This was started as a review of draft-melnikov-precis-saslprepbis-02. -03 already addresses most of the questions and concerns I had with -02 (-:
regarding -03: * 2.3 (Simple User Names - Migration) :: It would be tremendously helpful to have examples for each point raised. * 3.2 (Passwords - Preparation) :: I do wonder about the rationale for step 2) (map all non-ASCII space to ASCII space). I myself have not run into conditions where this would matter, but I mostly deal with US-based consumers with passwords almost exclusively in the ASCII range. On the surface, it seems a bit contradictory in principle to the "no bidi rule" rationale that is included. I'm not advocating for retention or removal of step 2), but rather for providing a rationale (one way or the other). * 3.3 (Passwords - Migration) :: It would be tremendously helpful to have examples for each point raised. * I wonder if each migration section ought to be merged into something larger. I do think that more needs to be said about the migration not just of the data upon which the software operates on, but also of the software itself. It is not common for client- and server-based software to be updated in lockstep, and I can see questions coming up about it. - m&m Matt Miller - <[email protected]> Cisco Systems, Inc. On Sep 14, 2012, at 10:25, Peter Saint-Andre wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Sorry, in -02 we had neglected to update the spec regarding Pete > Resnick's feedback about bidirectionality of passwords. Alexey and I > have addressed that now, thus the quick -03 release (changing one > paragraph at the end of Section 3.2). > > Peter > > - -------- Original Message -------- > Subject: I-D Action: draft-melnikov-precis-saslprepbis-03.txt > Date: Fri, 14 Sep 2012 09:22:08 -0700 > From: [email protected] > Reply-To: [email protected] > To: [email protected] > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > > > Title : Preparation and Comparison of Internationalized > Strings Representing Simple User Names and Passwords > Author(s) : Peter Saint-Andre > Alexey Melnikov > Filename : draft-melnikov-precis-saslprepbis-03.txt > Pages : 11 > Date : 2012-09-14 > > Abstract: > This document describes how to handle Unicode strings representing > simple user names and passwords, primarily for purposes of > comparison. This profile is intended to be used by Simple > Authentication and Security Layer (SASL) mechanisms (such as PLAIN > and SCRAM-SHA-1), as well as other protocols that exchange simple > user names or passwords. This document obsoletes RFC 4013. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-melnikov-precis-saslprepbis > > There's also a htmlized version available at: > http://tools.ietf.org/html/draft-melnikov-precis-saslprepbis-03 > > A diff from the previous version is available at: > http://www.ietf.org/rfcdiff?url2=draft-melnikov-precis-saslprepbis-03 > > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > I-D-Announce mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/i-d-announce > Internet-Draft directories: http://www.ietf.org/shadow.html > or ftp://ftp.ietf.org/ietf/1shadow-sites.txt > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2.0.18 (Darwin) > Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ > > iEYEARECAAYFAlBTWmsACgkQNL8k5A2w/vzKAgCfcJVptes7qR3TrlAtixpNkhNy > Y7kAoIH4CTjhL/9qBqPwVo/r/bWq55Xr > =F64+ > -----END PGP SIGNATURE----- > _______________________________________________ > precis mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/precis
smime.p7s
Description: S/MIME cryptographic signature
PGP.sig
Description: This is a digitally signed message part
_______________________________________________ precis mailing list [email protected] https://www.ietf.org/mailman/listinfo/precis
