On the SAAG list, Mike Parker expressed concerns about mandating that passwords MUST be Unicode, because some systems store passwords as octet strings...
http://www.ietf.org/mail-archive/web/saag/current/msg03479.html As I see it, the PRECIS WG is not mandating, and could not mandate, that any given application technology MUST support non-ASCII passwords. Instead, it's giving protocol designers a common tool for preparing and comparing passwords (and other strings) containing Unicode characters, if they choose to support such things. However, we might want to provide some text in the security considerations about the desirability (or not) of full-Unicode passwords. Peter -- Peter Saint-Andre https://stpeter.im/ _______________________________________________ precis mailing list [email protected] https://www.ietf.org/mailman/listinfo/precis
