Thank you very much for making our next steps very clear.

I'll do my best to improve our proposal.

2014-02-04 Peter Saint-Andre <[email protected]>:
> Yes, I think it is best to define a separate profile for HTTPAUTH (based on
> various conversations at the last IETF meeting). I will try to review your
> document again very soon.
>
> Peter
>
>
> On 2/3/14, 5:18 PM, Yutaka OIWA wrote:
>>
>> Dear Julian and Peter (added),
>>
>> how about the things ongoing about handling of
>> HTTP-AUTH normalization in context of PRECIS?
>>
>> I proposed general-purpose HTTP-AUTH normalization
>> profile to PRECIS WG (just because I need it :-),
>> and they considered merging it with new SASLPREPbis.
>> My current draft is
>> http://tools.ietf.org/html/draft-oiwa-precis-httpauthprep-00 .
>> SASLPREPbis is in WG pool as
>> http://tools.ietf.org/html/draft-ietf-precis-saslprepbis-06 .
>>
>> I am awaiting actions for whether the merging
>> will actually happen or not.
>> In my understanding, removing of SASL-dependent
>> natures (e.g. that in Username grammer) from current
>> saslprepbis is not going forward yet, and current
>> SASLPREPbis is, at least personally, not applicable
>> for any HTTP auth schemes except SASL-backed ones.
>> For clarify, SASLPREPbis is really good, and the differences
>> are not large but critical.
>>
>> I think there is several possible directions for us to go:
>>
>> 1) Go merging: push forward to make saslprepbis a
>>      general-purpose precis profile by separating
>>      still-remaining SASL-only features.
>>      IMO, in this case we may need two separate
>>      application notes documents for SASL and HTTP-AUTH.
>>
>> 2) Go separate: discuss HTTPAUTH in context of
>>      PRECIS separately from SASLPREP.
>>      I believe that my draft will give us a good starting point,
>>      as my best effort.
>>
>> 3) for Julian, one possible best current cheating, if you
>>      can't wait PRECIS WG, might be just specify NFC as a
>>      canonical form.  Both SASLPREP and HTTPAUTHprep
>>      (and many other PRECIS profiles) are NFC based,
>>      so it will not likely harm future development of proper
>>      PRECIS-based "preparation" (including normalization).
>>
>> Also, I would be happy if Julian (as talked in Vancouver)
>> and other people in HTTPAUTH WG and PRECIS WG
>> could give us a feedback on my proposal from the
>> both WG's points of view.
>>
>> 2014-02-04 Julian Reschke <[email protected]>:
>>>
>>> On 2013-10-05 11:01, Julian Reschke wrote:
>>>>
>>>>
>>>> On 2013-09-12 12:35, Julian Reschke wrote:
>>>>>
>>>>>
>>>>> On 2013-08-21 21:22, Matthew Lepinski wrote:
>>>>>>
>>>>>>
>>>>>> Draft minutes for the HTTP-AUTH session have been posted.
>>>>>>
>>>>>> They can be found at:
>>>>>> http://www.ietf.org/proceedings/87/minutes/minutes-87-httpauth
>>>>>>
>>>>>> If you notice any omissions or other errors in the minutes, please let
>>>>>> us know.
>>>>>> ...
>>>>>
>>>>>
>>>>>
>>>>> OK, the minutes mention:
>>>>>
>>>>> "Unicode Normalization : Getting from what is typed in to Unicode code
>>>>> points will require discussion"
>>>>>
>>>>> So how do we proceed from here? Any concrete proposals for what to say?
>>>>
>>>>
>>>>
>>>> It seems we don't know what to say then, right?
>>>>
>>>> How about: "Beware that differing Unicode normalization forms can cause
>>>> interoperability problems. See [http://unicode.org/reports/tr15/].";?
>>>>
>>>>
>>>> Best regards, Julian
>>>
>>>
>>>
>>> So, does anybody have a good plan how to approach the normalization
>>> problem?
>>>
>>> Otherwise we'll just have to state that there are dragons out there, and
>>> that we don't know the solution...
>>>
>>>
>>> Best regards, Julian
>>>
>>> _______________________________________________
>>> http-auth mailing list
>>> [email protected]
>>> https://www.ietf.org/mailman/listinfo/http-auth
>>
>>
>>
>>
>
>
> --
> Peter Saint-Andre
> https://stpeter.im/



-- 
Yutaka OIWA, Ph.D.                 Leader, System Life-cycle Research Group
                               Research Institute for Secure Systems (RISEC)
     National Institute of Advanced Industrial Science and Technology (AIST)
                       Mail addresses: <[email protected]>, <[email protected]>
OpenPGP: id[440546B5] fp[7C9F 723A 7559 3246 229D  3139 8677 9BD2 4405 46B5]
_______________________________________________
precis mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/precis

Reply via email to