-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 9/17/12 12:21 PM, Alexey Melnikov wrote:

> On 17 Sep 2012, at 19:09, "Matt Miller (mamille2)" 
> <[email protected]> wrote:

[I agree with the other points that Matt raised. Thanks for the review!]

>> * 3.2 (Passwords - Preparation) :: I do wonder about the
>> rationale for step 2) (map all non-ASCII space to ASCII space).
>> I myself have not run into conditions where this would matter,
>> but I mostly deal with US-based consumers with passwords almost
>> exclusively in the ASCII range.  On the surface, it seems a bit
>> contradictory in principle to the "no bidi rule" rationale that
>> is included. I'm not advocating for retention or removal of step
>> 2), but rather for providing a rationale (one way or the other).
> 
> This rule was always in SASLPrep, so this is trying to preserve
> some sort of backward compatibility. Whether it is a good enough
> reason to keep the rule - I don't know.

This rule applied to stringprep via Appendix B.1 in RFC 3454:

http://tools.ietf.org/html/rfc3454#appendix-B.1

In the interest of full disclosure, the code points involved were:

U+00AD SOFT HYPHEN
U+034F COMBINING GRAPHEME JOINER
U+1806 MONGOLIAN TODO SOFT HYPHEN
U+180B MONGOLIAN FREE VARIATION SELECTOR ONE
U+180C MONGOLIAN FREE VARIATION SELECTOR TWO
U+180D MONGOLIAN FREE VARIATION SELECTOR THREE
U+200B ZERO WIDTH SPACE
U+200C ZERO WIDTH NON-JOINER
U+200D ZERO WIDTH JOINER
U+2060 WORD JOINER
U+FE00 VARIATION SELECTOR-1
[...other variation selectors here...]
U+FE0F VARIATION SELECTOR-13
U+FEFF ZERO WIDTH NO-BREAK SPACE

As far as I can see, we have two alternatives for SASLprep-bis:

1. Continue to map those code points to nothing.

2. Disallow those code points by subclassing the FreeClass.

I don't have a strong feeling either way, although mapping to nothing
has always struck me as a wimpy approach and I'd probably prefer to
explicitly disallow unwanted code points...

Peter

- --
Peter Saint-Andre
https://stpeter.im/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBXghoACgkQNL8k5A2w/vxvswCgp5O1xCtdmHZZCHD1STFxfdOM
JjAAoOFaF2uPI68gKzM27e/kpRItCkAO
=xbD4
-----END PGP SIGNATURE-----
_______________________________________________
precis mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/precis

Reply via email to