Thank you very much for making our next steps very clear.
I'll do my best to improve our proposal. 2014-02-04 Peter Saint-Andre <[email protected]>: > Yes, I think it is best to define a separate profile for HTTPAUTH (based on > various conversations at the last IETF meeting). I will try to review your > document again very soon. > > Peter > > > On 2/3/14, 5:18 PM, Yutaka OIWA wrote: >> >> Dear Julian and Peter (added), >> >> how about the things ongoing about handling of >> HTTP-AUTH normalization in context of PRECIS? >> >> I proposed general-purpose HTTP-AUTH normalization >> profile to PRECIS WG (just because I need it :-), >> and they considered merging it with new SASLPREPbis. >> My current draft is >> http://tools.ietf.org/html/draft-oiwa-precis-httpauthprep-00 . >> SASLPREPbis is in WG pool as >> http://tools.ietf.org/html/draft-ietf-precis-saslprepbis-06 . >> >> I am awaiting actions for whether the merging >> will actually happen or not. >> In my understanding, removing of SASL-dependent >> natures (e.g. that in Username grammer) from current >> saslprepbis is not going forward yet, and current >> SASLPREPbis is, at least personally, not applicable >> for any HTTP auth schemes except SASL-backed ones. >> For clarify, SASLPREPbis is really good, and the differences >> are not large but critical. >> >> I think there is several possible directions for us to go: >> >> 1) Go merging: push forward to make saslprepbis a >> general-purpose precis profile by separating >> still-remaining SASL-only features. >> IMO, in this case we may need two separate >> application notes documents for SASL and HTTP-AUTH. >> >> 2) Go separate: discuss HTTPAUTH in context of >> PRECIS separately from SASLPREP. >> I believe that my draft will give us a good starting point, >> as my best effort. >> >> 3) for Julian, one possible best current cheating, if you >> can't wait PRECIS WG, might be just specify NFC as a >> canonical form. Both SASLPREP and HTTPAUTHprep >> (and many other PRECIS profiles) are NFC based, >> so it will not likely harm future development of proper >> PRECIS-based "preparation" (including normalization). >> >> Also, I would be happy if Julian (as talked in Vancouver) >> and other people in HTTPAUTH WG and PRECIS WG >> could give us a feedback on my proposal from the >> both WG's points of view. >> >> 2014-02-04 Julian Reschke <[email protected]>: >>> >>> On 2013-10-05 11:01, Julian Reschke wrote: >>>> >>>> >>>> On 2013-09-12 12:35, Julian Reschke wrote: >>>>> >>>>> >>>>> On 2013-08-21 21:22, Matthew Lepinski wrote: >>>>>> >>>>>> >>>>>> Draft minutes for the HTTP-AUTH session have been posted. >>>>>> >>>>>> They can be found at: >>>>>> http://www.ietf.org/proceedings/87/minutes/minutes-87-httpauth >>>>>> >>>>>> If you notice any omissions or other errors in the minutes, please let >>>>>> us know. >>>>>> ... >>>>> >>>>> >>>>> >>>>> OK, the minutes mention: >>>>> >>>>> "Unicode Normalization : Getting from what is typed in to Unicode code >>>>> points will require discussion" >>>>> >>>>> So how do we proceed from here? Any concrete proposals for what to say? >>>> >>>> >>>> >>>> It seems we don't know what to say then, right? >>>> >>>> How about: "Beware that differing Unicode normalization forms can cause >>>> interoperability problems. See [http://unicode.org/reports/tr15/].";? >>>> >>>> >>>> Best regards, Julian >>> >>> >>> >>> So, does anybody have a good plan how to approach the normalization >>> problem? >>> >>> Otherwise we'll just have to state that there are dragons out there, and >>> that we don't know the solution... >>> >>> >>> Best regards, Julian >>> >>> _______________________________________________ >>> http-auth mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/http-auth >> >> >> >> > > > -- > Peter Saint-Andre > https://stpeter.im/ -- Yutaka OIWA, Ph.D. Leader, System Life-cycle Research Group Research Institute for Secure Systems (RISEC) National Institute of Advanced Industrial Science and Technology (AIST) Mail addresses: <[email protected]>, <[email protected]> OpenPGP: id[440546B5] fp[7C9F 723A 7559 3246 229D 3139 8677 9BD2 4405 46B5] _______________________________________________ precis mailing list [email protected] https://www.ietf.org/mailman/listinfo/precis
