[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Future of SASLprep

To: ietf-sasl@xxxxxxx
Subject: Re: Future of SASLprep
From: "Frank Ellermann" <nobody@xxxxxxxxxxxxxxxxx>
Date: Tue, 12 Aug 2008 15:12:47 +0200
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Organization: <http://purl.net/xyzzy>
References: <ldvlki6dqqu.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxx><45F84F97.3B0D@xxxxxxxxxxxxxxxxx><C51775F9-C7C7-435B-9D17-DDA0761DCBAB@xxxxxxxxx><g7qd9g$lvi$1@xxxxxxxxxxxxx> <87tzdqa683.fsf_-_@xxxxxxxxxxxxxxxxxxx><g7rqp5$6n2$1@xxxxxxxxxxxxx> <877iam8mz3.fsf@xxxxxxxxxxxxxxxxxxx>
Reply-to: "Frank Ellermann" <hmdmhdfmhdjmzdtjmzdtzktdkztdjz@xxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx

Simon Josefsson wrote:

>> What further restrictions do you have in mind ?

> See RFC 4013 section 2.3 and RFC 3454 section 3.1.

Okay, RFC 5198 might be not radical enough with C0 controls.

If users insist on trying the icon of a fruit (private use)
in their passwords they need a warning that this might be 
difficult to produce on other platforms.  And if they then
still insist on it they have been warned.

Similar case:  One password I need for 'runas' (a kind of
'sudo' for NT) has the funny feature that I can't input it
on a command line.  OTOH it's perfectly non-ASCII.

Some sets in RFC 4013 2.3 are also eliminated in RFC 5198,
e.g., surrogates.  The BOM in RFC 3454 3.1 is a MUST NOT
in RFC 5198, anything else in RFC 3454 is not *obviously*
critical from my POV, e.g., SHY.

> However, some of them may make sense in order to avoid
> display or implementation issues (e.g., change-display
> properties and tagging characters).

Okay, RFC 5198 says the other side should be prepared to
handle the difference between SHOULD NFC and "MUST", this
handler might be confused by invalid tagging attempts...

...on the other hand this WG can't "fix Unicode" for its
purposes.  If we'd want that we could keep SASLprep as is,
maybe updating it to Unicode 5.1.

 Frank

References:
- WG Last Call: draft-ietf-sasl-crammd5-08.txt
  - From: Tom Yu
- Interoperability (was: WG Last Call: draft-ietf-sasl-crammd5-08.txt)
  - From: Frank Ellermann
- Re: Interoperability (was: WG Last Call: draft-ietf-sasl-crammd5-08.txt)
  - From: Kurt Zeilenga
- Re: Interoperability
  - From: Frank Ellermann
- Future of SASLprep
  - From: Simon Josefsson
- Re: Future of SASLprep
  - From: Frank Ellermann
- Re: Future of SASLprep
  - From: Simon Josefsson

Prev by Date: Re: Random data
Next by Date: tls-unique-using-prf considered harmful
Previous by thread: Re: Future of SASLprep
Next by thread: Security (was: WG Last Call: draft-ietf-sasl-crammd5-08.txt)
Index(es):
- Date
- Thread