proposed charter for "NewPrep" WG
Peter Saint-Andre <stpeter@stpeter.im> Wed, 03 February 2010 20:22 UTC
Return-Path: <stpeter@stpeter.im>
X-Original-To: apps-discuss@core3.amsl.com
Delivered-To: apps-discuss@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4C26D3A6978; Wed, 3 Feb 2010 12:22:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.724
X-Spam-Level:
X-Spam-Status: No, score=-2.724 tagged_above=-999 required=5 tests=[AWL=-0.125, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VVePV6-5y5Ug; Wed, 3 Feb 2010 12:22:14 -0800 (PST)
Received: from stpeter.im (stpeter.im [207.210.219.233]) by core3.amsl.com (Postfix) with ESMTP id 3D4A33A6A3C; Wed, 3 Feb 2010 12:22:11 -0800 (PST)
Received: from dhcp-64-101-72-234.cisco.com (dhcp-64-101-72-234.cisco.com [64.101.72.234]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id A833740332; Wed, 3 Feb 2010 13:22:53 -0700 (MST)
Message-ID: <4B69DB1C.3090200@stpeter.im>
Date: Wed, 03 Feb 2010 13:22:52 -0700
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1.7) Gecko/20100111 Thunderbird/3.0.1
MIME-Version: 1.0
To: newprep@ietf.org
Subject: proposed charter for "NewPrep" WG
X-Enigmail-Version: 1.0
OpenPGP: url=http://www.saint-andre.com/me/stpeter.asc
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms040904080906020108060704"
Cc: "apps-discuss@ietf.org" <apps-discuss@ietf.org>, XMPP <xmpp@ietf.org>, sasl mailing list <sasl@ietf.org>, IETF discussion list <ietf@ietf.org>
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Feb 2010 20:22:15 -0000
The following is a proposed charter for a "NewPrep" WG to work on replacements for stringprep profiles in application and security protocols such as XMPP and SASL. We plan to hold a BoF at IETF 77 to explore whether it makes sense to form a working group on this topic. If you are interested, please join the newprep@ietf.org list: https://www.ietf.org/mailman/listinfo/newprep My apologies for cross-posting; please send replies to newprep@ietf.org. Thanks! Peter ###### Proposed Charter for NewPrep WG Last Updated: 2010-01-14 Problem Statement The handling of non-ASCII strings in Internet protocols is a difficult problem that has still not been solved in a generalized way. In 2002, the IETF defined a method for preparation and comparison of internationalized strings that could be re-used by various applications. This method, stringprep (RFC 3454), has been re-used in several Internet protocols that have defined "profiles" of stringprep, namely: - The Nameprep profile (RFC 3490) for use in Internationalized Domain Names (IDNs) - The iSCSI profile (RFC 3722) for use in Internet Small Computer Systems Interface (iSCSI) Names - The Nodeprep and Resourceprep profiles (RFC 3920) for use in the Extensible Messaging and Presence Protocol (XMPP) - The Policy MIB profile (RFC 4011) for use in the Simple Network Management Protocol (SNMP) - The SASLprep profile (RFC 4013) for use in the Simple Authentication and Security Layer (SASL) - The trace profile (RFC 4505) for use with the SASL ANONYMOUS mechanism In completing revisions to the IDN technology, the IETF's IDNAbis WG decided to move away from the use of stringprep in domain names, instead defining sets of allowed and disallowed characters based on Unicode character properties (often called an "inclusion approach") rather than defining explicit mappings of Unicode characters as in stringprep (an "exclusion approach"). Although the IDNAbis WG had its reasons for moving away from stringprep, and some of those reasons might not apply to other applications (e.g., usernames in XMPP or usernames and passwords in SASL), other reasons might apply more generally. In particular, stringprep depends on a particular version of Unicode (3.2) and cannot be upgraded to a new Unicode version without revising the core stringprep technology. However, any move away from stringprep by existing profiles would introduce backward compatibility issues and migration challenges, which need to be weighed against the benefits of a new string preparation technology. Objectives The goal of this group is to assess whether an "inclusion approach" similar to that taken in the revisions to Internationalized Doman Names (IDNs) is appropriate for other stringprep profiles. Such an approach would involve: - A tiered model of permitted characters, especially the three categories of valid, disallowed, and unassigned characters - Protocol-specific lists of valid characters - Potentially a reduction in the number of characters that are permitted in usernames, passwords, and other identifiers - Application of the foregoing concepts to existing profiles in ways that respect the significant differences between those profiles The group will analyze existing stringprep profiles to assess if it is appropriate for them to move to an inclusion approach. If so, based on consensus the group will do one of the following with regard to each existing profile: 1. Directly complete a replacement for the profile, if it does not fall within the scope of another active working group. 2. Collaborate with another active working group on developing a replacement for its profile or profiles. 3. Advise the authors of profiles that were produced outside the context of any working group regarding how to proceed. Deliverables 1. Analysis of existing stringprep profiles. 2. Revisions to one or more existing stringprep profiles. Milestones To follow. ######
- proposed charter for "NewPrep" WG Peter Saint-Andre