-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [ + [email protected] ]
On 2/18/13 11:04 AM, Chris Newman wrote: > --On February 14, 2013 14:24:17 -0700 Peter Saint-Andre > <[email protected]> wrote: >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> On 2/14/13 2:12 PM, Peter Saint-Andre wrote: >>> Hi Chris, thank you for the review. >>> >>> On 2/14/13 12:37 PM, Chris Newman wrote: >>>> A common construction for user names on the Internet is the >>>> form "[email protected]", specifically, a subset of >>>> email-address syntax with an embedded domain name is commonly >>>> used for login identity strings (although theses login >>>> identity strings may or may not be usable as actual email >>>> addresses). >>> >>>> As a result, the character class used for user names used >>>> for authentication needs to be a superset of the character >>>> class used for domain names. I was not able to tell from the >>>> specification if that was the case. If it isn't, I believe >>>> that should be fixed. >>> >>> It is the case, because all characters in the ASCII range are >>> grandfathered into the PRECIS NameClass. Thus some examples >>> are definitely in order! We'll add those to the next version. >> >> I propose adding the second paragraph shown below to the end of >> Section 2.1, which defines the handling of simple user names: >> >> Note well that all code points and blocks not explicitly allowed >> in the PRECIS NameClass are disallowed; this includes private >> use characters, surrogate code points, and the other code points >> and blocks defined as "Prohibited Output" in Section 2.3 of RFC >> 4013. >> >> However, all characters in the ASCII range are "grandfathered" >> into the PRECIS NameClass. As a result, common constructions >> such as "[email protected]" are allowed as simple user names when >> using software that conforms to this specification, as they were >> under [RFC4013]. > > I don't see this as a necessary addition. It was quite clear from > the specifications that the ASCII range was grandfathered in > NameClass. It appears I was unclear in stating my concern, let me > try again to explain my concern. Yes, I did misconstrue your question. > My concern is that login identities should be able to contain a > valid IDNA U-label. It is not clear to me if NameClass permits all > valid U-labels. If it does not, then I believe using NameClass for > login identities is a mistake. The [email protected] form for login > identities will continue to be useful as the infrastructure is > expanded to allow UTF-8 characters in both the "user" part and the > "example.com" part of that form. If we disallow valid U-labels in > login identities then we break the multi-domain model for lots of > software out there and will force that software to change its > architecture when it adopts this technology or to choose not to > adopt this technology. If valid IDNA U-labels are permitted in > login identities then implementers can keep their current > architecture and adopt saslprepbis. Ah, I see. You raise a good question. The intent was that any code point allowed in IDNs would be allowed in the PRECIS NameClass, but looking closely at draft-ietf-precis-framework I realize that the intent might not be reflected in the spec right now. I will investigate further and post again when I have something definitive to report. Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJRIpsYAAoJEOoGpJErxa2pUXsP/iwzE9yQtKkn0aeVaccNneVn xDNeWfXGjfdcKE9K5nqyQgH5WTVX180RMZ9p4TZk8C0E4k7o+8PxPZF2ua/Sth+w 4hg8DMGn0zPvoiQoL4gklMXxKZn5ADU5iMP6KTcdSnCXjZkHPezbZ7Q2CQDe3u5j pxQnR6rw6jL/jcUbDucvSMJ0mJKtoHMgG7LTxlmC3jhWZ+SZyUdk38HpDC1e71b3 LdnS77OgUEJdDkDoCdj89ByDNefVeC2FkD6a/MbnLr9TbcMNzGNtwX0dM4x5sTIB GUywXzzmwU409tf7xlurC5wcBtffFL8lhbkYziv0X2C5RHZ5waevrHG9Tkzl7f2F 0Vs8QgtwZqlCvR+9ByJzmT1FW966cOUGQaYahNLjNtzUzzgZ4Oyvfdw6g5NxxM3V jTBqW8YF/QOF2ZYYfwpw99Mc5hPuNzs6l65g8Q8R394+JmCtyh5MY5ycgmpykrIN qAMzCefbz0PnP1gwTsOyQG31JsmSXTu4FwB5rfCFZJqKgnvXFHUrDyuh/AbW/su0 RmlA5WOBhem1b2MgbttWD8sxNvWbkVhlRsOQZymZaJFeejlyCV2MTQIWvy4Q6G7g I2aSLpMSp01wNGDRTxMmloFg8tsWDyxUjaz8AE7BFCpPGjDAddzuuIYlPFVubD4A Z/e5nXrXsqAwOjIUQYai =I/k2 -----END PGP SIGNATURE----- _______________________________________________ precis mailing list [email protected] https://www.ietf.org/mailman/listinfo/precis
