Works for me, Jim. Scott
> -----Original Message----- > From: regext <regext-boun...@ietf.org> On Behalf Of Gould, James > Sent: Monday, June 11, 2018 1:44 PM > To: Gavin Brown <gavin.br...@centralnic.com>; Patrick Mevzek > <p...@dotandco.com>; regext@ietf.org > Subject: [EXTERNAL] Re: [regext] FW: New Version Notification for draft- > gould-regext-login-security-00.txt > > Hi, > > In thinking about decreasing the minimum from 8 to 1, I have a concern > that we're going to support a minimum that is below the existing RFC 5730 > of 6 characters. I believe it would be best for the Login Security > Extension to at least support the existing 6 character minimum with the > added language that Scott proposed “Servers SHOULD enforce minimum and > maximum password length requirements that are appropriate for their > operating environment. One example of a guideline for password length > policies can be found in <blah blah> [reference here]". Scott's language > can be added to the Security Considerations section of the draft. > > Let me know if this will work. > > Thanks, > > — > > JG > > > > James Gould > Distinguished Engineer > jgo...@verisign.com > > 703-948-3271 > 12061 Bluemont Way > Reston, VA 20190 > > Verisign.com <http://verisigninc.com/> > > On 6/11/18, 10:00 AM, "Gould, James" <jgo...@verisign.com> wrote: > > Scott & Gavin, > > Thanks for weighing in. I can make Scott's proposed text and schema > change with the appropriate <blah blah>. Thanks Patrick for bringing up > the topic. > > — > > JG > > > > James Gould > Distinguished Engineer > jgo...@verisign.com > > 703-948-3271 > 12061 Bluemont Way > Reston, VA 20190 > > Verisign.com <http://verisigninc.com/> > > On 6/11/18, 9:55 AM, "regext on behalf of Gavin Brown" <regext- > boun...@ietf.org on behalf of gavin.br...@centralnic.com> wrote: > > +1. > > On 11/06/2018 14:49, Patrick Mevzek wrote: > > On Mon, Jun 11, 2018, at 15:17, Hollenbeck, Scott wrote: > >> [SAH] Jim, keep in mind that the security guidelines you > mentioned are > >> just that – *guidelines* published by a particular entity that > may or > >> may not be appropriate for use in different operating > environments. I’d > >> be inclined to loosen the Schema to conform to other > possibilities and > >> include an informational reference with text along the lines of > “Servers > >> SHOULD enforce minimum and maximum password length requirements > that are > >> appropriate for their operating environment. One example of a > guideline > >> for password length policies can be found in <blah blah> > [reference > >> here]”. A minimum length of 1 would ensure that the field can’t > be > >> blank, and the server can check if whatever is provided lines > up with > >> expectations for clients. > > > > That sound perfect to me. Thanks Scott for the text. > > > > -- > Gavin Brown > Chief Technology Officer > CentralNic Group plc (LSE:CNIC) > Innovative, Reliable and Flexible Registry Services > for ccTLD, gTLD and private domain name registries > https://www.centralnic.com/ > +44.7548243029 > > CentralNic Group plc is a company registered in England and Wales > with > company number 8576358. Registered Offices: 35-39 Moorgate, > London, > EC2R 6AR. > > > > > > _______________________________________________ > regext mailing list > regext@ietf.org > https://www.ietf.org/mailman/listinfo/regext _______________________________________________ regext mailing list regext@ietf.org https://www.ietf.org/mailman/listinfo/regext
