On 18 okt 2011, at 20:15, Peter Saint-Andre wrote: >>> However, we might want to provide some text in the security >>> considerations about the desirability (or not) of full-Unicode passwords. >> >> I'm slow, but what's the security consideration? There are >> interoperability considerations: if two applications want to >> co-operate in authentication, then they're going to need to use >> Unicode or make up their own protocol. > > Right, it's text about interoperability. Where exactly that belongs is > another matter. I'm happy to add a section about interoperability.
Please separate the question on what charset (including encoding) is used in the protocol with how comparisons (etc) is done. What is the responsibility on the "client" and "server", etc. Patrik _______________________________________________ precis mailing list [email protected] https://www.ietf.org/mailman/listinfo/precis
