rfc2279.txt

来自「RFC 的详细文档！」· 文本 代码 · 共 564 行 · 第 1/2 页


RFC 2279                         UTF-8                      January 1998


   The UCS-2 sequence representing the Han characters for the Japanese
   word "nihongo" (65E5, 672C, 8A9E) may be encoded as follows:

   E6 97 A5 E6 9C AC E8 AA 9E

5.  MIME registration

   This memo is meant to serve as the basis for registration of a MIME
   character set parameter (charset) [CHARSET-REG].  The proposed
   charset parameter value is "UTF-8".  This string labels media types
   containing text consisting of characters from the repertoire of
   ISO/IEC 10646 including all amendments at least up to amendment 5
   (Korean block), encoded to a sequence of octets using the encoding
   scheme outlined above.  UTF-8 is suitable for use in MIME content
   types under the "text" top-level type.

   It is noteworthy that the label "UTF-8" does not contain a version
   identification, referring generically to ISO/IEC 10646.  This is
   intentional, the rationale being as follows:

   A MIME charset label is designed to give just the information needed
   to interpret a sequence of bytes received on the wire into a sequence
   of characters, nothing more (see RFC 2045, section 2.2, in [MIME]).
   As long as a character set standard does not change incompatibly,
   version numbers serve no purpose, because one gains nothing by
   learning from the tag that newly assigned characters may be received
   that one doesn't know about.  The tag itself doesn't teach anything
   about the new characters, which are going to be received anyway.

   Hence, as long as the standards evolve compatibly, the apparent
   advantage of having labels that identify the versions is only that,
   apparent.  But there is a disadvantage to such version-dependent
   labels: when an older application receives data accompanied by a
   newer, unknown label, it may fail to recognize the label and be
   completely unable to deal with the data, whereas a generic, known
   label would have triggered mostly correct processing of the data,
   which may well not contain any new characters.

   Now the "Korean mess" (ISO/IEC 10646 amendment 5) is an incompatible
   change, in principle contradicting the appropriateness of a version
   independent MIME charset label as described above.  But the
   compatibility problem can only appear with data containing Korean
   Hangul characters encoded according to Unicode 1.1 (or equivalently
   ISO/IEC 10646 before amendment 5), and there is arguably no such data
   to worry about, this being the very reason the incompatible change
   was deemed acceptable.





Yergeau                     Standards Track                     [Page 6]

RFC 2279                         UTF-8                      January 1998


   In practice, then, a version-independent label is warranted, provided
   the label is understood to refer to all versions after Amendment 5,
   and provided no incompatible change actually occurs.  Should
   incompatible changes occur in a later version of ISO/IEC 10646, the
   MIME charset label defined here will stay aligned with the previous
   version until and unless the IETF specifically decides otherwise.

   It is also proposed to register the charset parameter value
   "UNICODE-1-1-UTF-8", for the exclusive purpose of labelling text data
   containing Hangul syllables encoded to UTF-8 without taking into
   account Amendment 5 of ISO/IEC 10646 (i.e. using the pre-amendment 5
   code point assignments).  Any other UTF-8 data SHOULD NOT use this
   label, in particular data not containing any Hangul syllables, and it
   is felt important to strongly recommend against creating any new
   Hangul-containing data without taking Amendment 5 of ISO/IEC 10646
   into account.

6.  Security Considerations

   Implementors of UTF-8 need to consider the security aspects of how
   they handle illegal UTF-8 sequences.  It is conceivable that in some
   circumstances an attacker would be able to exploit an incautious
   UTF-8 parser by sending it an octet sequence that is not permitted by
   the UTF-8 syntax.

   A particularly subtle form of this attack could be carried out
   against a parser which performs security-critical validity checks
   against the UTF-8 encoded form of its input, but interprets certain
   illegal octet sequences as characters.  For example, a parser might
   prohibit the NUL character when encoded as the single-octet sequence
   00, but allow the illegal two-octet sequence C0 80 and interpret it
   as a NUL character.  Another example might be a parser which
   prohibits the octet sequence 2F 2E 2E 2F ("/../"), yet permits the
   illegal octet sequence 2F C0 AE 2E 2F.

Acknowledgments

   The following have participated in the drafting and discussion of
   this memo:

   James E. Agenbroad    Andries Brouwer
   Martin J. D|rst       Ned Freed
   David Goldsmith       Edwin F. Hart
   Kent Karlsson         Markus Kuhn
   Michael Kung          Alain LaBonte
   John Gardiner Myers   Murray Sargent
   Keld Simonsen         Arnold Winkler




Yergeau                     Standards Track                     [Page 7]

RFC 2279                         UTF-8                      January 1998


Bibliography

   [CHARSET-REG]  Freed, N., and J. Postel, "IANA Charset Registration
                  Procedures", BCP 19, RFC 2278, January 1998.

   [FSS_UTF]      X/Open CAE Specification C501 ISBN 1-85912-082-2 28cm.
                  22p. pbk. 172g.  4/95, X/Open Company Ltd., "File
                  System Safe UCS Transformation Format (FSS_UTF)",
                  X/Open Preleminary Specification, Document Number
                  P316.  Also published in Unicode Technical Report #4.

   [ISO-10646]    ISO/IEC 10646-1:1993. International Standard --
                  Information technology -- Universal Multiple-Octet
                  Coded Character Set (UCS) -- Part 1: Architecture and
                  Basic Multilingual Plane.  Five amendments and a
                  technical corrigendum have been published up to now.
                  UTF-8 is described in Annex R, published as Amendment
                  2.  UTF-16 is described in Annex Q, published as
                  Amendment 1. 17 other amendments are currently at
                  various stages of standardization.

   [MIME]         Freed, N., and N. Borenstein, "Multipurpose Internet
                  Mail Extensions (MIME) Part One:  Format of Internet
                  Message Bodies", RFC 2045.  N. Freed, N. Borenstein,
                  "Multipurpose Internet Mail Extensions (MIME) Part
                  Two:  Media Types", RFC 2046.  K. Moore, "MIME
                  (Multipurpose Internet Mail Extensions) Part Three:
                  Message Header Extensions for Non-ASCII Text", RFC
                  2047.  N.  Freed, J. Klensin, J. Postel, "Multipurpose
                  Internet Mail Extensions (MIME) Part Four:
                  Registration Procedures", RFC 2048.  N. Freed, N.
                  Borenstein, " Multipurpose Internet Mail Extensions
                  (MIME) Part Five: Conformance Criteria and Examples",
                  RFC 2049.  All November 1996.

   [RFC2152]      Goldsmith, D., and M. Davis, "UTF-7: A Mail-safe
                  Transformation Format of Unicode", RFC 1642, Taligent
                  inc., May 1997. (Obsoletes RFC1642)

   [UNICODE]      The Unicode Consortium, "The Unicode Standard --
                  Version 2.0", Addison-Wesley, 1996.

   [US-ASCII]     Coded Character Set--7-bit American Standard Code for
                  Information Interchange, ANSI X3.4-1986.







Yergeau                     Standards Track                     [Page 8]

RFC 2279                         UTF-8                      January 1998


Author's Address

   Francois Yergeau
   Alis Technologies
   100, boul. Alexis-Nihon
   Suite 600
   Montreal  QC  H4M 2P2
   Canada

   Phone: +1 (514) 747-2547
   Fax:   +1 (514) 747-2561
   EMail: fyergeau@alis.com







































Yergeau                     Standards Track                     [Page 9]

RFC 2279                         UTF-8                      January 1998


Full Copyright Statement

   Copyright (C) The Internet Society (1998).  All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works.  However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
























Yergeau                     Standards Track                    [Page 10]