Also FYI. :-)
-------- Original Message --------
Subject: Re: [http-auth] Allowed Characters in usernames and passwords
Date: Fri, 14 Nov 2014 16:01:10 -1000
From: Yoav Nir <[email protected]>
To: IETF HTTP Auth <[email protected]>
So of course I forgot something.
Additionally, the Basic and Digest documents will refer to the precis
document, and not specify acceptable characters themselves, except where
there is a unique requirement, such as the requirements around colons in
usernames or passwords in Basic. In all other cases, saslprepbis will be
our normative reference.
Yoav
On Nov 14, 2014, at 3:59 PM, Yoav Nir <[email protected]> wrote:
Hi
An issue that has been discussed on the list has been what characters are
allowed for usernames and passwords in the Basic and Digest documents (this
probably also applies to other specification, specifically MutualAuth, but that
is not the issue in this message).
So the precis working group is creating the saslprepbis ([1]) document that
should be published soon (as soon as the end of this year). That contains a
profile for characters that are and aren’t recommended for use in username and
passwords.
So the proposal that reflects the consensus of the people in today’s session is
as follows:
Both the Basic and Digest drafts will mandate that supporting servers MUST
support usernames and passwords that conform to the saslprepbis specification,
and MAY support non-conforming ones. The rationale is that we have to have a
MAY there, because we can’t prohibit stuff that works today. Both documents
will add text with these MUST and MAY.
The room was unanimous in supporting this direction. If you disagree, please
comment to the list by Monday 24-Nov-2014. Since we had a strong hum for in the
room, we will take silence as consensus
Thanks
Matt & Yoav
[1] https://tools.ietf.org/html/draft-ietf-precis-saslprepbis-09
_______________________________________________
http-auth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/http-auth
--
Peter Saint-Andre
https://andyet.com/
_______________________________________________
precis mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/precis
