identify: length limit for unicode fields

[lidel]

This PR formalizes normalization and length limit per string field ( agentVersion, protocolVersion and protocols array).

The goal is to reduce surprises and unify behavior across implementations.

• Kubo PR: fix(cmds): cleanup unicode identify strings ipfs/kubo#9465

[marten-seemann]

Can we make this UTF-8? I'd really like to not introduce any surprises here.

[lidel]

@marten-seemann a̹̖̪͔͖̝͘̕͞r̛̛̫̞̬̝͎̘̹͞ę̴͉͉̼̀͟ ̛͏̴͜͏͉̣͉̮͖̳̝͍̭̮̮͍͔͈̲͉͙̰ͅy̞̠̮̥̯̞̦͈̮̣̗̤͚͓̻͝ǫ̶̸̻̫͍̞͎̘͡u̦̮̭̬͔̝͇̠͟͡ ̦͇̘̤͔̝̥̜̘̙̭͙̱́͢s̸̛̠̝͓͚̬̦͇͘͜u͠͏̧̪͇̙͖̳̘̘͓͞͝ͅr̶̷̛̪̩̭̮̱͖̼̙̬̣͔̫͇̳̳̦͢ͅe̸̡̧̯̝͖̮̱͖̲̜̙̹͜͝ͅ ̧̰̟̻̳̗̱͕̰̜̠͇̘͔́͜͟y̡̢͉͙͎͎̹̖̲͇̰͟͢o̶̷͍̼̙̦̫̹̯̭͓̺̞͢ù͏̡̠̭̤̗͖͈͕͙̭͢ ̡̨̛͇͚̦̠̗͢͢w͏̦̗͍̫̀á̢͔͚̰̬͔͕̼̕ņ̴̛̲̜̮͈͙̰̀͘t̶̤̜̯͙̝̺̜̠̘̼͙̞͍̖̟͓̝̤͘͞ ͜͞͏͏͕̣͍̝͍̜͉̳̙̘̥͜t̛̪͔̯̱͓͝ǫ̸̨̢̤̘̰͉̬̤͓̙̼̖̞͖͟ ̷̨̢̳̣͈̪͙̦̻͉̗̹͓̤͖͕͘͢a̢̛͈̲͉͎̲͕͘l͠҉̧̛̞̥̟̜̠̯̰͙͎̬͜ͅl̸̵͍͓͓̼̬͙͍̰̭̟̖̪͍̀o͡͏̡̜̩̗̤͚̪̟̘̥̲̘̥͕̘͎̗̬͉͘͟w̡̡͖̼̟̣͙͕̥͈̮̜̩̟͈̫͘̕͠ ̘̻͕̬͓̗̠̕͞u̸̗͎̜̗͍̝͔̘͎̙̠̭̗͕t̴̤̺̫̮̩̀́͟͞ͅf̸͙̞̞̣̦͟8͏̞̥̮̙̙̲͉̰͖͉͚̤͇͠ ?

[marten-seemann]

Nice UTF-8 art! :)

I don't really see reason not to. Limiting ourselves to ASCII is so 1990s style.

[Winterhuman]

Perhaps this could be phrased as: "Implementations should discard non-ASCII characters and trim the string to 64 characters, but may choose to allow UTF-8 characters if potential for UTF-8 art/mimicry is acceptable"

I definitely wouldn't want UTF-8 support to be outright gone, using UTF-8 in protocol names (maybe containing CIDs with UTF-8 encodings) could have a lot of potential use-cases. For the agent and version strings though, that's perfectly understandable

[Winterhuman]

In fact, maybe better idea, what about:

"Implementations should trim the string to 64 characters. Implementations MAY allow UTF-8 characters in the string, however, these strings should be visible to users as both UTF-8 and ASCII punycode (per IETF RFC 3492) to protect against UTF-8 mimicry."

[marten-seemann]

I'd say let's fully embrace UTF-8. This is 2022, and we finally have a standard encoding that's universally supported.

Building on @Winterhuman's proposal:

"Strings are UTF-8 encode. Implementations MAY trim the string to 64 characters. When made visible to users, implementations MAY output both UTF-8 and ASCII punycode (per IETF RFC 3492) to protect against UTF-8 mimicry."

[lidel]

Agreed: we need to keep unicode to ensure this is not limited to latin alphabet.

• 👉 Changed this PR to effectively only introduce that limit of 128 unicode runes per identify value – we DO need a ceiling here for security reasons, but it does not have to be super low.

  • 💭 Take it or leave it – mainly wanted to write this down somewhere so it can be referenced inthe future. Maybe this PR could be replaced with a single sentence, but I feel if we dont spell out all the risks like control sequences, implementers will not thing about them when printing strings to temrinal.

• Leaving it up to implementations to decide if they want to further sanitize (e.g. Kubo will strip control characters to avoid display issues in terminals etc), but included "Recommended sanitization steps" as SHOULD (strong recommendation).

  • Proof of concept in fix(cmds): cleanup unicode identify strings ipfs/kubo#9465 only strips special control characters but allow Unicode up to 128 runes per value.

[MarcoPolo]

This could be a good reference: https://www.rfc-editor.org/rfc/rfc9839.html

[lidel]

@MarcoPolo thanks! pushed changes to reference and follow idea from that RFC: replacement with U+FFFD instead of silent removal.

[MarcoPolo]

I'd just call them Unicode code points rather than also call them runes.

[MarcoPolo]

besides that, this lgtm

[lidel]

done