On Wed, Sep 11, 2013 at 1:04 PM, Peter Saint-Andre <[email protected]> wrote: > On 9/10/13 8:06 AM, Nico Williams wrote: >> On Monday, September 9, 2013, Peter Saint-Andre wrote: >> This is the third time, I think, that I've had to voice my >> vehement objections to this. I thought we were done the second >> time. > > Hi Nico, I don't think vehemence is needed. We have some different > perspectives, and we're trying to find common ground.
I misread anyways, then overreacted. Sorry about that. I have no objection to telling people that they should (not must) treat usernames case-insensitively. They should be told to preserve case as much as possible though, if they allow mixed-case usernames at all. Also, if this is a recommendation for people *deploying* or people designing mechanisms, then the recommendation shouldn't use RFC2119 language (since it's not a recommendation as to what an implementation should do. Finally, if the only goal is to prevent confusion (thinking that two usernames are equivalent when they are not), shouldn't the prescription be to check for case-insensitive collisions at *enrollment* time? I would think so -- then the recommendation would not apply to, say, mechanism implementors (since SASL doesn't deal with enrollment) but to system integrators -- recommendations and requirements about enrollment could be stated in RFC2119 language. So, there's some subtle things here to get right. Also, if the goal is to be case-insensitive then that should be stated. As should be case-preservation. I'm not sure that specifying the nitty gritty of how case-insensitivity is obtained matters much here. > Would you perhaps have time to listen to the recording of the PRECIS > WG session in Berlin? Sure. I'll take a listen. > Also, would you be available for a phone conference on this topic so > that we can work through it in closer to real time? Or might you be > coming to the IETF meeting in Vancouver? I'm thinking I have to go to Vancouver, but as usual it probably won't be for the whole week. My primary interests now lie in KITTEN and HTTPauth WGs. Nico -- _______________________________________________ precis mailing list [email protected] https://www.ietf.org/mailman/listinfo/precis
