no one does it for TURN as far as I can tell and I am strongly against adding this.
On Dec 5, 2012, at 7:58 AM, Marc Petit-Huguenin <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > SASLprep should be mandatory. > > SASLprep is already mandatory for TURN (through RFC 5389), so it is not a big > deal for an implementer to use it also for the enrollment server. > > On 11/14/2012 11:35 AM, Dean Willis wrote: >> Cullen, Ekr and I discussed this today, and Cullen solicited input from >> Peter Saint-Andre >> >> >> Peter says: >> >> As to the charset issue, it seems safest to specify that the charset must >> be UTF-8 (we don't want to end up with something like charset=windows-1250 >> as in Section 4.5 of RFC 2388). >> >> As to preparation of usernames and passwords, it seems safest right now to >> say that these strings shall be prepared in accordance with SASLprep (RFC >> 4013) prior to comparison -- see RFC 4616 for text you could borrow. >> >> [Eventually, perhaps even relatively soon in "RELOAD years", RFC 4013 will >> be obsoleted by draft-melnikov-precis-saslprepbis; however, you might >> prefer not to gate RELOAD on output from the PRECIS WG.] >> >> >> >> On Nov 9, 2012, at 10:30 AM, Dean Willis wrote: >> >>> >>> AD comment: >>> >>> Section 11.3: What character set is allowed for passwords? What if >>> something is URL escaped - what's going to match? I'm sure you can copy >>> from somewhere else, not quite sure what's best though. >>> >>> >>> Since we're doing passwords in a POST form, I don't know that URL >>> escaping is an issue. Do we have other stringprep issues? Is there >>> something we can crib from elsewhere for this spec? >>> > > - -- > Marc Petit-Huguenin > Email: [email protected] > Blog: http://blog.marc.petit-huguenin.org > Profile: http://www.linkedin.com/in/petithug > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.12 (GNU/Linux) > > iQIcBAEBCAAGBQJQv2EJAAoJECnERZXWan7Ex20QAMfEtVjEuLa/5/78bMZVNfCt > W70aXrEji++RTlit97gRf088IGU0nT4BLRKOPrbFt5ID02dQ6cF9E2XiNXTWq5Iv > zK9nGBWeik/wXF/5ifUgusOQdT12ifzoE5ydsZFmxzpvcqojfdG4px2c873K+x1f > bKyNITAhv37L+ozFd78tBuk8s6cHa41PDaOE6h/AM0gDLks+V1NTxzfzcx6C7XSM > SDL4VctSmQUQQsnskjzVhEB+Sti7uomh14UEcNSa72aVe4GIEAkUOSJqUkSamQJG > VRgxNOKOXfPZ80QUZyVOCKLCDHm6JZb3QIrHZWavDBunAiu6luUvVaCj9xd4RLOp > rIgDha+eLfz/MpktWf7Tbju5TJDvmQZe+FZg+5iIMQikkigCqCYNVbrxy/7OfBCs > yPmV9BhN3KNKLmuBpaYJTG9QRUzxzLu62riaFPfnfCrcFli5FBeJwiK+mPRYZ/ET > cNbTdBojsmX3Pe97lcnpglpTP6z53XRVMH7GRnjlPMmJQTeSnbEGJzfZW3MQFe54 > Ls/hjanTkqcZRQm6+NxB0mTxVydQma8Np1s0u3EOsG/YC3WhSDVQ+ov0DFdFkuLm > /pv58kWawB3s45EEj7DWJzWS/sV7RUEKMpeqM1rxyex7noF0CK/R7gzjTaTMH93X > 98Mg8s2O972VWgU1OQCY > =nOOr > -----END PGP SIGNATURE----- _______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
