Hi James, Just replying to 1 point below: > On 23 Jan 2020, at 21:29, Gould, James <[email protected]> wrote: > > 2) In the same section: > > <loginSec:pw>: OPTIONAL plain text password that is case sensitive, > has a minimum length of 6 characters, and has a maximum length > that is up to server policy. All leading and trailing whitespace > is removed, and all internal contiguous whitespace that includes > #x9 (tab), #xA (linefeed), #xD (carriage return), and #x20 > (space) is replaced with a single #x20 (space). This element > MUST only be used if the [RFC5730] <pw> element is set to the > "[LOGIN-SECURITY]" value. > > What is the definition of "whitespace"? Does this only include characters > listed above or does it also include other Unicode characters (e.g. Unicode > whitespace property)? If the former, then instead of using "whitespace that > includes ..." use something like "whitespace is defined as one of ..." > > JG - The definition of "whitespace" is based on the definition for XML schema > whiteSpace (https://www.w3.org/TR/xmlschema11-2/#rf-whiteSpace), which does > not include non-ASCII whitespace. Validating XML parsers will apply the XML > schema whitespace rules defined for the XML Schema "token" type > (https://www.w3.org/TR/xmlschema11-2/#token), which is explicitly included in > the description of the <loginSec:pw> element based on feedback from the > working group. I don't recommend use of non-ASCII characters for passwords, > but I don't believe the extension should disallow it.
Please clarify this in the document. Probably the easiest way is to add definition of whitespace to the terminology section. BTW, I believe Precis framework will canonicalize all Unicode whitespaces (around 33 different characters) to ASCII space. Best Regards, Alexey _______________________________________________ regext mailing list [email protected] https://www.ietf.org/mailman/listinfo/regext
