draft-ietf-6man-uri-zoneid-02.txt   draft-ietf-6man-uri-zoneid-03.txt 
6MAN B. Carpenter 6MAN B. Carpenter
Internet-Draft Univ. of Auckland Internet-Draft Univ. of Auckland
Updates: 3986, 4007 (if approved) R. Hinden Updates: 3986 (if approved) R. Hinden
Intended status: Standards Track Check Point Intended status: Standards Track Check Point
Expires: January 12, 2013 July 11, 2012 Expires: March 14, 2013 September 10, 2012
Representing IPv6 Zone Identifiers in Address Literals and Uniform Representing IPv6 Zone Identifiers in Address Literals and Uniform
Resource Identifiers Resource Identifiers
draft-ietf-6man-uri-zoneid-02 draft-ietf-6man-uri-zoneid-03
Abstract Abstract
This document describes how the Zone Identifier of an IPv6 scoped This document describes how the Zone Identifier of an IPv6 scoped
address can be represented in a a literal IPv6 address and in a address can be represented in a literal IPv6 address and in a Uniform
Uniform Resource Identifier that includes such a literal address. It Resource Identifier that includes such a literal address. It updates
updates RFC 3986 and RFC 4007 accordingly. RFC 3986 accordingly.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 12, 2013. This Internet-Draft will expire on March 14, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 11 skipping to change at page 2, line 11
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Specification . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Specification . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Web Browsers . . . . . . . . . . . . . . . . . . . . . . . . . 5 3. Web Browsers . . . . . . . . . . . . . . . . . . . . . . . . . 5
4. Security Considerations . . . . . . . . . . . . . . . . . . . . 6 4. Security Considerations . . . . . . . . . . . . . . . . . . . . 5
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 6 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 6
7. Change log [RFC Editor: Please remove] . . . . . . . . . . . . 7 7. Change log [RFC Editor: Please remove] . . . . . . . . . . . . 6
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7
8.1. Normative References . . . . . . . . . . . . . . . . . . . 7 8.1. Normative References . . . . . . . . . . . . . . . . . . . 7
8.2. Informative References . . . . . . . . . . . . . . . . . . 8 8.2. Informative References . . . . . . . . . . . . . . . . . . 7
Appendix A. Alternatives Considered . . . . . . . . . . . . . . . 8 Appendix A. Alternatives Considered . . . . . . . . . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 9 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 9
1. Introduction 1. Introduction
[RFC3986] defined how a literal IPv6 address can be represented in [RFC3986] defined how a literal IPv6 address can be represented in
the "host" part of a Uniform Resource Identifier (URI). the "host" part of a Uniform Resource Identifier (URI).
Subsequently, [RFC4007] extended the text representation of limited- Subsequently, [RFC4007] extended the text representation of limited-
scope IPv6 addresses such that a zone identifier may be concatenated scope IPv6 addresses such that a zone identifier may be concatenated
to a literal address, for purposes described in that RFC. Zone to a literal address, for purposes described in that RFC. Zone
skipping to change at page 3, line 37 skipping to change at page 3, line 37
Some versions of some browsers accept the RFC 4007 syntax for scoped Some versions of some browsers accept the RFC 4007 syntax for scoped
IPv6 addresses embedded in URIs, i.e., they have been coded to IPv6 addresses embedded in URIs, i.e., they have been coded to
interpret the "%" sign according to RFC 4007 instead of RFC 3986. interpret the "%" sign according to RFC 4007 instead of RFC 3986.
Clearly this approach is very convenient for users, although it Clearly this approach is very convenient for users, although it
formally breaches the syntax rules of RFC 3986. The present document formally breaches the syntax rules of RFC 3986. The present document
defines an alternative approach that respects and extends the rules defines an alternative approach that respects and extends the rules
of URI syntax, and IPv6 literals in general, to be consistent. of URI syntax, and IPv6 literals in general, to be consistent.
Thus, this document updates [RFC3986] by adding syntax to allow a Thus, this document updates [RFC3986] by adding syntax to allow a
zone identifier to be included in a literal IPv6 address within a zone identifier to be included in a literal IPv6 address within a
URI. It also updates [RFC4007], in particular by adding a second URI.
allowed delimiter for zone identifiers.
It should be noted that in other contexts than a user interface, a It should be noted that in other contexts than a user interface, a
zone identifier is mapped into a numeric zone index or interface zone identifier is mapped into a numeric zone index or interface
number. The MIB textual convention [RFC4001] and the socket number. The MIB textual convention [RFC4001] and the socket
interface [RFC3493] define this as a 32 bit unsigned integer. The interface [RFC3493] define this as a 32 bit unsigned integer. The
mapping between the human-readable zone identifier string and the mapping between the human-readable zone identifier string and the
numeric value is a host-specific function that varies between numeric value is a host-specific function that varies between
operating systems. The present document is concerned only with the operating systems. The present document is concerned only with the
human-readable string. human-readable string.
skipping to change at page 4, line 28 skipping to change at page 4, line 26
happened to choose. happened to choose.
In a URI, a literal IPv6 address is always embedded between "[" and In a URI, a literal IPv6 address is always embedded between "[" and
"]". This document specifies how a <zone_id> can be appended to the "]". This document specifies how a <zone_id> can be appended to the
address. A <zone_id> SHOULD contain only ASCII characters classified address. A <zone_id> SHOULD contain only ASCII characters classified
in RFC 3986 as "unreserved", which conveniently excludes "]" in order in RFC 3986 as "unreserved", which conveniently excludes "]" in order
to simplify parsing. to simplify parsing.
Unfortunately "%" is always treated as an escape character in a URI, Unfortunately "%" is always treated as an escape character in a URI,
and according to RFC 3986 it MUST therefore itself be escaped in a and according to RFC 3986 it MUST therefore itself be escaped in a
URI, in the form "%25". For this reason, "-" (hyphen) is used URI, in the form "%25". Thus, the scoped address fe80::a%en1 would
instead as the separator when a <zone_id> is included in a URI. appear in a URI as http://[fe80::a%25en1].
Thus, the scoped address fe80::a%en1 would appear in a URI as
http://[fe80::a-en1].
If an operating system uses any other characters in zone or interface If an operating system uses any other characters in zone or interface
identifiers that are not in the "unreserved" character set, they MUST identifiers that are not in the "unreserved" character set, they MUST
be escaped with a "%" sign according to RFC 3986. be escaped with a "%" sign according to RFC 3986.
We now present the necessary formal syntax. We now present the necessary formal syntax.
In RFC 3986, the IPv6 literal format is formally defined in ABNF In RFC 3986, the IPv6 literal format is formally defined in ABNF
[RFC5234] by the following rule: [RFC5234] by the following rule:
skipping to change at page 5, line 9 skipping to change at page 4, line 50
To provide support for a zone identifier, the existing syntax of To provide support for a zone identifier, the existing syntax of
IPv6address is retained, and a zone identifier may be added IPv6address is retained, and a zone identifier may be added
optionally to any literal address. This allows flexibility for optionally to any literal address. This allows flexibility for
unknown future uses. The rule quoted above from RFC 3986 is replaced unknown future uses. The rule quoted above from RFC 3986 is replaced
by three rules: by three rules:
IP-literal = "[" ( IPv6addrz / IPvFuture ) "]" IP-literal = "[" ( IPv6addrz / IPvFuture ) "]"
ZoneID = 1*( unreserved / pct-encoded ) ZoneID = 1*( unreserved / pct-encoded )
IPv6addrz = IPv6address [ "-" ZoneID ] IPv6addrz = IPv6address [ "%" ZoneID ]
Section 11 of RFC 4007 is updated to allow "-" as well as "%" as the
preceding delimiter of a ZoneID.
The rules in [RFC5952] SHOULD be applied in producing URIs. The rules in [RFC5952] SHOULD be applied in producing URIs.
RFC 3986 states that URIs have a global scope, but that in some cases RFC 3986 states that URIs have a global scope, but that in some cases
their interpretation depends on the end-user's context. URIs their interpretation depends on the end-user's context. URIs
including a ZoneID are to be interpreted only in the context of the including a ZoneID are to be interpreted only in the context of the
host where they originate, since the ZoneID is of local signifance host where they originate, since the ZoneID is of local signifance
only. only.
The 6man WG discussed and rejected an alternative in which the The 6man WG discussed and rejected an alternative in which the
skipping to change at page 5, line 45 skipping to change at page 5, line 36
Due to the lack of a standard in this area, web browsers have been Due to the lack of a standard in this area, web browsers have been
inconsistent in providing for ZoneIDs. Many have no support, but inconsistent in providing for ZoneIDs. Many have no support, but
there are examples of ad hoc support. For example, older versions of there are examples of ad hoc support. For example, older versions of
Firefox allowed the use of a ZoneID preceded by an unescaped "%" Firefox allowed the use of a ZoneID preceded by an unescaped "%"
character, but this was removed for consistency with RFC 3986. As character, but this was removed for consistency with RFC 3986. As
another example, recent versions of Internet Explorer allow use of a another example, recent versions of Internet Explorer allow use of a
ZoneID preceded by a "%" character escaped as "%25", still beyond the ZoneID preceded by a "%" character escaped as "%25", still beyond the
syntax allowed by RFC 3986. This syntax extension is in fact used syntax allowed by RFC 3986. This syntax extension is in fact used
internally in the Windows operating system and some of its APIs. internally in the Windows operating system and some of its APIs.
In recent years, web browsers have evolved considerably and now This document implies that all browsers should recognise a ZoneID
accept and parse many forms of input that are not a formal URI. preceded by an escaped "%". In the spirit of "be liberal with what
Examples of this include host names, search items, bookmarks, search you accept", we also recommend that URI parsers accept bare "%" signs
history, etc. For example the Google Chrome browser now calls the (i.e., a "%" not followed by two valid hexadecimal characters). This
"address bar" the "omnibox" [chrome]. The authors believe it is makes it easy for a user to copy and paste a string such as
feasible, and very convenient for users, if browsers also allow (in "fe80::a%en1" from the output of a "ping" command and have it work.
addition to the formal URI syntax defined in this document) a syntax
that will enable cut and paste. For example:
http://[fe80::a%en1]
It seems that modern browsers can be adapted to parse this because it
is inside of the "[" "]"'s. This would permit the output of commands
like ping6 -w ff02::1%en1 to be "cut and pasted" into a browser
address bar. Consequently this document recommends that browsers
support this syntax in addition to the formal URI syntax defined
above.
4. Security Considerations 4. Security Considerations
The security considerations of [RFC3986] and [RFC4007] apply. In The security considerations of [RFC3986] and [RFC4007] apply. In
particular, this URI format creates a specific pathway by which a particular, this URI format creates a specific pathway by which a
deceitful zone index might be communicated, as mentioned in the final deceitful zone index might be communicated, as mentioned in the final
security consideration of RFC 4007. It is emphasised that the format security consideration of RFC 4007. It is emphasised that the format
is intended only for debugging purposes, but of course this intention is intended only for debugging purposes, but of course this intention
does not prevent misuse. does not prevent misuse.
To limit this risk, implementations SHOULD NOT allow use of this To limit this risk, implementations SHOULD NOT allow use of this
format except for well-defined usages such as sending to link local format except for well-defined usages such as sending to link local
addresses under prefix fe80::/10. addresses under prefix fe80::/10.
An HTTP server or proxy MUST ignore any ZoneID attached to an An HTTP server or proxy MUST ignore any ZoneID attached to an
incoming URI, as it only has local significance at the sending host. incoming URI, as it only has local significance at the sending host.
The addition of a choice between "%" and "-" as the delimiter
preceding a ZoneID slightly complicates the string comparison issue
discussed in [I-D.iab-identifier-comparison].
5. IANA Considerations 5. IANA Considerations
This document requests no action by IANA. This document requests no action by IANA.
6. Acknowledgements 6. Acknowledgements
The lack of this format was first pointed out by Margaret Wasserman The lack of this format was first pointed out by Margaret Wasserman
some years ago, and more recently by Kerry Lynn. A previous draft some years ago, and more recently by Kerry Lynn. A previous draft
document by Martin Duerst and Bill Fenner [I-D.fenner-literal-zone] document by Martin Duerst and Bill Fenner [I-D.fenner-literal-zone]
discussed this topic but was not finalised. discussed this topic but was not finalised.
Valuable comments and contributions were made by Karl Auer, Carsten Valuable comments and contributions were made by Karl Auer, Carsten
Bormann, Brian Haberman, Tatuya Jinmei, Tom Petch, Tomoyuki Sahara, Bormann, Brian Haberman, Tatuya Jinmei, Tom Petch, Tomoyuki Sahara,
Juergen Schoenwaelder, Dave Thaler, and Ole Troan. Juergen Schoenwaelder, Dave Thaler, and Ole Troan.
Stuart Cheshire suggested the current approach taken by this
document.
Brian Carpenter was a visitor at the Computer Laboratory, Cambridge Brian Carpenter was a visitor at the Computer Laboratory, Cambridge
University during part of this work. University during part of this work.
This document was produced using the xml2rfc tool [RFC2629]. This document was produced using the xml2rfc tool [RFC2629].
7. Change log [RFC Editor: Please remove] 7. Change log [RFC Editor: Please remove]
draft-ietf-6man-uri-zoneid-03: reverted to percent-encoded model
following WGLC, 2012-09-10.
draft-ietf-6man-uri-zoneid-02: additional WG comments, 2012-07-11. draft-ietf-6man-uri-zoneid-02: additional WG comments, 2012-07-11.
draft-ietf-6man-uri-zoneid-01: use "-" instead of %25, listed draft-ietf-6man-uri-zoneid-01: use "-" instead of %25, listed
alternatives in Appendix, according to WG debate, added suggestion alternatives in Appendix, according to WG debate, added suggestion
for browser developers, 2012-05-29. for browser developers, 2012-05-29.
draft-ietf-6man-uri-zoneid-00: adopted by WG, fixed syntax to allow draft-ietf-6man-uri-zoneid-00: adopted by WG, fixed syntax to allow
for % encoded characters, 2012-02-17. for % encoded characters, 2012-02-17.
draft-carpenter-6man-uri-zoneid-01: chose Option 2, removed 15 draft-carpenter-6man-uri-zoneid-01: chose Option 2, removed 15
skipping to change at page 8, line 15 skipping to change at page 7, line 40
8.2. Informative References 8.2. Informative References
[I-D.fenner-literal-zone] [I-D.fenner-literal-zone]
Fenner, B. and M. Duerst, "Formats for IPv6 Scope Zone Fenner, B. and M. Duerst, "Formats for IPv6 Scope Zone
Identifiers in Literal Address Formats", Identifiers in Literal Address Formats",
draft-fenner-literal-zone-02 (work in progress), draft-fenner-literal-zone-02 (work in progress),
October 2005. October 2005.
[I-D.iab-identifier-comparison] [I-D.iab-identifier-comparison]
Thaler, D., "Issues in Identifier Comparison for Security Thaler, D., "Issues in Identifier Comparison for Security
Purposes", draft-iab-identifier-comparison-02 (work in Purposes", draft-iab-identifier-comparison-03 (work in
progress), May 2012. progress), July 2012.
[RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, [RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629,
June 1999. June 1999.
[RFC3493] Gilligan, R., Thomson, S., Bound, J., McCann, J., and W. [RFC3493] Gilligan, R., Thomson, S., Bound, J., McCann, J., and W.
Stevens, "Basic Socket Interface Extensions for IPv6", Stevens, "Basic Socket Interface Extensions for IPv6",
RFC 3493, February 2003. RFC 3493, February 2003.
[RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J.
Schoenwaelder, "Textual Conventions for Internet Network Schoenwaelder, "Textual Conventions for Internet Network
Addresses", RFC 4001, February 2005. Addresses", RFC 4001, February 2005.
[chrome] Google, "Use the address bar (omnibox)", 2012, <http:// [chrome] Google, "Use the address bar (omnibox)", 2012, <http://
support.google.com/chrome/bin/answer.py?answer=95440>. support.google.com/chrome/bin/answer.py?answer=95440>.
Appendix A. Alternatives Considered Appendix A. Alternatives Considered
1. Leave the problem unsolved. 1. Leave the problem unsolved.
skipping to change at page 9, line 10 skipping to change at page 8, line 37
Advantage: allows use of browser, allows cut and paste. Advantage: allows use of browser, allows cut and paste.
Disadvantage: invalid syntax under RFC 3986; not acceptable to Disadvantage: invalid syntax under RFC 3986; not acceptable to
URI community. URI community.
3. Escaping the escape character as allowed by RFC 3986: 3. Escaping the escape character as allowed by RFC 3986:
http://[fe80::a%25en1] http://[fe80::a%25en1]
Advantage: allows use of browser. Advantage: allows use of browser, consistent with general URI
syntax.
Disadvantage: ugly and confusing, doesn't allow simple cut and Disadvantage: somewhat ugly and confusing, doesn't allow simple
paste. cut and paste.
4. Alternative separator 4. Alternative separator
http://[fe80::a-en1] http://[fe80::a-en1]
Advantage: allows use of browser, simple syntax Advantage: allows use of browser, simple syntax
Disadvantage: Requires all IPv6 address literal parsers and Disadvantage: Requires all IPv6 address literal parsers and
generators to be updated in order to allow simple cut and paste. generators to be updated in order to allow simple cut and paste;
inconsistent with existing tools and practice.
Note: the initial proposal for this choice was to use an Note: the initial proposal for this choice was to use an
underscore as the separator, but it was noted that this becomes underscore as the separator, but it was noted that this becomes
effectively invisible when a user interface automatically effectively invisible when a user interface automatically
underlines URLs. underlines URLs.
5. With the "IPvFuture" syntax left open in RFC 3986: 5. With the "IPvFuture" syntax left open in RFC 3986:
http://[v6.fe80::a_en1] http://[v6.fe80::a_en1]
 End of changes. 20 change blocks. 
47 lines changed or deleted 35 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/