-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 7/27/12 7:50 AM, Takahiro Nemoto wrote: > > On 2012/07/19, at 0:12, Peter Saint-Andre wrote: > >> On 7/18/12 4:24 AM, Takahiro Nemoto wrote: >>> >>> On 2012/07/17, at 6:19, Peter Saint-Andre wrote: >>> >>>> On 7/5/12 10:14 PM, Takahiro Nemoto wrote:
<snip/> >>>> As to special mappings like "Map to SPACE" and "Map to >>>> Nothing", it seems to me that in a post-stringprep system we >>>> can handle those by more carefully defining the string >>>> classes. >>> >>> Sorry, but I don't get it. What does a post-stringprep system >>> mean? >> >> A system that uses PRECIS. >> >> Because PRECIS uses an inclusion model (only characters / code >> points / codepoint classes that are explicitly allowed can be >> included in a conformant string), I don't see any reason to have >> these "mapped to space" or "mapped to nothing" rules in >> PRECIS-based systems. For example, just allow space (U+0020) but >> not other space characters. > > "mapped to nothing" may generate zero-length strings and it may > cause vulnerabilities for applications. That is a very good point! > Therefore, I think I just want to give application developers a > heads-up about this in the protocol or the security > sonsiderations. But, I don't necessarily want to define > application-level restrictions in the protocol. I think that is a reasonable approach. So we need to write a sentence or two of advice to designers of application protocols that use PRECIS. > So I would like to hear more member's comments about this. We don't have members, we have participants. :) Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlAYchAACgkQNL8k5A2w/vwUJQCgpfxk6ZbXquOt5pInKqf6nFbq +p8AoJ6qODNj9rsJSkS2CfwlIg2s7vMB =8wad -----END PGP SIGNATURE----- _______________________________________________ precis mailing list [email protected] https://www.ietf.org/mailman/listinfo/precis
