-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 SASLprep should be mandatory.
SASLprep is already mandatory for TURN (through RFC 5389), so it is not a big deal for an implementer to use it also for the enrollment server. On 11/14/2012 11:35 AM, Dean Willis wrote: > Cullen, Ekr and I discussed this today, and Cullen solicited input from > Peter Saint-Andre > > > Peter says: > > As to the charset issue, it seems safest to specify that the charset must > be UTF-8 (we don't want to end up with something like charset=windows-1250 > as in Section 4.5 of RFC 2388). > > As to preparation of usernames and passwords, it seems safest right now to > say that these strings shall be prepared in accordance with SASLprep (RFC > 4013) prior to comparison -- see RFC 4616 for text you could borrow. > > [Eventually, perhaps even relatively soon in "RELOAD years", RFC 4013 will > be obsoleted by draft-melnikov-precis-saslprepbis; however, you might > prefer not to gate RELOAD on output from the PRECIS WG.] > > > > On Nov 9, 2012, at 10:30 AM, Dean Willis wrote: > >> >> AD comment: >> >> Section 11.3: What character set is allowed for passwords? What if >> something is URL escaped - what's going to match? I'm sure you can copy >> from somewhere else, not quite sure what's best though. >> >> >> Since we're doing passwords in a POST form, I don't know that URL >> escaping is an issue. Do we have other stringprep issues? Is there >> something we can crib from elsewhere for this spec? >> - -- Marc Petit-Huguenin Email: [email protected] Blog: http://blog.marc.petit-huguenin.org Profile: http://www.linkedin.com/in/petithug -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJQv2EJAAoJECnERZXWan7Ex20QAMfEtVjEuLa/5/78bMZVNfCt W70aXrEji++RTlit97gRf088IGU0nT4BLRKOPrbFt5ID02dQ6cF9E2XiNXTWq5Iv zK9nGBWeik/wXF/5ifUgusOQdT12ifzoE5ydsZFmxzpvcqojfdG4px2c873K+x1f bKyNITAhv37L+ozFd78tBuk8s6cHa41PDaOE6h/AM0gDLks+V1NTxzfzcx6C7XSM SDL4VctSmQUQQsnskjzVhEB+Sti7uomh14UEcNSa72aVe4GIEAkUOSJqUkSamQJG VRgxNOKOXfPZ80QUZyVOCKLCDHm6JZb3QIrHZWavDBunAiu6luUvVaCj9xd4RLOp rIgDha+eLfz/MpktWf7Tbju5TJDvmQZe+FZg+5iIMQikkigCqCYNVbrxy/7OfBCs yPmV9BhN3KNKLmuBpaYJTG9QRUzxzLu62riaFPfnfCrcFli5FBeJwiK+mPRYZ/ET cNbTdBojsmX3Pe97lcnpglpTP6z53XRVMH7GRnjlPMmJQTeSnbEGJzfZW3MQFe54 Ls/hjanTkqcZRQm6+NxB0mTxVydQma8Np1s0u3EOsG/YC3WhSDVQ+ov0DFdFkuLm /pv58kWawB3s45EEj7DWJzWS/sV7RUEKMpeqM1rxyex7noF0CK/R7gzjTaTMH93X 98Mg8s2O972VWgU1OQCY =nOOr -----END PGP SIGNATURE----- _______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
