Hi Peter et al. Here are some notes I took while reading through the 7613 draft last night; a few of them are actual issues, and others are probably just me misunderstanding something:
- §3 defines Usernames, but since I was expecting a PRECIS profile that defined a username it was confusing and I didn't really understand it at first (until I got to §3.5 which explained the difference between user parts and usernames). I'm not sure if this could be made clearer or not, or if it was just me. - Nit: §3.2.4 reads "An entity that performs comparison of two strings according to this profile MUST prepare each string as specified in Section 3.2.2 and then enforce the rules specified in Section 3.2.3". Though redundant, it might make sense to modify it to read "and then MUST enforce the rules" as well. Not sure that it matters, but it was unclear to me on first reading (though I figured it out pretty quickly; others probably wouldn't have been tripped up by this). - §3.3.3 says that the Case-mapping rule should be performed as the third step of Enforcement, but there is no case mapping rule for the profile. This step should probably be removed or clarified (eg. is case mapping optional, or is it required that you don't do it? I'm not clear on how the absense of a rule works in a profile in general). - Table 2 says "A localpart of BLACK CHESS KING". Localpart is an XMPP term and should read "Userpart" in this context - Nit: §4.2.2 lists the Case mapping rule as "Uppercase and titlecase characters MUST NOT be mapped…", but other profiles just say there is no case mapping rule. Similar to the above, if there's a difference (especially within a single document), I think it could use some clarification. Although I'm not sure that it matters, as implementations are likely to just leave off case mapping either way, which I think is the expected behavior in both cases? - §6.1 references Unicode 7.0, if an update to the RFC is being proposed, this could be changed to read 8.0.0 (or removed if the issue is no longer a problem), or it could be left alone, probably doesn't really matter. - §6.1 also says "these code points would have been "mapped to nothing" in stringprep, in practice a user would not notice the difference if, upon migration to PRECIS, the code points are removed.". Is this correct? Would this not make the username invalid because the code points aren't allowed in the identifier class, locking them out of their account? I'm probably missing something here. - §6.2 Another possible place to update a Unicode 7 reference to 8.0.0 Best, Sam On Thu, May 5, 2016 at 12:42 PM, <[email protected]> wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Preparation and Comparison of > Internationalized Strings of the IETF. > > Title : Preparation, Enforcement, and Comparison of > Internationalized Strings Representing Usernames and Passwords > Authors : Peter Saint-Andre > Alexey Melnikov > Filename : draft-ietf-precis-7613bis-01.txt > Pages : 25 > Date : 2016-05-05 > > Abstract: > This document describes updated methods for handling Unicode strings > representing usernames and passwords. The previous approach was > known as SASLprep (RFC 4013) and was based on stringprep (RFC 3454). > The methods specified in this document provide a more sustainable > approach to the handling of internationalized usernames and > passwords. The preparation, enforcement, and comparison of > internationalized strings (PRECIS) framework, RFC 7564, obsoletes RFC > 3454, and this document obsoletes RFC 7613. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-precis-7613bis/ > > There's also a htmlized version available at: > https://tools.ietf.org/html/draft-ietf-precis-7613bis-01 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-precis-7613bis-01 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > precis mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/precis -- Sam Whited pub 4096R/54083AE104EA7AD3 https://blog.samwhited.com _______________________________________________ precis mailing list [email protected] https://www.ietf.org/mailman/listinfo/precis
