FYI.
-------- Original Message --------
Subject: [http-auth] Allowed Characters in usernames and passwords
Date: Fri, 14 Nov 2014 15:59:00 -1000
From: Yoav Nir <[email protected]>
To: IETF HTTP Auth <[email protected]>
Hi
An issue that has been discussed on the list has been what characters
are allowed for usernames and passwords in the Basic and Digest
documents (this probably also applies to other specification,
specifically MutualAuth, but that is not the issue in this message).
So the precis working group is creating the saslprepbis ([1]) document
that should be published soon (as soon as the end of this year). That
contains a profile for characters that are and aren’t recommended for
use in username and passwords.
So the proposal that reflects the consensus of the people in today’s
session is as follows:
Both the Basic and Digest drafts will mandate that supporting servers
MUST support usernames and passwords that conform to the saslprepbis
specification, and MAY support non-conforming ones. The rationale is
that we have to have a MAY there, because we can’t prohibit stuff that
works today. Both documents will add text with these MUST and MAY.
The room was unanimous in supporting this direction. If you disagree,
please comment to the list by Monday 24-Nov-2014. Since we had a strong
hum for in the room, we will take silence as consensus
Thanks
Matt & Yoav
[1] https://tools.ietf.org/html/draft-ietf-precis-saslprepbis-09
_______________________________________________
http-auth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/http-auth
--
Peter Saint-Andre
https://andyet.com/
_______________________________________________
precis mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/precis
