Training courses

Kernel and Embedded Linux

Bootlin training courses

Embedded Linux, kernel,
Yocto Project, Buildroot, real-time,
graphics, boot time, debugging...

Bootlin logo

Elixir Cross Referencer

   1
   2
   3
   4
   5
   6
   7
   8
   9
  10
  11
  12
  13
  14
  15
  16
  17
  18
  19
  20
  21
  22
  23
  24
  25
  26
  27
  28
  29
  30
  31
  32
  33
  34
  35
  36
  37
  38
  39
  40
  41
  42
  43
  44
  45
  46
  47
  48
  49
  50
  51
  52
  53
  54
  55
  56
  57
  58
  59
  60
  61
  62
  63
  64
  65
  66
  67
  68
  69
  70
  71
  72
  73
  74
  75
  76
  77
  78
  79
  80
  81
  82
  83
  84
  85
  86
  87
  88
  89
  90
  91
  92
  93
  94
  95
  96
  97
  98
  99
 100
 101
 102
 103
 104
 105
 106
 107
 108
 109
 110
 111
 112
 113
 114
 115
 116
 117
 118
 119
 120
 121
 122
 123
 124
 125
 126
 127
 128
 129
 130
 131
 132
 133
 134
 135
 136
 137
 138
 139
 140
 141
 142
 143
 144
 145
 146
 147
 148
 149
 150
 151
 152
 153
 154
 155
 156
 157
 158
 159
 160
 161
 162
 163
 164
 165
 166
 167
 168
 169
 170
 171
 172
 173
 174
 175
 176
 177
 178
 179
 180
 181
 182
 183
 184
 185
 186
 187
 188
 189
 190
 191
 192
 193
 194
 195
 196
 197
 198
 199
 200
 201
 202
 203
 204
 205
 206
 207
 208
 209
 210
 211
 212
 213
 214
 215
 216
 217
 218
 219
 220
 221
 222
 223
 224
 225
 226
 227
 228
 229
 230
 231
 232
 233
 234
 235
 236
 237
 238
 239
 240
 241
 242
 243
 244
 245
 246
 247
 248
 249
 250
 251
 252
 253
 254
 255
 256
 257
 258
 259
 260
 261
 262
 263
 264
 265
 266
 267
 268
 269
 270
 271
 272
 273
 274
 275
 276
 277
 278
 279
 280
 281
 282
 283
 284
 285
 286
 287
 288
 289
 290
 291
 292
 293
 294
 295
 296
 297
 298
 299
 300
 301
 302
 303
 304
 305
 306
 307
 308
 309
 310
 311
 312
 313
 314
 315
 316
 317
 318
 319
 320
 321
 322
 323
 324
 325
 326
 327
 328
 329
 330
 331
 332
 333
 334
 335
 336
 337
 338
 339
 340
 341
 342
 343
 344
 345
 346
 347
 348
 349
 350
 351
 352
 353
 354
 355
 356
 357
 358
 359
 360
 361
 362
 363
 364
 365
 366
 367
 368
 369
 370
 371
 372
 373
 374
 375
 376
 377
 378
 379
 380
 381
 382
 383
 384
 385
 386
 387
 388
 389
 390
 391
 392
 393
 394
 395
 396
 397
 398
 399
 400
 401
 402
 403
 404
 405
 406
 407
 408
 409
 410
 411
 412
 413
 414
 415
 416
 417
 418
 419
 420
 421
 422
 423
 424
 425
 426
 427
 428
 429
 430
 431
 432
 433
 434
 435
 436
 437
 438
 439
 440
 441
 442
 443
 444
 445
 446
 447
 448
 449
 450
 451
 452
 453
 454
 455
 456
 457
 458
 459
 460
 461
 462
 463
 464
 465
 466
 467
 468
 469
 470
 471
 472
 473
 474
 475
 476
 477
 478
 479
 480
 481
 482
 483
 484
 485
 486
 487
 488
 489
 490
 491
 492
 493
 494
 495
 496
 497
 498
 499
 500
 501
 502
 503
 504
 505
 506
 507
 508
 509
 510
 511
 512
 513
 514
 515
 516
 517
 518
 519
 520
 521
 522
 523
 524
 525
 526
 527
 528
 529
 530
 531
 532
 533
 534
 535
 536
 537
 538
 539
 540
 541
 542
 543
 544
 545
 546
 547
 548
 549
 550
 551
 552
 553
 554
 555
 556
 557
 558
 559
 560
 561
 562
 563
 564
 565
 566
 567
 568
 569
 570
 571
 572
 573
 574
 575
 576
 577
 578
 579
 580
 581
 582
 583
 584
 585
 586
 587
 588
 589
 590
 591
 592
 593
 594
 595
 596
 597
 598
 599
 600
 601
 602
 603
 604
 605
 606
 607
 608
 609
 610
 611
 612
 613
 614
 615
 616
 617
 618
 619
 620
 621
 622
 623
 624
 625
 626
 627
 628
 629
 630
 631
 632
 633
 634
 635
 636
 637
 638
 639
 640
 641
 642
 643
 644
 645
 646
 647
 648
 649
 650
 651
 652
 653
 654
 655
 656
 657
 658
 659
 660
 661
 662
 663
 664
 665
 666
 667
 668
 669
 670
 671
 672
 673
 674
 675
 676
 677
 678
 679
 680
 681
 682
 683
 684
 685
 686
 687
 688
 689
 690
 691
 692
 693
 694
 695
 696
 697
 698
 699
 700
 701
 702
 703
 704
 705
 706
 707
 708
 709
 710
 711
 712
 713
 714
 715
 716
 717
 718
 719
 720
 721
 722
 723
 724
 725
 726
 727
 728
 729
 730
 731
 732
 733
 734
 735
 736
 737
 738
 739
 740
 741
 742
 743
 744
 745
 746
 747
 748
 749
 750
 751
 752
 753
 754
 755
 756
 757
 758
 759
 760
 761
 762
 763
 764
 765
 766
 767
 768
 769
 770
 771
 772
 773
 774
 775
 776
 777
 778
 779
 780
 781
 782
 783
 784
 785
 786
 787
 788
 789
 790
 791
 792
 793
 794
 795
 796
 797
 798
 799
 800
 801
 802
 803
 804
 805
 806
 807
 808
 809
 810
 811
 812
 813
 814
 815
 816
 817
 818
 819
 820
 821
 822
 823
 824
 825
 826
 827
 828
 829
 830
 831
 832
 833
 834
 835
 836
 837
 838
 839
 840
 841
 842
 843
 844
 845
 846
 847
 848
 849
 850
 851
 852
 853
 854
 855
 856
 857
 858
 859
 860
 861
 862
 863
 864
 865
 866
 867
 868
 869
 870
 871
 872
 873
 874
 875
 876
 877
 878
 879
 880
 881
 882
 883
 884
 885
 886
 887
 888
 889
 890
 891
 892
 893
 894
 895
 896
 897
 898
 899
 900
 901
 902
 903
 904
 905
 906
 907
 908
 909
 910
 911
 912
 913
 914
 915
 916
 917
 918
 919
 920
 921
 922
 923
 924
 925
 926
 927
 928
 929
 930
 931
 932
 933
 934
 935
 936
 937
 938
 939
 940
 941
 942
 943
 944
 945
 946
 947
 948
 949
 950
 951
 952
 953
 954
 955
 956
 957
 958
 959
 960
 961
 962
 963
 964
 965
 966
 967
 968
 969
 970
 971
 972
 973
 974
 975
 976
 977
 978
 979
 980
 981
 982
 983
 984
 985
 986
 987
 988
 989
 990
 991
 992
 993
 994
 995
 996
 997
 998
 999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235






Network Working Group                                       P. Faltstrom
Request for Comments: 3490                                         Cisco
Category: Standards Track                                     P. Hoffman
                                                              IMC & VPNC
                                                             A. Costello
                                                             UC Berkeley
                                                              March 2003


         Internationalizing Domain Names in Applications (IDNA)

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2003).  All Rights Reserved.

Abstract

   Until now, there has been no standard method for domain names to use
   characters outside the ASCII repertoire.  This document defines
   internationalized domain names (IDNs) and a mechanism called
   Internationalizing Domain Names in Applications (IDNA) for handling
   them in a standard fashion.  IDNs use characters drawn from a large
   repertoire (Unicode), but IDNA allows the non-ASCII characters to be
   represented using only the ASCII characters already allowed in so-
   called host names today.  This backward-compatible representation is
   required in existing protocols like DNS, so that IDNs can be
   introduced with no changes to the existing infrastructure.  IDNA is
   only meant for processing domain names, not free text.

Table of Contents

   1. Introduction..................................................  2
      1.1 Problem Statement.........................................  3
      1.2 Limitations of IDNA.......................................  3
      1.3 Brief overview for application developers.................  4
   2. Terminology...................................................  5
   3. Requirements and applicability................................  7
      3.1 Requirements..............................................  7
      3.2 Applicability.............................................  8
         3.2.1. DNS resource records................................  8



Faltstrom, et al.           Standards Track                     [Page 1]

RFC 3490                          IDNA                        March 2003


         3.2.2. Non-domain-name data types stored in domain names...  9
   4. Conversion operations.........................................  9
      4.1 ToASCII................................................... 10
      4.2 ToUnicode................................................. 11
   5. ACE prefix.................................................... 12
   6. Implications for typical applications using DNS............... 13
      6.1 Entry and display in applications......................... 14
      6.2 Applications and resolver libraries....................... 15
      6.3 DNS servers............................................... 15
      6.4 Avoiding exposing users to the raw ACE encoding........... 16
      6.5  DNSSEC authentication of IDN domain names................ 16
   7. Name server considerations.................................... 17
   8. Root server considerations.................................... 17
   9. References.................................................... 18
      9.1 Normative References...................................... 18
      9.2 Informative References.................................... 18
   10. Security Considerations...................................... 19
   11. IANA Considerations.......................................... 20
   12. Authors' Addresses........................................... 21
   13. Full Copyright Statement..................................... 22

1. Introduction

   IDNA works by allowing applications to use certain ASCII name labels
   (beginning with a special prefix) to represent non-ASCII name labels.
   Lower-layer protocols need not be aware of this; therefore IDNA does
   not depend on changes to any infrastructure.  In particular, IDNA
   does not depend on any changes to DNS servers, resolvers, or protocol
   elements, because the ASCII name service provided by the existing DNS
   is entirely sufficient for IDNA.

   This document does not require any applications to conform to IDNA,
   but applications can elect to use IDNA in order to support IDN while
   maintaining interoperability with existing infrastructure.  If an
   application wants to use non-ASCII characters in domain names, IDNA
   is the only currently-defined option.  Adding IDNA support to an
   existing application entails changes to the application only, and
   leaves room for flexibility in the user interface.

   A great deal of the discussion of IDN solutions has focused on
   transition issues and how IDN will work in a world where not all of
   the components have been updated.  Proposals that were not chosen by
   the IDN Working Group would depend on user applications, resolvers,
   and DNS servers being updated in order for a user to use an
   internationalized domain name.  Rather than rely on widespread
   updating of all components, IDNA depends on updates to user
   applications only; no changes are needed to the DNS protocol or any
   DNS servers or the resolvers on user's computers.



Faltstrom, et al.           Standards Track                     [Page 2]

RFC 3490                          IDNA                        March 2003


1.1 Problem Statement

   The IDNA specification solves the problem of extending the repertoire
   of characters that can be used in domain names to include the Unicode
   repertoire (with some restrictions).

   IDNA does not extend the service offered by DNS to the applications.
   Instead, the applications (and, by implication, the users) continue
   to see an exact-match lookup service.  Either there is a single
   exactly-matching name or there is no match.  This model has served
   the existing applications well, but it requires, with or without
   internationalized domain names, that users know the exact spelling of
   the domain names that the users type into applications such as web
   browsers and mail user agents.  The introduction of the larger
   repertoire of characters potentially makes the set of misspellings
   larger, especially given that in some cases the same appearance, for
   example on a business card, might visually match several Unicode code
   points or several sequences of code points.

   IDNA allows the graceful introduction of IDNs not only by avoiding
   upgrades to existing infrastructure (such as DNS servers and mail
   transport agents), but also by allowing some rudimentary use of IDNs
   in applications by using the ASCII representation of the non-ASCII
   name labels.  While such names are very user-unfriendly to read and
   type, and hence are not suitable for user input, they allow (for
   instance) replying to email and clicking on URLs even though the
   domain name displayed is incomprehensible to the user.  In order to
   allow user-friendly input and output of the IDNs, the applications
   need to be modified to conform to this specification.

   IDNA uses the Unicode character repertoire, which avoids the
   significant delays that would be inherent in waiting for a different
   and specific character set be defined for IDN purposes by some other
   standards developing organization.

1.2 Limitations of IDNA

   The IDNA protocol does not solve all linguistic issues with users
   inputting names in different scripts.  Many important language-based
   and script-based mappings are not covered in IDNA and need to be
   handled outside the protocol.  For example, names that are entered in
   a mix of traditional and simplified Chinese characters will not be
   mapped to a single canonical name.  Another example is Scandinavian
   names that are entered with U+00F6 (LATIN SMALL LETTER O WITH
   DIAERESIS) will not be mapped to U+00F8 (LATIN SMALL LETTER O WITH
   STROKE).





Faltstrom, et al.           Standards Track                     [Page 3]

RFC 3490                          IDNA                        March 2003


   An example of an important issue that is not considered in detail in
   IDNA is how to provide a high probability that a user who is entering
   a domain name based on visual information (such as from a business
   card or billboard) or aural information (such as from a telephone or
   radio) would correctly enter the IDN.  Similar issues exist for ASCII
   domain names, for example the possible visual confusion between the
   letter 'O' and the digit zero, but the introduction of the larger
   repertoire of characters creates more opportunities of similar
   looking and similar sounding names.  Note that this is a complex
   issue relating to languages, input methods on computers, and so on.
   Furthermore, the kind of matching and searching necessary for a high
   probability of success would not fit the role of the DNS and its
   exact matching function.

1.3 Brief overview for application developers

   Applications can use IDNA to support internationalized domain names
   anywhere that ASCII domain names are already supported, including DNS
   master files and resolver interfaces.  (Applications can also define
   protocols and interfaces that support IDNs directly using non-ASCII
   representations.  IDNA does not prescribe any particular
   representation for new protocols, but it still defines which names
   are valid and how they are compared.)

   The IDNA protocol is contained completely within applications.  It is
   not a client-server or peer-to-peer protocol: everything is done
   inside the application itself.  When used with a DNS resolver
   library, IDNA is inserted as a "shim" between the application and the
   resolver library.  When used for writing names into a DNS zone, IDNA
   is used just before the name is committed to the zone.

   There are two operations described in section 4 of this document:

   -  The ToASCII operation is used before sending an IDN to something
      that expects ASCII names (such as a resolver) or writing an IDN
      into a place that expects ASCII names (such as a DNS master file).

   -  The ToUnicode operation is used when displaying names to users,
      for example names obtained from a DNS zone.

   It is important to note that the ToASCII operation can fail.  If it
   fails when processing a domain name, that domain name cannot be used
   as an internationalized domain name and the application has to have
   some method of dealing with this failure.

   IDNA requires that implementations process input strings with
   Nameprep [NAMEPREP], which is a profile of Stringprep [STRINGPREP],
   and then with Punycode [PUNYCODE].  Implementations of IDNA MUST



Faltstrom, et al.           Standards Track                     [Page 4]

RFC 3490                          IDNA                        March 2003


   fully implement Nameprep and Punycode; neither Nameprep nor Punycode
   are optional.

2. Terminology

   The key words "MUST", "SHALL", "REQUIRED", "SHOULD", "RECOMMENDED",
   and "MAY" in this document are to be interpreted as described in BCP
   14, RFC 2119 [RFC2119].

   A code point is an integer value associated with a character in a
   coded character set.

   Unicode [UNICODE] is a coded character set containing tens of
   thousands of characters.  A single Unicode code point is denoted by
   "U+" followed by four to six hexadecimal digits, while a range of
   Unicode code points is denoted by two hexadecimal numbers separated
   by "..", with no prefixes.

   ASCII means US-ASCII [USASCII], a coded character set containing 128
   characters associated with code points in the range 0..7F.  Unicode
   is an extension of ASCII: it includes all the ASCII characters and
   associates them with the same code points.

   The term "LDH code points" is defined in this document to mean the
   code points associated with ASCII letters, digits, and the hyphen-
   minus; that is, U+002D, 30..39, 41..5A, and 61..7A. "LDH" is an
   abbreviation for "letters, digits, hyphen".

   [STD13] talks about "domain names" and "host names", but many people
   use the terms interchangeably.  Further, because [STD13] was not
   terribly clear, many people who are sure they know the exact
   definitions of each of these terms disagree on the definitions.  In
   this document the term "domain name" is used in general.  This
   document explicitly cites [STD3] whenever referring to the host name
   syntax restrictions defined therein.

   A label is an individual part of a domain name.  Labels are usually
   shown separated by dots; for example, the domain name
   "www.example.com" is composed of three labels: "www", "example", and
   "com".  (The zero-length root label described in [STD13], which can
   be explicit as in "www.example.com." or implicit as in
   "www.example.com", is not considered a label in this specification.)
   IDNA extends the set of usable characters in labels that are text.
   For the rest of this document, the term "label" is shorthand for
   "text label", and "every label" means "every text label".






Faltstrom, et al.           Standards Track                     [Page 5]

RFC 3490                          IDNA                        March 2003


   An "internationalized label" is a label to which the ToASCII
   operation (see section 4) can be applied without failing (with the
   UseSTD3ASCIIRules flag unset).  This implies that every ASCII label
   that satisfies the [STD13] length restriction is an internationalized
   label.  Therefore the term "internationalized label" is a
   generalization, embracing both old ASCII labels and new non-ASCII
   labels.  Although most Unicode characters can appear in
   internationalized labels, ToASCII will fail for some input strings,
   and such strings are not valid internationalized labels.

   An "internationalized domain name" (IDN) is a domain name in which
   every label is an internationalized label.  This implies that every
   ASCII domain name is an IDN (which implies that it is possible for a
   name to be an IDN without it containing any non-ASCII characters).
   This document does not attempt to define an "internationalized host
   name".  Just as has been the case with ASCII names, some DNS zone
   administrators may impose restrictions, beyond those imposed by DNS
   or IDNA, on the characters or strings that may be registered as
   labels in their zones.  Such restrictions have no impact on the
   syntax or semantics of DNS protocol messages; a query for a name that
   matches no records will yield the same response regardless of the
   reason why it is not in the zone.  Clients issuing queries or
   interpreting responses cannot be assumed to have any knowledge of
   zone-specific restrictions or conventions.

   In IDNA, equivalence of labels is defined in terms of the ToASCII
   operation, which constructs an ASCII form for a given label, whether
   or not the label was already an ASCII label.  Labels are defined to
   be equivalent if and only if their ASCII forms produced by ToASCII
   match using a case-insensitive ASCII comparison.  ASCII labels
   already have a notion of equivalence: upper case and lower case are
   considered equivalent.  The IDNA notion of equivalence is an
   extension of that older notion.  Equivalent labels in IDNA are
   treated as alternate forms of the same label, just as "foo" and "Foo"
   are treated as alternate forms of the same label.

   To allow internationalized labels to be handled by existing
   applications, IDNA uses an "ACE label" (ACE stands for ASCII
   Compatible Encoding).  An ACE label is an internationalized label
   that can be rendered in ASCII and is equivalent to an
   internationalized label that cannot be rendered in ASCII.  Given any
   internationalized label that cannot be rendered in ASCII, the ToASCII
   operation will convert it to an equivalent ACE label (whereas an
   ASCII label will be left unaltered by ToASCII).  ACE labels are
   unsuitable for display to users.  The ToUnicode operation will
   convert any label to an equivalent non-ACE label.  In fact, an ACE
   label is formally defined to be any label that the ToUnicode
   operation would alter (whereas non-ACE labels are left unaltered by



Faltstrom, et al.           Standards Track                     [Page 6]

RFC 3490                          IDNA                        March 2003


   ToUnicode).  Every ACE label begins with the ACE prefix specified in
   section 5.  The ToASCII and ToUnicode operations are specified in
   section 4.

   The "ACE prefix" is defined in this document to be a string of ASCII
   characters that appears at the beginning of every ACE label.  It is
   specified in section 5.

   A "domain name slot" is defined in this document to be a protocol
   element or a function argument or a return value (and so on)
   explicitly designated for carrying a domain name.  Examples of domain
   name slots include: the QNAME field of a DNS query; the name argument
   of the gethostbyname() library function; the part of an email address
   following the at-sign (@) in the From: field of an email message
   header; and the host portion of the URI in the src attribute of an
   HTML <IMG> tag.  General text that just happens to contain a domain
   name is not a domain name slot; for example, a domain name appearing
   in the plain text body of an email message is not occupying a domain
   name slot.

   An "IDN-aware domain name slot" is defined in this document to be a
   domain name slot explicitly designated for carrying an
   internationalized domain name as defined in this document.  The
   designation may be static (for example, in the specification of the
   protocol or interface) or dynamic (for example, as a result of
   negotiation in an interactive session).

   An "IDN-unaware domain name slot" is defined in this document to be
   any domain name slot that is not an IDN-aware domain name slot.
   Obviously, this includes any domain name slot whose specification
   predates IDNA.

3. Requirements and applicability

3.1 Requirements

   IDNA conformance means adherence to the following four requirements:

   1) Whenever dots are used as label separators, the following
      characters MUST be recognized as dots: U+002E (full stop), U+3002
      (ideographic full stop), U+FF0E (fullwidth full stop), U+FF61
      (halfwidth ideographic full stop).

   2) Whenever a domain name is put into an IDN-unaware domain name slot
      (see section 2), it MUST contain only ASCII characters.  Given an
      internationalized domain name (IDN), an equivalent domain name
      satisfying this requirement can be obtained by applying the




Faltstrom, et al.           Standards Track                     [Page 7]

RFC 3490                          IDNA                        March 2003


      ToASCII operation (see section 4) to each label and, if dots are
      used as label separators, changing all the label separators to
      U+002E.

   3) ACE labels obtained from domain name slots SHOULD be hidden from
      users when it is known that the environment can handle the non-ACE
      form, except when the ACE form is explicitly requested.  When it
      is not known whether or not the environment can handle the non-ACE
      form, the application MAY use the non-ACE form (which might fail,
      such as by not being displayed properly), or it MAY use the ACE
      form (which will look unintelligle to the user).  Given an
      internationalized domain name, an equivalent domain name
      containing no ACE labels can be obtained by applying the ToUnicode
      operation (see section 4) to each label.  When requirements 2 and
      3 both apply, requirement 2 takes precedence.

   4) Whenever two labels are compared, they MUST be considered to match
      if and only if they are equivalent, that is, their ASCII forms
      (obtained by applying ToASCII) match using a case-insensitive
      ASCII comparison.  Whenever two names are compared, they MUST be
      considered to match if and only if their corresponding labels
      match, regardless of whether the names use the same forms of label
      separators.

3.2 Applicability

   IDNA is applicable to all domain names in all domain name slots
   except where it is explicitly excluded.

   This implies that IDNA is applicable to many protocols that predate
   IDNA.  Note that IDNs occupying domain name slots in those protocols
   MUST be in ASCII form (see section 3.1, requirement 2).

3.2.1. DNS resource records

   IDNA does not apply to domain names in the NAME and RDATA fields of
   DNS resource records whose CLASS is not IN.  This exclusion applies
   to every non-IN class, present and future, except where future
   standards override this exclusion by explicitly inviting the use of
   IDNA.

   There are currently no other exclusions on the applicability of IDNA
   to DNS resource records; it depends entirely on the CLASS, and not on
   the TYPE.  This will remain true, even as new types are defined,
   unless there is a compelling reason for a new type to complicate
   matters by imposing type-specific rules.





Faltstrom, et al.           Standards Track                     [Page 8]

RFC 3490                          IDNA                        March 2003


3.2.2. Non-domain-name data types stored in domain names

   Although IDNA enables the representation of non-ASCII characters in
   domain names, that does not imply that IDNA enables the
   representation of non-ASCII characters in other data types that are
   stored in domain names.  For example, an email address local part is
   sometimes stored in a domain label (hostmaster@example.com would be
   represented as hostmaster.example.com in the RDATA field of an SOA
   record).  IDNA does not update the existing email standards, which
   allow only ASCII characters in local parts.  Therefore, unless the
   email standards are revised to invite the use of IDNA for local
   parts, a domain label that holds the local part of an email address
   SHOULD NOT begin with the ACE prefix, and even if it does, it is to
   be interpreted literally as a local part that happens to begin with
   the ACE prefix.

4. Conversion operations

   An application converts a domain name put into an IDN-unaware slot or
   displayed to a user.  This section specifies the steps to perform in
   the conversion, and the ToASCII and ToUnicode operations.

   The input to ToASCII or ToUnicode is a single label that is a
   sequence of Unicode code points (remember that all ASCII code points
   are also Unicode code points).  If a domain name is represented using
   a character set other than Unicode or US-ASCII, it will first need to
   be transcoded to Unicode.

   Starting from a whole domain name, the steps that an application
   takes to do the conversions are:

   1) Decide whether the domain name is a "stored string" or a "query
      string" as described in [STRINGPREP].  If this conversion follows
      the "queries" rule from [STRINGPREP], set the flag called
      "AllowUnassigned".

   2) Split the domain name into individual labels as described in
      section 3.1.  The labels do not include the separator.

   3) For each label, decide whether or not to enforce the restrictions
      on ASCII characters in host names [STD3].  (Applications already
      faced this choice before the introduction of IDNA, and can
      continue to make the decision the same way they always have; IDNA
      makes no new recommendations regarding this choice.)  If the
      restrictions are to be enforced, set the flag called
      "UseSTD3ASCIIRules" for that label.





Faltstrom, et al.           Standards Track                     [Page 9]

RFC 3490                          IDNA                        March 2003


   4) Process each label with either the ToASCII or the ToUnicode
      operation as appropriate.  Typically, you use the ToASCII
      operation if you are about to put the name into an IDN-unaware
      slot, and you use the ToUnicode operation if you are displaying
      the name to a user; section 3.1 gives greater detail on the
      applicable requirements.

   5) If ToASCII was applied in step 4 and dots are used as label
      separators, change all the label separators to U+002E (full stop).

   The following two subsections define the ToASCII and ToUnicode
   operations that are used in step 4.

   This description of the protocol uses specific procedure names, names
   of flags, and so on, in order to facilitate the specification of the
   protocol.  These names, as well as the actual steps of the
   procedures, are not required of an implementation.  In fact, any
   implementation which has the same external behavior as specified in
   this document conforms to this specification.

4.1 ToASCII

   The ToASCII operation takes a sequence of Unicode code points that
   make up one label and transforms it into a sequence of code points in
   the ASCII range (0..7F).  If ToASCII succeeds, the original sequence
   and the resulting sequence are equivalent labels.

   It is important to note that the ToASCII operation can fail.  ToASCII
   fails if any step of it fails.  If any step of the ToASCII operation
   fails on any label in a domain name, that domain name MUST NOT be
   used as an internationalized domain name.  The method for dealing
   with this failure is application-specific.

   The inputs to ToASCII are a sequence of code points, the
   AllowUnassigned flag, and the UseSTD3ASCIIRules flag.  The output of
   ToASCII is either a sequence of ASCII code points or a failure
   condition.

   ToASCII never alters a sequence of code points that are all in the
   ASCII range to begin with (although it could fail).  Applying the
   ToASCII operation multiple times has exactly the same effect as
   applying it just once.

   ToASCII consists of the following steps:

   1. If the sequence contains any code points outside the ASCII range
      (0..7F) then proceed to step 2, otherwise skip to step 3.




Faltstrom, et al.           Standards Track                    [Page 10]

RFC 3490                          IDNA                        March 2003


   2. Perform the steps specified in [NAMEPREP] and fail if there is an
      error.  The AllowUnassigned flag is used in [NAMEPREP].

   3. If the UseSTD3ASCIIRules flag is set, then perform these checks:

     (a) Verify the absence of non-LDH ASCII code points; that is, the
         absence of 0..2C, 2E..2F, 3A..40, 5B..60, and 7B..7F.

     (b) Verify the absence of leading and trailing hyphen-minus; that
         is, the absence of U+002D at the beginning and end of the
         sequence.

   4. If the sequence contains any code points outside the ASCII range
      (0..7F) then proceed to step 5, otherwise skip to step 8.

   5. Verify that the sequence does NOT begin with the ACE prefix.

   6. Encode the sequence using the encoding algorithm in [PUNYCODE] and
      fail if there is an error.

   7. Prepend the ACE prefix.

   8. Verify that the number of code points is in the range 1 to 63
      inclusive.

4.2 ToUnicode

   The ToUnicode operation takes a sequence of Unicode code points that
   make up one label and returns a sequence of Unicode code points.  If
   the input sequence is a label in ACE form, then the result is an
   equivalent internationalized label that is not in ACE form, otherwise
   the original sequence is returned unaltered.

   ToUnicode never fails.  If any step fails, then the original input
   sequence is returned immediately in that step.

   The ToUnicode output never contains more code points than its input.
   Note that the number of octets needed to represent a sequence of code
   points depends on the particular character encoding used.

   The inputs to ToUnicode are a sequence of code points, the
   AllowUnassigned flag, and the UseSTD3ASCIIRules flag.  The output of
   ToUnicode is always a sequence of Unicode code points.

   1. If all code points in the sequence are in the ASCII range (0..7F)
      then skip to step 3.





Faltstrom, et al.           Standards Track                    [Page 11]

RFC 3490                          IDNA                        March 2003


   2. Perform the steps specified in [NAMEPREP] and fail if there is an
      error.  (If step 3 of ToASCII is also performed here, it will not
      affect the overall behavior of ToUnicode, but it is not
      necessary.)  The AllowUnassigned flag is used in [NAMEPREP].

   3. Verify that the sequence begins with the ACE prefix, and save a
      copy of the sequence.

   4. Remove the ACE prefix.

   5. Decode the sequence using the decoding algorithm in [PUNYCODE] and
      fail if there is an error.  Save a copy of the result of this
      step.

   6. Apply ToASCII.

   7. Verify that the result of step 6 matches the saved copy from step
      3, using a case-insensitive ASCII comparison.

   8. Return the saved copy from step 5.

5. ACE prefix

   The ACE prefix, used in the conversion operations (section 4), is two
   alphanumeric ASCII characters followed by two hyphen-minuses.  It
   cannot be any of the prefixes already used in earlier documents,
   which includes the following: "bl--", "bq--", "dq--", "lq--", "mq--",
   "ra--", "wq--" and "zq--".  The ToASCII and ToUnicode operations MUST
   recognize the ACE prefix in a case-insensitive manner.

   The ACE prefix for IDNA is "xn--" or any capitalization thereof.

   This means that an ACE label might be "xn--de-jg4avhby1noc0d", where
   "de-jg4avhby1noc0d" is the part of the ACE label that is generated by
   the encoding steps in [PUNYCODE].

   While all ACE labels begin with the ACE prefix, not all labels
   beginning with the ACE prefix are necessarily ACE labels.  Non-ACE
   labels that begin with the ACE prefix will confuse users and SHOULD
   NOT be allowed in DNS zones.











Faltstrom, et al.           Standards Track                    [Page 12]

RFC 3490                          IDNA                        March 2003


6. Implications for typical applications using DNS

   In IDNA, applications perform the processing needed to input
   internationalized domain names from users, display internationalized
   domain names to users, and process the inputs and outputs from DNS
   and other protocols that carry domain names.

   The components and interfaces between them can be represented
   pictorially as:

                    +------+
                    | User |
                    +------+
                       ^
                       | Input and display: local interface methods
                       | (pen, keyboard, glowing phosphorus, ...)
   +-------------------|-------------------------------+
   |                   v                               |
   |          +-----------------------------+          |
   |          |        Application          |          |
   |          |   (ToASCII and ToUnicode    |          |
   |          |      operations may be      |          |
   |          |        called here)         |          |
   |          +-----------------------------+          |
   |                   ^        ^                      | End system
   |                   |        |                      |
   | Call to resolver: |        | Application-specific |
   |              ACE  |        | protocol:            |
   |                   v        | ACE unless the       |
   |           +----------+     | protocol is updated  |
   |           | Resolver |     | to handle other      |
   |           +----------+     | encodings            |
   |                 ^          |                      |
   +-----------------|----------|----------------------+
       DNS protocol: |          |
                 ACE |          |
                     v          v
          +-------------+    +---------------------+
          | DNS servers |    | Application servers |
          +-------------+    +---------------------+

   The box labeled "Application" is where the application splits a
   domain name into labels, sets the appropriate flags, and performs the
   ToASCII and ToUnicode operations.  This is described in section 4.







Faltstrom, et al.           Standards Track                    [Page 13]

RFC 3490                          IDNA                        March 2003


6.1 Entry and display in applications

   Applications can accept domain names using any character set or sets
   desired by the application developer, and can display domain names in
   any charset.  That is, the IDNA protocol does not affect the
   interface between users and applications.

   An IDNA-aware application can accept and display internationalized
   domain names in two formats: the internationalized character set(s)
   supported by the application, and as an ACE label.  ACE labels that
   are displayed or input MUST always include the ACE prefix.
   Applications MAY allow input and display of ACE labels, but are not
   encouraged to do so except as an interface for special purposes,
   possibly for debugging, or to cope with display limitations as
   described in section 6.4..  ACE encoding is opaque and ugly, and
   should thus only be exposed to users who absolutely need it.  Because
   name labels encoded as ACE name labels can be rendered either as the
   encoded ASCII characters or the proper decoded characters, the
   application MAY have an option for the user to select the preferred
   method of display; if it does, rendering the ACE SHOULD NOT be the
   default.

   Domain names are often stored and transported in many places.  For
   example, they are part of documents such as mail messages and web
   pages.  They are transported in many parts of many protocols, such as
   both the control commands and the RFC 2822 body parts of SMTP, and
   the headers and the body content in HTTP.  It is important to
   remember that domain names appear both in domain name slots and in
   the content that is passed over protocols.

   In protocols and document formats that define how to handle
   specification or negotiation of charsets, labels can be encoded in
   any charset allowed by the protocol or document format.  If a
   protocol or document format only allows one charset, the labels MUST
   be given in that charset.

   In any place where a protocol or document format allows transmission
   of the characters in internationalized labels, internationalized
   labels SHOULD be transmitted using whatever character encoding and
   escape mechanism that the protocol or document format uses at that
   place.

   All protocols that use domain name slots already have the capacity
   for handling domain names in the ASCII charset.  Thus, ACE labels
   (internationalized labels that have been processed with the ToASCII
   operation) can inherently be handled by those protocols.





Faltstrom, et al.           Standards Track                    [Page 14]

RFC 3490                          IDNA                        March 2003


6.2 Applications and resolver libraries

   Applications normally use functions in the operating system when they
   resolve DNS queries.  Those functions in the operating system are
   often called "the resolver library", and the applications communicate
   with the resolver libraries through a programming interface (API).

   Because these resolver libraries today expect only domain names in
   ASCII, applications MUST prepare labels that are passed to the
   resolver library using the ToASCII operation.  Labels received from
   the resolver library contain only ASCII characters; internationalized
   labels that cannot be represented directly in ASCII use the ACE form.
   ACE labels always include the ACE prefix.

   An operating system might have a set of libraries for performing the
   ToASCII operation.  The input to such a library might be in one or
   more charsets that are used in applications (UTF-8 and UTF-16 are
   likely candidates for almost any operating system, and script-
   specific charsets are likely for localized operating systems).

   IDNA-aware applications MUST be able to work with both non-
   internationalized labels (those that conform to [STD13] and [STD3])
   and internationalized labels.

   It is expected that new versions of the resolver libraries in the
   future will be able to accept domain names in other charsets than
   ASCII, and application developers might one day pass not only domain
   names in Unicode, but also in local script to a new API for the
   resolver libraries in the operating system.  Thus the ToASCII and
   ToUnicode operations might be performed inside these new versions of
   the resolver libraries.

   Domain names passed to resolvers or put into the question section of
   DNS requests follow the rules for "queries" from [STRINGPREP].

6.3 DNS servers

   Domain names stored in zones follow the rules for "stored strings"
   from [STRINGPREP].

   For internationalized labels that cannot be represented directly in
   ASCII, DNS servers MUST use the ACE form produced by the ToASCII
   operation.  All IDNs served by DNS servers MUST contain only ASCII
   characters.

   If a signaling system which makes negotiation possible between old
   and new DNS clients and servers is standardized in the future, the
   encoding of the query in the DNS protocol itself can be changed from



Faltstrom, et al.           Standards Track                    [Page 15]

RFC 3490                          IDNA                        March 2003


   ACE to something else, such as UTF-8.  The question whether or not
   this should be used is, however, a separate problem and is not
   discussed in this memo.

6.4 Avoiding exposing users to the raw ACE encoding

   Any application that might show the user a domain name obtained from
   a domain name slot, such as from gethostbyaddr or part of a mail
   header, will need to be updated if it is to prevent users from seeing
   the ACE.

   If an application decodes an ACE name using ToUnicode but cannot show
   all of the characters in the decoded name, such as if the name
   contains characters that the output system cannot display, the
   application SHOULD show the name in ACE format (which always includes
   the ACE prefix) instead of displaying the name with the replacement
   character (U+FFFD).  This is to make it easier for the user to
   transfer the name correctly to other programs.  Programs that by
   default show the ACE form when they cannot show all the characters in
   a name label SHOULD also have a mechanism to show the name that is
   produced by the ToUnicode operation with as many characters as
   possible and replacement characters in the positions where characters
   cannot be displayed.

   The ToUnicode operation does not alter labels that are not valid ACE
   labels, even if they begin with the ACE prefix.  After ToUnicode has
   been applied, if a label still begins with the ACE prefix, then it is
   not a valid ACE label, and is not equivalent to any of the
   intermediate Unicode strings constructed by ToUnicode.

6.5  DNSSEC authentication of IDN domain names

   DNS Security [RFC2535] is a method for supplying cryptographic
   verification information along with DNS messages.  Public Key
   Cryptography is used in conjunction with digital signatures to
   provide a means for a requester of domain information to authenticate
   the source of the data.  This ensures that it can be traced back to a
   trusted source, either directly, or via a chain of trust linking the
   source of the information to the top of the DNS hierarchy.

   IDNA specifies that all internationalized domain names served by DNS
   servers that cannot be represented directly in ASCII must use the ACE
   form produced by the ToASCII operation.  This operation must be
   performed prior to a zone being signed by the private key for that
   zone.  Because of this ordering, it is important to recognize that
   DNSSEC authenticates the ASCII domain name, not the Unicode form or





Faltstrom, et al.           Standards Track                    [Page 16]

RFC 3490                          IDNA                        March 2003


   the mapping between the Unicode form and the ASCII form.  In the
   presence of DNSSEC, this is the name that MUST be signed in the zone
   and MUST be validated against.

   One consequence of this for sites deploying IDNA in the presence of
   DNSSEC is that any special purpose proxies or forwarders used to
   transform user input into IDNs must be earlier in the resolution flow
   than DNSSEC authenticating nameservers for DNSSEC to work.

7. Name server considerations

   Existing DNS servers do not know the IDNA rules for handling non-
   ASCII forms of IDNs, and therefore need to be shielded from them.
   All existing channels through which names can enter a DNS server
   database (for example, master files [STD13] and DNS update messages
   [RFC2136]) are IDN-unaware because they predate IDNA, and therefore
   requirement 2 of section 3.1 of this document provides the needed
   shielding, by ensuring that internationalized domain names entering
   DNS server databases through such channels have already been
   converted to their equivalent ASCII forms.

   It is imperative that there be only one ASCII encoding for a
   particular domain name.  Because of the design of the ToASCII and
   ToUnicode operations, there are no ACE labels that decode to ASCII
   labels, and therefore name servers cannot contain multiple ASCII
   encodings of the same domain name.

   [RFC2181] explicitly allows domain labels to contain octets beyond
   the ASCII range (0..7F), and this document does not change that.
   Note, however, that there is no defined interpretation of octets
   80..FF as characters.  If labels containing these octets are returned
   to applications, unpredictable behavior could result.  The ASCII form
   defined by ToASCII is the only standard representation for
   internationalized labels in the current DNS protocol.

8. Root server considerations

   IDNs are likely to be somewhat longer than current domain names, so
   the bandwidth needed by the root servers is likely to go up by a
   small amount.  Also, queries and responses for IDNs will probably be
   somewhat longer than typical queries today, so more queries and
   responses may be forced to go to TCP instead of UDP.









Faltstrom, et al.           Standards Track                    [Page 17]

RFC 3490                          IDNA                        March 2003


9. References

9.1 Normative References

   [RFC2119]    Bradner, S., "Key words for use in RFCs to Indicate
                Requirement Levels", BCP 14, RFC 2119, March 1997.

   [STRINGPREP] Hoffman, P. and M. Blanchet, "Preparation of
                Internationalized Strings ("stringprep")", RFC 3454,
                December 2002.

   [NAMEPREP]   Hoffman, P. and M. Blanchet, "Nameprep: A Stringprep
                Profile for Internationalized Domain Names (IDN)", RFC
                3491, March 2003.

   [PUNYCODE]   Costello, A., "Punycode: A Bootstring encoding of
                Unicode for use with Internationalized Domain Names in
                Applications (IDNA)", RFC 3492, March 2003.

   [STD3]       Braden, R., "Requirements for Internet Hosts --
                Communication Layers", STD 3, RFC 1122, and
                "Requirements for Internet Hosts -- Application and
                Support", STD 3, RFC 1123, October 1989.

   [STD13]      Mockapetris, P., "Domain names - concepts and
                facilities", STD 13, RFC 1034 and "Domain names -
                implementation and specification", STD 13, RFC 1035,
                November 1987.

9.2 Informative References

   [RFC2535]    Eastlake, D., "Domain Name System Security Extensions",
                RFC 2535, March 1999.

   [RFC2181]    Elz, R. and R. Bush, "Clarifications to the DNS
                Specification", RFC 2181, July 1997.

   [UAX9]       Unicode Standard Annex #9, The Bidirectional Algorithm,
                <http://www.unicode.org/unicode/reports/tr9/>.

   [UNICODE]    The Unicode Consortium. The Unicode Standard, Version
                3.2.0 is defined by The Unicode Standard, Version 3.0
                (Reading, MA, Addison-Wesley, 2000. ISBN 0-201-61633-5),
                as amended by the Unicode Standard Annex #27: Unicode
                3.1 (http://www.unicode.org/reports/tr27/) and by the
                Unicode Standard Annex #28: Unicode 3.2
                (http://www.unicode.org/reports/tr28/).




Faltstrom, et al.           Standards Track                    [Page 18]

RFC 3490                          IDNA                        March 2003


   [USASCII]    Cerf, V., "ASCII format for Network Interchange", RFC
                20, October 1969.

10. Security Considerations

   Security on the Internet partly relies on the DNS.  Thus, any change
   to the characteristics of the DNS can change the security of much of
   the Internet.

   This memo describes an algorithm which encodes characters that are
   not valid according to STD3 and STD13 into octet values that are
   valid.  No security issues such as string length increases or new
   allowed values are introduced by the encoding process or the use of
   these encoded values, apart from those introduced by the ACE encoding
   itself.

   Domain names are used by users to identify and connect to Internet
   servers.  The security of the Internet is compromised if a user
   entering a single internationalized name is connected to different
   servers based on different interpretations of the internationalized
   domain name.

   When systems use local character sets other than ASCII and Unicode,
   this specification leaves the the problem of transcoding between the
   local character set and Unicode up to the application.  If different
   applications (or different versions of one application) implement
   different transcoding rules, they could interpret the same name
   differently and contact different servers.  This problem is not
   solved by security protocols like TLS that do not take local
   character sets into account.

   Because this document normatively refers to [NAMEPREP], [PUNYCODE],
   and [STRINGPREP], it includes the security considerations from those
   documents as well.

   If or when this specification is updated to use a more recent Unicode
   normalization table, the new normalization table will need to be
   compared with the old to spot backwards incompatible changes.  If
   there are such changes, they will need to be handled somehow, or
   there will be security as well as operational implications.  Methods
   to handle the conflicts could include keeping the old normalization,
   or taking care of the conflicting characters by operational means, or
   some other method.

   Implementations MUST NOT use more recent normalization tables than
   the one referenced from this document, even though more recent tables
   may be provided by operating systems.  If an application is unsure of
   which version of the normalization tables are in the operating



Faltstrom, et al.           Standards Track                    [Page 19]

RFC 3490                          IDNA                        March 2003


   system, the application needs to include the normalization tables
   itself.  Using normalization tables other than the one referenced
   from this specification could have security and operational
   implications.

   To help prevent confusion between characters that are visually
   similar, it is suggested that implementations provide visual
   indications where a domain name contains multiple scripts.  Such
   mechanisms can also be used to show when a name contains a mixture of
   simplified and traditional Chinese characters, or to distinguish zero
   and one from O and l.  DNS zone adminstrators may impose restrictions
   (subject to the limitations in section 2) that try to minimize
   homographs.

   Domain names (or portions of them) are sometimes compared against a
   set of privileged or anti-privileged domains.  In such situations it
   is especially important that the comparisons be done properly, as
   specified in section 3.1 requirement 4.  For labels already in ASCII
   form, the proper comparison reduces to the same case-insensitive
   ASCII comparison that has always been used for ASCII labels.

   The introduction of IDNA means that any existing labels that start
   with the ACE prefix and would be altered by ToUnicode will
   automatically be ACE labels, and will be considered equivalent to
   non-ASCII labels, whether or not that was the intent of the zone
   adminstrator or registrant.

11. IANA Considerations

   IANA has assigned the ACE prefix in consultation with the IESG.





















Faltstrom, et al.           Standards Track                    [Page 20]

RFC 3490                          IDNA                        March 2003


12. Authors' Addresses

   Patrik Faltstrom
   Cisco Systems
   Arstaangsvagen 31 J
   S-117 43 Stockholm  Sweden

   EMail: paf@cisco.com


   Paul Hoffman
   Internet Mail Consortium and VPN Consortium
   127 Segre Place
   Santa Cruz, CA  95060  USA

   EMail: phoffman@imc.org


   Adam M. Costello
   University of California, Berkeley

   URL: http://www.nicemice.net/amc/





























Faltstrom, et al.           Standards Track                    [Page 21]

RFC 3490                          IDNA                        March 2003


13. Full Copyright Statement

   Copyright (C) The Internet Society (2003).  All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works.  However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Acknowledgement

   Funding for the RFC Editor function is currently provided by the
   Internet Society.



















Faltstrom, et al.           Standards Track                    [Page 22]