[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Future of SASLprep

To: ietf-sasl@xxxxxxx
Subject: Future of SASLprep
From: Simon Josefsson <simon@xxxxxxxxxxxxx>
Date: Tue, 12 Aug 2008 12:16:28 +0200
In-reply-to: <g7qd9g$lvi$1@xxxxxxxxxxxxx> (Frank Ellermann's message of "Tue, 12 Aug 2008 00:09:45 +0200")
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
References: <ldvlki6dqqu.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxx> <45F84F97.3B0D@xxxxxxxxxxxxxxxxx> <C51775F9-C7C7-435B-9D17-DDA0761DCBAB@xxxxxxxxx> <g7qd9g$lvi$1@xxxxxxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/22.2 (gnu/linux)

"Frank Ellermann" <nobody@xxxxxxxxxxxxxxxxx> writes:

> I'm fine with using SASLprep "everywhere" (incl. CRAM-MD5)
> in SASL, or maybe switch to RFC 5198 "everywhere" when it
> turns out that SASLprep is not implemented.

Given how poor SASLprep works in practice (*), I think this could be
discussed (but separately from CRAM-MD5).

The IDNAbis effort seems now well under way, and it seems clear we
cannot re-use much of their work since they abandon the StringPrep
approach.  Passwords have quite different properties than domain names:
it is normal and encouraged for passwords to contain characters from
different scripts.  For example, some of the steps made by current
SASLprep reduces entropy (e.g., translates ª to a), which seems like a
property we failed to discuss at the time.  We cannot re-use much of the
output from the IDNAbis design discussions either, because they are
based on different assumptions.

The discussions about Unicode versioning in RFC 5198 is better than in
SASLprep.  Some elements of SASLprep, such as prohibiting certain
non-printable characters is useful.

Possibly SASLprep2 could be a profile of RFC 5198: applying certain
algorithmic tests to restrict some characters on top of the RFC 5198
output.

/Simon

(*) Primarily because of the restriction to Unicode 3.2, but partly
because it hasn't been widely implemented.

Follow-Ups:
- Re: Future of SASLprep
  - From: Kurt Zeilenga
- Re: Future of SASLprep
  - From: Frank Ellermann

References:
- WG Last Call: draft-ietf-sasl-crammd5-08.txt
  - From: Tom Yu
- Interoperability (was: WG Last Call: draft-ietf-sasl-crammd5-08.txt)
  - From: Frank Ellermann
- Re: Interoperability (was: WG Last Call: draft-ietf-sasl-crammd5-08.txt)
  - From: Kurt Zeilenga
- Re: Interoperability
  - From: Frank Ellermann

Prev by Date: Re: Security
Next by Date: Re: ABNF for the three cases of GS2
Previous by thread: Re: Interoperability
Next by thread: Re: Future of SASLprep
Index(es):
- Date
- Thread