💾 Archived View for gemini.bortzmeyer.org › rfc-mirror › rfc8771.txt captured on 2023-12-28 at 16:06:26.
⬅️ Previous capture (2021-11-30)
-=-=-=-=-=-=-
Independent Submission A. Mayrhofer Request for Comments: 8771 nic.at GmbH Category: Experimental J. Hague ISSN: 2070-1721 Sinodun 1 April 2020 The Internationalized Deliberately Unreadable Network NOtation (I-DUNNO) Abstract Domain Names were designed for humans, IP addresses were not. But more than 30 years after the introduction of the DNS, a minority of mankind persists in invading the realm of machine-to-machine communication by reading, writing, misspelling, memorizing, permuting, and confusing IP addresses. This memo describes the Internationalized Deliberately Unreadable Network NOtation ("I-DUNNO"), a notation designed to replace current textual representations of IP addresses with something that is not only more concise but will also discourage this small, but obviously important, subset of human activity. Status of This Memo This document is not an Internet Standards Track specification; it is published for examination, experimental implementation, and evaluation. This document defines an Experimental Protocol for the Internet community. This is a contribution to the RFC Series, independently of any other RFC stream. The RFC Editor has chosen to publish this document at its discretion and makes no statement about its value for implementation or deployment. Documents approved for publication by the RFC Editor are not candidates for any level of Internet Standard; see Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8771. Copyright Notice Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Table of Contents 1. Introduction 2. Terminology 3. The Notation 3.1. Forming I-DUNNO 3.2. Deforming I-DUNNO 4. I-DUNNO Confusion Level Requirements 4.1. Minimum Confusion Level 4.2. Satisfactory Confusion Level 4.3. Delightful Confusion Level 5. Example 6. IANA Considerations 7. Security Considerations 8. References 8.1. Normative References 8.2. Informative References Authors' Addresses 1. Introduction In Section 2.3 of [RFC0791], the original designers of the Internet Protocol carefully defined names and addresses as separate quantities. While they did not explicitly reserve names for human consumption and addresses for machine use, they did consider the matter indirectly in their philosophical communal statement: "A name indicates what we seek." This clearly indicates that names rather than addresses should be of concern to humans. The specification of domain names in [RFC1034], and indeed the continuing enormous effort put into the Domain Name System, reinforces the view that humans should use names and leave worrying about addresses to the machines. RFC 1034 mentions "users" several times, and even includes the word "humans", even though it is positioned slightly unfortunately, though perfectly understandably, in a context of "annoying" and "can wreak havoc" (see Section 5.2.3 of [RFC1034]). Nevertheless, this is another clear indication that domain names are made for human use, while IP addresses are for machine use. Given this, and a long error-strewn history of human attempts to utilize addresses directly, it is obviously desirable that humans should not meddle with IP addresses. For that reason, it appears quite logical that a human-readable (textual) representation of IP addresses was just very vaguely specified in Section 2.1 of [RFC1123]. Subsequently, a directed effort to further discourage human use by making IP addresses more confusing was introduced in [RFC1883] (which was obsoleted by [RFC8200]), and additional options for human puzzlement were offered in Section 2.2 of [RFC4291]. These noble early attempts to hamper efforts by humans to read, understand, or even spell IP addressing schemes were unfortunately severely compromised in [RFC5952]. In order to prevent further damage from human meddling with IP addresses, there is a clear urgent need for an address notation that replaces these "Legacy Notations", and efficiently discourages humans from reading, modifying, or otherwise manipulating IP addresses. Research in this area long ago recognized the potential in ab^H^Hperusing the intricacies, inaccuracies, and chaotic disorder of what humans are pleased to call a "Cultural Technique" (also known as "Script"), and with a certain inexorable inevitability has focused of late on the admirable confusion (and thus discouragement) potential of [UNICODE] as an address notation. In Section 4, we introduce a framework of Confusion Levels as an aid to the evaluation of the effectiveness of any Unicode-based scheme in producing notation in a form designed to be resistant to ready comprehension or, heaven forfend, mutation of the address, and so effecting the desired confusion and discouragement. The authors welcome [RFC8369] as a major step in the right direction. However, we have some reservations about the scheme proposed therein: * Our analysis of the proposed scheme indicates that, while impressively concise, it fails to attain more than at best a Minimum Confusion Level in our classification. * Humans, especially younger ones, are becoming skilled at handling emoji. Over time, this will negatively impact the discouragement factor. * The proposed scheme is specific to IPv6; if a solution to this problem is to be in any way timely, it must, as a matter of the highest priority, address IPv4. After all, even taking the regrettable effects of RFC 5952 into account, IPv6 does at least remain inherently significantly more confusing and discouraging than IPv4. This document therefore specifies an alternative Unicode-based notation, the Internationalized Deliberately Unreadable Network NOtation (I-DUNNO). This notation addresses each of the concerns outlined above: * I-DUNNO can generate Minimum, Satisfactory, or Delightful levels of confusion. * As well as emoji, it takes advantage of other areas of Unicode confusion. * It can be used with IPv4 and IPv6 addresses. We concede that I-DUNNO notation is markedly less concise than that of RFC 8369. However, by permitting multiple code points in the representation of a single address, I-DUNNO opens up the full spectrum of Unicode-adjacent code point interaction. This is a significant factor in allowing I-DUNNO to achieve higher levels of confusion. I-DUNNO also requires no change to the current size of Unicode code points, and so its chances of adoption and implementation are (slightly) higher. Note that the use of I-DUNNO in the reverse DNS system is currently out of scope. The occasional human-induced absence of the magical one-character sequence U+002E is believed to cause sufficient disorder there. Media Access Control (MAC) addresses are totally out of the question. 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. Additional terminology from [RFC6919] MIGHT apply. 3. The Notation I-DUNNO leverages UTF-8 [RFC3629] to obfuscate IP addresses for humans. UTF-8 uses sequences between 1 and 4 octets to represent code points as follows: +-----------------------+-------------------------------------+ | Char. number range | UTF-8 octet sequence | +-----------------------+-------------------------------------+ | (hexadecimal) | (binary) | +=======================+=====================================+ | 0000 0000 - 0000 007F | 0xxxxxxx | +-----------------------+-------------------------------------+ | 0000 0080 - 0000 07FF | 110xxxxx 10xxxxxx | +-----------------------+-------------------------------------+ | 0000 0800 - 0000 FFFF | 1110xxxx 10xxxxxx 10xxxxxx | +-----------------------+-------------------------------------+ | 0001 0000 - 0010 FFFF | 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx | +-----------------------+-------------------------------------+ Table 1 I-DUNNO uses that structure to convey addressing information as follows: 3.1. Forming I-DUNNO In order to form an I-DUNNO based on the Legacy Notation of an IP address, the following steps are performed: 1. The octets of the IP address are written as a bitstring in network byte order. 2. Working from left to right, the bitstring (32 bits for IPv4; 128 bits for IPv6) is used to generate a list of valid UTF-8 octet sequences. To allocate a single UTF-8 sequence: a. Choose whether to generate a UTF-8 sequence of 1, 2, 3, or 4 octets. The choice OUGHT TO be guided by the requirement to generate a satisfactory Minimum Confusion Level (Section 4.1) (not to be confused with the minimum Satisfactory Confusion Level (Section 4.2)). Refer to the character number range in Table 1 in order to identify which octet sequence lengths are valid for a given bitstring. For example, a 2-octet UTF-8 sequence requires the next 11 bits to have a value in the range 0080-07ff. b. Allocate bits from the bitstring to fill the vacant positions 'x' in the UTF-8 sequence (see Table 1) from left to right. c. UTF-8 sequences of 1, 2, 3, and 4 octets require 7, 11, 16, and 21 bits, respectively, from the bitstring. Since the number of combinations of UTF-8 sequences accommodating exactly 32 or 128 bits is limited, in sequences where the number of bits required does not exactly match the number of available bits, the final UTF-8 sequence MUST be padded with additional bits once the available address bits are exhausted. The sequence may therefore require up to 20 bits of padding. The content of the padding SHOULD be chosen to maximize the resulting Confusion Level. 3. Once the bits in the bitstring are exhausted, the conversion is complete. The I-DUNNO representation of the address consists of the Unicode code points described by the list of generated UTF-8 sequences, and it MAY now be presented to unsuspecting humans. 3.2. Deforming I-DUNNO This section is intentionally omitted. The machines will know how to do it, and by definition humans SHOULD NOT attempt the process. 4. I-DUNNO Confusion Level Requirements A sequence of characters is considered I-DUNNO only when there's enough potential to confuse humans. Unallocated code points MUST be avoided. While they might appear to have great confusion power at the moment, there's a minor chance that a future allocation to a useful, legible character will reduce this capacity significantly. Worse, in the (unlikely, but not impossible -- see Section 3.1.3 of [RFC5894]) event of a code point losing its DISALLOWED property per IDNA2008 [RFC5894], existing I-DUNNOs could be rendered less than minimally confusing, with disastrous consequences. The following Confusion Levels are defined: 4.1. Minimum Confusion Level As a minimum, a valid I-DUNNO MUST: * Contain at least one UTF-8 octet sequence with a length greater than one octet. * Contain at least one character that is DISALLOWED in IDNA2008. No code point left behind! Note that this allows machines to distinguish I-DUNNO from Internationalized Domain Name labels. I-DUNNOs on this level will at least puzzle most human users with knowledge of the Legacy Notation. 4.2. Satisfactory Confusion Level An I-DUNNO with Satisfactory Confusion Level MUST adhere to the Minimum Confusion Level, and additionally contain two of the following: * At least one non-printable character. * Characters from at least two different Scripts. * A character from the "Symbol" category. The Satisfactory Confusion Level will make many human-machine interfaces beep, blink, silently fail, or any combination thereof. This is considered sufficient to discourage most humans from deforming I-DUNNO. 4.3. Delightful Confusion Level An I-DUNNO with Delightful Confusion Level MUST adhere to the Satisfactory Confusion Level, and additionally contain at least two of the following: * Characters from scripts with different directionalities. * Character classified as "Confusables". * One or more emoji. An I-DUNNO conforming to this level will cause almost all humans to U+1F926, with the exception of those subscribed to the idna-update mailing list. (We have also considered a further, higher Confusion Level, tentatively entitled "BReak EXaminatIon or Twiddling" or "BREXIT" Level Confusion, but currently we have no idea how to go about actually implementing it.) 5. Example An I-DUNNO based on the Legacy Notation IPv4 address "198.51.100.164" is formed and validated as follows: First, the Legacy Notation is written as a string of 32 bits in network byte order: 11000110001100110110010010100100 Since I-DUNNO requires at least one UTF-8 octet sequence with a length greater than one octet, we allocate bits in the following form: seq1 | seq2 | seq3 | seq4 --------+---------+---------+------------ 1100011 | 0001100 | 1101100 | 10010100100 This translates into the following code points: +-------------+-------------------------------------------+ | Bit Seq. | Character Number (Character Name) | +=============+===========================================+ | 1100011 | U+0063 (LATIN SMALL LETTER C) | +-------------+-------------------------------------------+ | 0001100 | U+000C (FORM FEED (FF)) | +-------------+-------------------------------------------+ | 1101100 | U+006C (LATIN SMALL LETTER L) | +-------------+-------------------------------------------+ | 10010100100 | U+04A4 (CYRILLIC CAPITAL LIGATURE EN GHE) | +-------------+-------------------------------------------+ Table 2 The resulting string MUST be evaluated against the Confusion Level Requirements before I-DUNNO can be declared. Given the example above: * There is at least one UTF-8 octet sequence with a length greater than 1 (U+04A4) . * There are two IDNA2008 DISALLOWED characters: U+000C (for good reason!) and U+04A4. * There is one non-printable character (U+000C). * There are characters from two different Scripts (Latin and Cyrillic). Therefore, the example above constitutes valid I-DUNNO with a Satisfactory Confusion Level. U+000C in particular has great potential in environments where I-DUNNOs would be sent to printers. 6. IANA Considerations If this work is standardized, IANA is kindly requested to revoke all IPv4 and IPv6 address range allocations that do not allow for at least one I-DUNNO of Delightful Confusion Level. IPv4 prefixes are more likely to be affected, hence this can easily be marketed as an effort to foster IPv6 deployment. Furthermore, IANA is urged to expand the Internet TLA Registry [RFC5513] to accommodate Seven-Letter Acronyms (SLA) for obvious reasons, and register 'I-DUNNO'. For that purpose, U+002D ("-", HYPHEN-MINUS) SHALL be declared a Letter. 7. Security Considerations I-DUNNO is not a security algorithm. Quite the contrary -- many humans are known to develop a strong feeling of insecurity when confronted with I-DUNNO. In the tradition of many other RFCs, the evaluation of other security aspects of I-DUNNO is left as an exercise for the reader. 8. References 8.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>. [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November 2003, <https://www.rfc-editor.org/info/rfc3629>. [RFC5894] Klensin, J., "Internationalized Domain Names for Applications (IDNA): Background, Explanation, and Rationale", RFC 5894, DOI 10.17487/RFC5894, August 2010, <https://www.rfc-editor.org/info/rfc5894>. [RFC6919] Barnes, R., Kent, S., and E. Rescorla, "Further Key Words for Use in RFCs to Indicate Requirement Levels", RFC 6919, DOI 10.17487/RFC6919, April 2013, <https://www.rfc-editor.org/info/rfc6919>. [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <https://www.rfc-editor.org/info/rfc8174>. 8.2. Informative References [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, DOI 10.17487/RFC0791, September 1981, <https://www.rfc-editor.org/info/rfc791>. [RFC1034] Mockapetris, P., "Domain names - concepts and facilities", STD 13, RFC 1034, DOI 10.17487/RFC1034, November 1987, <https://www.rfc-editor.org/info/rfc1034>. [RFC1123] Braden, R., Ed., "Requirements for Internet Hosts - Application and Support", STD 3, RFC 1123, DOI 10.17487/RFC1123, October 1989, <https://www.rfc-editor.org/info/rfc1123>. [RFC1883] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 1883, DOI 10.17487/RFC1883, December 1995, <https://www.rfc-editor.org/info/rfc1883>. [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 4291, DOI 10.17487/RFC4291, February 2006, <https://www.rfc-editor.org/info/rfc4291>. [RFC5513] Farrel, A., "IANA Considerations for Three Letter Acronyms", RFC 5513, DOI 10.17487/RFC5513, April 2009, <https://www.rfc-editor.org/info/rfc5513>. [RFC5952] Kawamura, S. and M. Kawashima, "A Recommendation for IPv6 Address Text Representation", RFC 5952, DOI 10.17487/RFC5952, August 2010, <https://www.rfc-editor.org/info/rfc5952>. [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", STD 86, RFC 8200, DOI 10.17487/RFC8200, July 2017, <https://www.rfc-editor.org/info/rfc8200>. [RFC8369] Kaplan, H., "Internationalizing IPv6 Using 128-Bit Unicode", RFC 8369, DOI 10.17487/RFC8369, April 2018, <https://www.rfc-editor.org/info/rfc8369>. [UNICODE] The Unicode Consortium, "The Unicode Standard (Current Version)", 2019, <http://www.unicode.org/versions/latest/>. Authors' Addresses Alexander Mayrhofer nic.at GmbH Email: alexander.mayrhofer@nic.at URI: https://i-dunno.at/ Jim Hague Sinodun Email: jim@sinodun.com URI: https://www.sinodun.com/