On 24/09/2013 22:17, Simon Josefsson wrote:
You wrote:
"Simon" == Simon Josefsson <[email protected]> writes:
Simon> like HTTP, FTP, SMTP, SSH, etc could be revised. I don't
Simon> believe any of that will happen, so we'll have to live with
Simon> case sensitive usernames, and my take is that I18N
Simon> documents should permit that.
I'm not sure any of the above hase case sensitive usernames.
They permit usernames to be case sensitive.
However a lot of implementations treat the username as case
insensitive.
I do think this is an appropriate issue for an IETF an document, but I
do think considering the impact on legacy systems is important.
I don't think we need to require there be no impact, simply understand
an accept it.
Agreed, but the devil is in the detail. For example, I would say that
any I18N effort that changes how ASCII usernames ([A-Za-z0-9...])
behave have gone too far down the road that causes damage to legacy
systems.
Case folding for usernames in draft-ietf-precis-saslprepbis-04.txt is a
SHOULD, so I think you are Ok. I.e. compatibility with a legacy system
is a good enough reason to violate the SHOULD.
For passwords, there are also security aspects, since case
folding reduces entropy.
draft-ietf-precis-saslprepbis-04.txt recommends against case folding for
passwords.
Maybe in some of these details we can find
were we agree and disagree.
_______________________________________________
precis mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/precis
