"Joseph Salowey (jsalowey)" <[email protected]> writes: > I'd like to see if we can close on this issue soon. The main use case > we are targeting is one where the password is sent to the server. We do > not know how the server will do the comparison. Given that this is a > requirement document I don't think we need to have the full solution > described. Can you two work out some proposed text to go in the > requirements document on this issue with usernames and passwords?
I think the text proposed is mostly fine. I would say "normalization and/or comparison" instead of just "normalization" to allow for mechanisms that just specify comparison-based rules rather than normalization-based rules. So: OLD: The password authentication exchange MUST support user names and passwords in international languages. It MUST support encoding of user name and password strings in UTF-8 [RFC3629] format. The method MUST specify how username and password normalization is performed in reference to SASLPrep [RFC4013] or Net-UTF-8 [RFC5198]. NEW: The password authentication exchange MUST support user names and passwords in international languages. It MUST support encoding of user name and password strings in UTF-8 [RFC3629] format. The method MUST specify how username and password normalizations and/or comparisons is performed in reference to SASLPrep [RFC4013] or Net-UTF-8 [RFC5198]. /Simon _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
