Begin forwarded message: > From: Marc Blanchet <[email protected]> > Date: May 14, 2010 2:13:25 PM PDT > To: Kurt Zeilenga <[email protected]> > Cc: [email protected] > Subject: Re: [newprep] other customers of *prep > > Le 10-05-14 16:49, Kurt Zeilenga a écrit : >> Yaron, Glen, Hannes, Scott, >> >> On May 14, 2010, at 12:38 PM, Marc Blanchet wrote: >> >>> while reading draft-sheffer-emu-eap-eke-06.txt, I stumbled upon: >>> >>> section 5.1 >>> If the password is non-ASCII, it SHOULD be normalized by the sender >>> before the EAP-EKE message is constructed. The normalization method >>> is SASLprep, [RFC4013]. Note that the password is not null- >>> terminated. >> >> Kind of odd to apply SASLprep only when password is non-ASCII. Does this >> mean that ASCII control characters, which SASLprep prohibits, are allowed >> when the password is ASCII? I would hope not. >> >> SASLprep should really be applied here unconditionally to the password text. >> >> I also note that one also needs to specify which SASLprep inputs are to be >> treated as "query" strings and which are "stored" strings [RFC3454]. I >> suspect (I haven't actually read your draft) the former would be the >> appropriate choice here. >> > > Kurt, this draft is in last call, therefore I think you should send your > comments to iesg/ietf ml. > > Marc. > >> -- Kurt > > > -- > ========= > IPv6 book: Migrating to IPv6, Wiley. http://www.ipv6book.ca > Stun/Turn server for VoIP NAT-FW traversal: http://numb.viagenie.ca > DTN news service: http://reeves.viagenie.ca > NAT64-DNS64 Opensource: http://ecdysis.viagenie.ca >
_______________________________________________ Ietf mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf
