
   UCS will be defined in a separate document. The nearest today is
   [NAMEPREP].

2.1.3 Backward Compatibility Encoding (BCE)

   To support older software expecting only ASCII and to support
   downgrading from 8-bit to 7-bit ASCII in other protocols (like SMTP)
   a Backward Compatibility Encoding (BCE) is available. It is a
   transition mechanism and will no longer be supported at some future
   time when it is so decided.

   The Backward Compatibility Encoding (BCE) of a label is defined as
   the BCF of the label encoded using an ASCII Compatible Encoding
   (ACE).

   The definition of the ACE to be used, is defined in a separate
   document.  Typical definitions that are suitable are [SACE] and
   [RACE].

   The reason that the BCF form of the label is used is to support
   solutions where only applications know about non-ASCII labels. By
   using BCF the server need not know about UCS and can just do binary
   matching so it can be handled in old servers. Though due to the fact
   that BCF destroys information contained in the original form of a
   label it is impossible to return the original form to a client using
   BCE.

2.1.4 Long names

   The current DNS protocol limits a label to 63 octets. As UTF-8 take
   more than one octet for some characters, an UTF-8 name cannot have 63



Dan Oscarsson          Expires: 19 February 2002                [Page 4]


Internet Draft               Universal DNS                19 August 2001


   characters in a label like an ASCII name can. For example a name
   using Hangul would have a maximum of 21 characters.

   The limits imposed by RFC 1035 is 63 octets per label and 255 octets
   for the full name. The 255 limit is not a protocol limit but one to
   simplify implementations.

   To support longer names a long label type is defined using [RFC2671]
   as extended label 0b000011 (the label type will be assigned by IANA
   and may not be the number used here).

                                 1 1 1 1 1 1 1 1 1 1
             0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9
            +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
            |0 1 0 0 0 0 1 1|  length       |  label data ...
            +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

   length: length of label in octets
   label data: the label

   The long label MUST be handled by all software following this
   specification.  Also, they MUST support a UDP packet size of up to
   1280 bytes.

   The limits for labels are updated since RFC 1025 as follows:
   A label is limited to a maximum of 63 character code points in UCS
   normalised using Unicode form C.  The full name is limited to a
   maximum of 255 character code points normalised as for a label.

   A long label MUST always use the Standard Character Encoding (SCE).

   As long labels are not understood by older software, a response MUST
   not include a long label unless the query did. At a later date, IETF
   may change this.


2.2 Rules for matching of domain names in UDNS aware DNS servers

   To be able to handle correct domain name matching in lookups, the
   following MUST be followed by DNS servers:
    - Do matching on authorative data using form-insensitive matching
      for the characters used in the data (for example a zone using only
      ASCII need only handle matching of ASCII characters).
    - On non-authorative data, either do binary matching or case-
      insensitive matching on ASCII letters and binary matching on all
      others.

   The effect of the above is:



Dan Oscarsson          Expires: 19 February 2002                [Page 5]


Internet Draft               Universal DNS                19 August 2001


    - only servers handling authorative data must implement form-
      insensitive matching of names. And they need only implement the
      subset needed for the subset of characters of UCS they support in
      their authorative zones.
    - it normally gives fast lookup because data is usually sent like:
      resolver <-> server <-> authorative server.
      While form-insensitive matching can be complex and CPU consuming,
      the server in the middle will do caching with only simple and fast
      binary matching. So the impact of complex matching rules should
      not slow down DNS very much.

2.3 Mixing of UDNS aware and non-UDNS aware clients and servers

   To handle the mixing of UDNS aware and non-UDNS aware clients and
   servers the following MUST be followed for clients and servers.

2.3.1 Native UDNS aware client

   A native UDNS aware client is a client supporting all in this
   document.

   When doing a query it MUST:
    - Use the long label in the QNAME.
    - If server rejected query due to long label, retry the query using
      the normal short label. If the QNAME contains non-ASCII it must be
      encoded using BCE.
    - Handle answers containg BCE.

   The client may skip trying a query using the long label if it knows
   the server does not understand it.

2.3.2 Application based UDNS aware client

   An application based UDNS aware client is a client supporting UDNS
   through BCE handling in the application.

   It only understands BCE and need only a non-UDNS aware resolver to
   work.  All encoding and decoding of BCE is handled in the
   application.

   Due to BCE being an ACE of BCF the names returned in an answer need
   not contain the real form of the name. Instead it may contains the
   simplified form used in name matching. As this is a transition
   mechanism to support non-ASCII in names before the DNS servers have
   been upgraded, it is acceptable and will give people a reason to
   upgrade.

2.3.3 non-UDNS aware client



Dan Oscarsson          Expires: 19 February 2002                [Page 6]


Internet Draft               Universal DNS                19 August 2001


   A non-UDNS aware client will send ASCII or whatever is sent from an
   application. It can be BCE which will for the client just be ASCII
   text.

2.3.4 UDNS aware server

   An UDNS aware server MUST handle all in this document and follow:
    - If an incoming query contains a long label the answer may contain
      a long label and the client is identified as being UDNS aware.
    - If the query comes from a non-UDNS aware client and the answer
      contains non-ASCII, the non-ASCII labels must be encoded using
      BCE.
    - If a short label is used in a query and the QNAME contains non-
      ASCII, an authorative server must handle the query if the
      character encoding can be recognised. If must recognise SCE and
      should recognise common encodings used for the labels in the
      domain it is authorative for. Answers will use BCE for all labels
      except the one matching QNAME.  This will allow clients using the
      local character set to work in many cases before the resolver code
      is upgraded.

2.3.5 non-UDNS aware server

   A non-UDNS server can only handle ASCII matching when comparing
   names.  It can support the transition mechanism with BCE. The
   authorative zones will then have to be loaded with manually BCE
   encoded names.

2.4 DNSSEC

   As labels now can have non-ASCII in them, DNSSEC [RFC2535] need to be
   revised so that it also can handle that.


3. Effect on other protocols

   As now a domain name may include non-ASCII many other protocols that
   include domain names need to be updated. For example SMTP, HTTP and
   URIs. The BCE format can be used when interfacing with ASCII only
   software or protocols.  Protocols like SMTP could be extended using
   ESMTP and a UTF8 option that defines that all headers are in UTF-8.

   It is recommended that protocols updated to handle i18n do this by
   encoding character data in the same standard format as defined for
   DNS in this document (UCS normalised form C). The use of encoding it
   in ASCII or by tagged character sets should be avoided.

   DNS do not only have domain names in them, for example e-mail



Dan Oscarsson          Expires: 19 February 2002                [Page 7]


Internet Draft               Universal DNS                19 August 2001


   addresses are also included. So an e-mail address would be expected
   to be changed to include non-ASCII both before and after the @-sign.

   Software need to be updated to follow the user interface
   recommendations given above, so that a human will see the characters
   in their local character set, if possible.

4. Security Considerations

   As always with data, if software does not check for data that can be
   a problem, security may be affected. As more characters than ASCII is
   allowed, software only expecting ASCII and with no checks may now get
   security problems.

5. References

   [RFC1034]  P. Mockapetris, "Domain Names - Concepts and Facilities",
              STD 13, RFC 1034, November 1987.

   [RFC1035]  P. Mockapetris, "Domain Names - Implementation and
              Specification", STD 13, RFC 1035, November 1987.

   [RFC2119]  Scott Bradner, "Key words for use in RFCs to Indicate
              Requirement Levels", March 1997, RFC 2119.

   [RFC2181]  R. Elz and R. Bush, "Clarifications to the DNS
              Specification", RFC 2181, July 1997.

   [RFC2279]  F. Yergeau, "UTF-8, a transformation format of ISO 10646",
              RFC 2279, January 1998.

   [RFC2535]  D. Eastlake, "Domain Name System Security Extensions".
              RFC 2535, March 1999.

   [RFC2671]  P. Vixie, "Extension Mechanisms for DNS (EDNS0)", RFC
              2671, August 1999.

   [ISO10646] ISO/IEC 10646-1:2000. International Standard --
              Information technology -- Universal Multiple-Octet Coded
              Character Set (UCS)

   [Unicode]  The Unicode Consortium, "The Unicode Standard -- Version
              3.0", ISBN 0-201-61633-5. Described at
              http://www.unicode.org/unicode/standard/versions/
              Unicode3.0.html

   [UTR15]    M. Davis and M. Duerst, "Unicode Normalization Forms",
              Unicode Technical Report #15, Nov 1999,



Dan Oscarsson          Expires: 19 February 2002                [Page 8]


Internet Draft               Universal DNS                19 August 2001


              http://www.unicode.org/unicode/reports/tr15/.

   [UTR21]    M. Davis, "Case Mappings", Unicode Technical Report #21,
              Dec 1999, http://www.unicode.org/unicode/reports/tr21/.

   [UDATA]    The Unicode Character Database,
              ftp://ftp.unicode.org/Public/UNIDATA/UnicodeData.txt.
              The database is described in
              ftp://ftp.unicode.org/Public/UNIDATA/
              UnicodeCharacterDatabase.html.

   [IDNREQ]   James Seng, "Requirements of Internationalized Domain
   Names", draft-ietf-idn-requirement.

   [IANADNS]  Donald Eastlake, Eric Brunner, Bill Manning, "Domain Name
   System (DNS) IANA Considerations",draft-ietf-dnsext-iana-dns.

   [IDNE]     Marc Blanchet,Paul  Hoffman, "Internationalized domain
   names using EDNS (IDNE)", draft-ietf-idn-idne.

   [CHNORM]   M. Duerst, M. Davis, "Character Normalization in IETF
   Protocols", draft-duerst-i18n-norm.

   [IDNCOMP]  Paul Hoffman, "Comparison of Internationalized Domain Name
   Proposals", draft-ietf-idn-compare.

   [NAMEPREP] Paul Hoffman, "Comparison of Internationalized Domain Name
   Proposals", draft-ietf-idn-compare.

   [SACE]     Dan Oscarsson, "Simple ASCII Compatible Encoding", draft-
   ietf-idn-sace.

   [RACE]     Paul Hoffman, "RACE: Row-based ASCII Compatible Encoding
   for IDN", draft-ietf-idn-race.

6. Acknowledgements

   Paul Hoffman giving many comments in our e-mail discussions.

   Ideas from drafts by Paul Hoffman, Stuart Kwan, James Gilroy and Kent
   Karlsson.

   Magnus Gustavsson, Mark Davis, Kent Karlsson and Andrew Draper for
   comments on my draft.

   Discussions and comments by the members of the IDN working group.





Dan Oscarsson          Expires: 19 February 2002                [Page 9]


Internet Draft               Universal DNS                19 August 2001


Author's Address

   Dan Oscarsson
   Telia ProSoft AB
   Box 85
   201 20 Malmo
   Sweden

   E-mail: Dan.Oscarsson@trab.se










































Dan Oscarsson          Expires: 19 February 2002               [Page 10]