Nico Williams <[email protected]> writes: >> In version -04, based on PRECIS WG discussion, we changed that to: >> >> 3. Uppercase and titlecase characters SHOULD be mapped to their >> lowercase equivalents (not doing so can lead to false positives >> during authentication and authorization, as described in >> [RFC6943]). >> > > This is the third time, I think, that I've had to voice my vehement > objections to this. I thought we were done the second time. I believe > SASL applications and mechanisms MUST NOT do the above, not on the client > side, and that the server should be allowed to do what it wishes.
If the text above would have any bearing on SASL implementations (which isn't clear to me), I would strongly agree with you that the text above is a Bad Idea. Generally, I believe the use-case of I18N of username & password have special requirements that have been ignored by the PRECIS WG because the username/password requirements are sometimes conflicting with other goals of PRECIS and there doesn't seem to be enough interest to cater to both communities at the same time. Perhaps that is fine (I understand PRECIS wants to publish), but then it should be made clear that PRECIS will have no immediate bearing on SASLprepNG. /Simon _______________________________________________ precis mailing list [email protected] https://www.ietf.org/mailman/listinfo/precis
