Hi,
On 20/02/2015 01:56, Bjoern Hoehrmann wrote:
Hi,
Yesterday I tried to find out if the latest draft for HTTP Basic auth-
entication allows colons in passwords. I eventually gave up; what I did:
http://tools.ietf.org/html/draft-ietf-httpauth-basicauth-update-06 has
For the password, recipients MUST support all characters defined in
the "OpaqueString" profile defined in in Section 4.2 of [PRECIS].
Went to http://tools.ietf.org/html/draft-ietf-precis-saslprepbis-13 and
when I searched for `OpaqueString` in the document the first hit beyond
the ToC is:
4. Passwords
4.1. Definition
This document specifies that a password is a string of Unicode code
points [UNICODE], encoded using UTF-8 [RFC3629], and conformant to
OpaqueString profile of the PRECIS FreeformClass specified below.
This left me confused why `basicauth` references `OpaqueString` instead
of "a password as defined in [PRECIS]" or something like that. Anyway...
Since `OpaqueString` is said to be "specified below", I continued the
search and the next hit is
4.2. OpaqueString Profile
The definition of the OpaqueString profile is provided in the
following sections, including detailed information about
preparation, enforcement, and comparison (on the distinction
between these actions, refer to [I-D.ietf-precis-framework]).
4.2.1. Preparation
An entity that prepares a string according to this profile MUST
ensure that the string consists only of Unicode code points that
conform to the "FreeformClass" base string class defined in
[I-D.ietf-precis-framework]. In addition, the string MUST be
encoded as UTF-8 [RFC3629].
Since `basicauth` allows other character encodings than UTF-8, I have
found the MUST requirement here somewhat irritating, but I assume that
is resolved somewhere.
I think what this text is trying to say is that "before using this
algorithm, make sure that your data is in UTF-8".
[snip]
_______________________________________________
precis mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/precis