Internet Engineering Task Force N. Teint Internet-Draft March 23, 2010 Intended status: Experimental Expires: September 24, 2010 An X-IDNA Profile for Network News Group Names draft-teint-xidna-newsgroup-00 Abstract Traditional Network News (Netnews) systems handle only ASCII characters in newsgroup names used in NNTP commands and message headers. This memo defines an extension to allow Internationalised Newsgroup Names, the characters of which can be drawn from the large Unicode repertoire, based on the Extending IDNA to Other Protocols (X-IDNA) base specification. Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on September 24, 2010. Copyright Notice Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved. Teint Expires September 24, 2010 [Page 1] Internet-Draft X-IDNA Profile for Newsgroup Names March 2010 This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. The X-IDNA Profile for Network News Group Names . . . . . . . 4 2.1. Applicability . . . . . . . . . . . . . . . . . . . . . . 4 2.2. Normalisation . . . . . . . . . . . . . . . . . . . . . . 4 2.3. Validation . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Submitting Messages to Moderators . . . . . . . . . . . . . . 5 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 5. Security Considerations . . . . . . . . . . . . . . . . . . . 7 5.1. Visually Similar Characters . . . . . . . . . . . . . . . 7 5.2. Other Issues . . . . . . . . . . . . . . . . . . . . . . . 7 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8 6.1. Normative References . . . . . . . . . . . . . . . . . . . 8 6.2. Informative References . . . . . . . . . . . . . . . . . . 8 Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 9 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 10 Teint Expires September 24, 2010 [Page 2] Internet-Draft X-IDNA Profile for Newsgroup Names March 2010 1. Introduction The X-IDNA base specification ([I-D.teint-xidna-base]) provides a generic framework for internationalisation of addresses, based on IDNA. This memo defines an X-IDNA Profile for use with Netnews newsgroup names. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. Teint Expires September 24, 2010 [Page 3] Internet-Draft X-IDNA Profile for Newsgroup Names March 2010 2. The X-IDNA Profile for Network News Group Names 2.1. Applicability This X-IDNA Profile ([I-D.teint-xidna-base]) applies to newsgroup names defined in [RFC3977] and [RFC5536], i.e. to the following syntax elements: o the and syntax elements defined in Section 9.8 of [RFC3977] (includes the "group" and "wildmat" parameters to the "GROUP", "LISTGROUP", "NEWNEWS" and "LIST" commands). o the defined in Section 3.1.4 of [RFC5536] It also applies to other specifications based on these definitions (or their precedessors) if the elements are to be used as newsgroup names. 2.2. Normalisation Newsgroup names do not require normalisation. 2.3. Validation Validation of internationalised newsgroup names is the responsibility of whoever creates a newsgroup: o for distributed newsgroups, the person sending out the "newgroup" and "checkgroup" control messages (Sections 5.2.1 and 5.2.3 of [RFC5537]) o for local newsgroups, the person creating the newsgroup on the server The following types newsgroup names SHOULD not be created: o newsgroup names containing R-LDH-Labels and fake A-Labels o newsgroup names containing uppercase ASCII characters and extended characters Teint Expires September 24, 2010 [Page 4] Internet-Draft X-IDNA Profile for Newsgroup Names March 2010 3. Submitting Messages to Moderators This section is non-normative. A common method for deriving the email address of the moderator of a group, which is described in a NOTE in section 3.5.1 of [RFC5537], is forming the submission address for a moderated group by replacing each "." in the newsgroup name with "-" and then using that value as the of a formed by appending a set domain. When a forwarding service supports newsgroups the name of which is internationalised, they ought to provide two different addresses to accomodate both X-IDNA-aware and X-IDNA-unaware users: o the result of replacing "." with "-" in the U-Address form of the newsgroup name o the result of replacing "." with "-" in the A-Address form of the newsgroup name, which will usually result in fake A-Labels NOTE: This method not only produces fake labels, which are discouraged in [I-D.teint-xidna-email], but can also produce clashes where newsgroup names only differ in "-" and "." characters. Teint Expires September 24, 2010 [Page 5] Internet-Draft X-IDNA Profile for Newsgroup Names March 2010 4. IANA Considerations This memo includes no request to IANA. Teint Expires September 24, 2010 [Page 6] Internet-Draft X-IDNA Profile for Newsgroup Names March 2010 5. Security Considerations 5.1. Visually Similar Characters By using visually similar characters, an attacker can create newsgroup names that are confusingly similar to other newsgroup names and newsgroup hierarchies that are confusingly similar to other hierarchies. This may not only create a denial of service situation, where communication fails because users are tricked into posting into different groups, but may also create a leak for information where the distribution of the "fake" newsgroup is wider than that of the indented group. This issue most prominently occurs if a single newsgroup servers carries multiple confusingly similar addresses. However, it can also occur if a user agent combines newsgroup lists from multiple servers, such as a private intranet NNTP server and a public, less trusted server, into a single list. Furthermore, even if the user agent clearly identifies the server carrying the group, users might still confuse the newsgroups when they see the familiar name and don't pay attention to the server identification. It is suggested that Netnews server operators take care not to carry hierarchies that exploit confusingly similar newsgroup names. In addition, user agent implementations ought to provide visual indications where a domain name contains multiple scripts, especially when the scripts contain characters that are easily confused visually, such as an omicron in Greek mixed with Latin text. See Section 4.4 of [I-D.ietf-idnabis-defs] for further information on visually similar characters. 5.2. Other Issues See the Security Considerations of [I-D.ietf-idnabis-defs] and [I-D.ietf-idnabis-bidi] for information on other issues. Teint Expires September 24, 2010 [Page 7] Internet-Draft X-IDNA Profile for Newsgroup Names March 2010 6. References 6.1. Normative References [I-D.ietf-idnabis-bidi] Alvestrand, H. and C. Karp, "Right-to-left scripts for IDNA", draft-ietf-idnabis-bidi-07 (work in progress), January 2010. [I-D.ietf-idnabis-defs] Klensin, J., "Internationalized Domain Names for Applications (IDNA): Definitions and Document Framework", draft-ietf-idnabis-defs-13 (work in progress), January 2010. [I-D.teint-xidna-base] Teint, N., "Extending IDNA to Other Protocols (X-IDNA)", draft-teint-xidna-base-00 (work in progress), February 2010. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC3977] Feather, C., "Network News Transfer Protocol (NNTP)", RFC 3977, October 2006. [RFC5536] Murchison, K., Lindsey, C., and D. Kohn, "Netnews Article Format", RFC 5536, November 2009. [RFC5537] Allbery, R. and C. Lindsey, "Netnews Architecture and Protocols", RFC 5537, November 2009. 6.2. Informative References [I-D.teint-xidna-email] Teint, N., "An X-IDNA Profile for Electronic Mail Addresses", draft-teint-xidna-base-00 (work in progress), February 2010. Teint Expires September 24, 2010 [Page 8] Internet-Draft X-IDNA Profile for Newsgroup Names March 2010 Appendix A. Examples In the plain text version of this memo, the sequence "&#nnnn;" denotes the literal Unicode character number nnnn (decimal). Unicode: alt.αλφα-βῆτα-&# 947;άμμα@example.com Normalised: alt.αλφα-βῆτ&# 945;-γάμμα@example.com Extracted: L: "alt" S:"." L:"αλφα-β&# 8134;τα-γάμμα" Converted: L: "alt" S:"." L:"xn-----x8brabcel8esaa2hya7368h" Re-Assembled: alt.xn-----x8brabcel8esaa2hya7368h Teint Expires September 24, 2010 [Page 9] Internet-Draft X-IDNA Profile for Newsgroup Names March 2010 Author's Address Nick Teint Email: nick.teint@googlemail.com Teint Expires September 24, 2010 [Page 10]