On Mon, Jun 11, 2018, at 15:17, Hollenbeck, Scott wrote: > [SAH] Jim, keep in mind that the security guidelines you mentioned are > just that – *guidelines* published by a particular entity that may or > may not be appropriate for use in different operating environments. I’d > be inclined to loosen the Schema to conform to other possibilities and > include an informational reference with text along the lines of “Servers > SHOULD enforce minimum and maximum password length requirements that are > appropriate for their operating environment. One example of a guideline > for password length policies can be found in <blah blah> [reference > here]”. A minimum length of 1 would ensure that the field can’t be > blank, and the server can check if whatever is provided lines up with > expectations for clients.
That sound perfect to me. Thanks Scott for the text. -- Patrick Mevzek _______________________________________________ regext mailing list [email protected] https://www.ietf.org/mailman/listinfo/regext
