Cullen, Ekr and I discussed this today, and Cullen solicited input from Peter Saint-Andre
Peter says: As to the charset issue, it seems safest to specify that the charset must be UTF-8 (we don't want to end up with something like charset=windows-1250 as in Section 4.5 of RFC 2388). As to preparation of usernames and passwords, it seems safest right now to say that these strings shall be prepared in accordance with SASLprep (RFC 4013) prior to comparison -- see RFC 4616 for text you could borrow. [Eventually, perhaps even relatively soon in "RELOAD years", RFC 4013 will be obsoleted by draft-melnikov-precis-saslprepbis; however, you might prefer not to gate RELOAD on output from the PRECIS WG.] On Nov 9, 2012, at 10:30 AM, Dean Willis wrote: > > AD comment: > > Section 11.3: What character set is allowed for passwords? What if something > is URL escaped - what's going to match? I'm sure you can copy from somewhere > else, not quite sure what's best though. > > > Since we're doing passwords in a POST form, I don't know that URL escaping is > an issue. Do we have other stringprep issues? Is there something we can crib > from elsewhere for this spec? > > -- > Dean > _______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
