Hi, I'd like to update an rfc in order to follow the rfc7613 recommendations for passwords, however I'd like first to understand the reason of the restrictions applied to passwords (i.e., freeformclass choice, space elimination, etc.).
I'm checking both rfc7564 and rfc7613, and I cannot find the rationale of the restrictions being done. In particular: 1. why rfc7613 restricts all spaces for passwords to U+0020? 2. what is the purpose of "Contextual Rule Required" in section 4.3.2 of rfc7564? 3. why freeform class doesn't allow "Old Hangul Jamo characters"? 4. why freeform class doesn't allow ignorable charaters? The context of that, is that I am trying to understand what would be the drawbacks from recommending a fixed normalization form (e.g., NFC), for passwords, in contrast to recommending rfc7613. regards, Nikos _______________________________________________ precis mailing list [email protected] https://www.ietf.org/mailman/listinfo/precis
