[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: WG Last Call: draft-ietf-sasl-scram-02
On Mon Aug 10 21:01:13 2009, Peter Saint-Andre wrote:
Instead of requiring the application of SASLprep, I would prefer
Although initially, my thought was this wasn't needed, I wondered
about the consequences.
such as this:
Before sending the username to the server, the client MUST
ensure that the username is formatted such that the "SASLPrep"
profile [RFC4013] of the "stringprep" algorithm [RFC3454] can be
applied to it without failing.
It seems to me that, unless we assume that both client and server
will always have precisely the same concept of "SASLprep", then one
would assume the server would always have to apply SASLprep anyway.
SASLprep is, also bound to change - either gradual changes in Unicode
will cause problems sufficient to case a rewrite, or we'll change
SASLprep itself to be a property-based, instead of table-based,
mechanism, and the gradual changes will filter through to
I'm inclined, therefore, to suggest that not only is this text
reasonable, but the "MUST" can probably be reduced to a SHOULD.
Dave Cridland - mailto:dave@xxxxxxxxxxxx - xmpp:dwd@xxxxxxxxxxxxxxxxx
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade