IETF Logo Mail Archive

Re: [Emu] Revised sections for Issue #18 (Internationalization)

Alan DeKok <aland@deployingradius.com> Thu, 24 September 2009 13:55 UTC

Return-Path: <aland@deployingradius.com>
X-Original-To: emu@core3.amsl.com
Delivered-To: emu@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E6C3028C0E3 for <emu@core3.amsl.com>; Thu, 24 Sep 2009 06:55:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.968
X-Spam-Level:
X-Spam-Status: No, score=-1.968 tagged_above=-999 required=5 tests=[AWL=0.631, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uOdmzz+Y5rXw for <emu@core3.amsl.com>; Thu, 24 Sep 2009 06:55:19 -0700 (PDT)
Received: from liberty.deployingradius.com (liberty.deployingradius.com [88.191.76.128]) by core3.amsl.com (Postfix) with ESMTP id DF4093A6A07 for <emu@ietf.org>; Thu, 24 Sep 2009 06:55:18 -0700 (PDT)
Received: from Thor.local (mey38-2-82-228-181-7.fbx.proxad.net [82.228.181.7]) by liberty.deployingradius.com (Postfix) with ESMTPSA id C25861234491; Thu, 24 Sep 2009 15:54:35 +0200 (CEST)
Message-ID: <4ABB7A8A.1070002@deployingradius.com>
Date: Thu, 24 Sep 2009 15:56:26 +0200
From: Alan DeKok <aland@deployingradius.com>
User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812)
MIME-Version: 1.0
To: Simon Josefsson <simon@josefsson.org>
References: <AC1CFD94F59A264488DC2BEC3E890DE508C62E3A@xmb-sjc-225.amer.cisco.com> <877hvqavwp.fsf@mocca.josefsson.org> <4ABA2282.4080207@deployingradius.com> <87r5txu4mt.fsf@mocca.josefsson.org>
In-Reply-To: <87r5txu4mt.fsf@mocca.josefsson.org>
X-Enigmail-Version: 0.96.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: emu@ietf.org
Subject: Re: [Emu] Revised sections for Issue #18 (Internationalization)
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/emu>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Sep 2009 13:55:20 -0000

Simon Josefsson wrote:
> Should we suggest that passwords are sent over the wire at all?  In good
> systems that should be the exception.

  It is widely deployed today with TTLS.  I think that allowing this
practice to continue is a requirement.

> 1) Usernames.  Should be sent over the wire as-is, or possibly
> Net-UTF-8.  It is not clear to me that the even the weak NFC part of
> Net-UTF-8 is always a good idea for usernames, you could just send the
> username as-is and require that COMPARISONS are done in a way that
> reduces ambitious.

  Ouch.  I fundamentally disagree.  See RFC 4282, and my attempt to
update it, based on real-world deployment experience:

http://tools.ietf.org/html/draft-dekok-radext-nai-00

  My document explains why it's difficult (i.e. impossible) for third
parties to "normalize" the data.

>  There are some indication that the algorithm of
> comparing two strings for equality is simpler to make robust and
> ambigious-free than an algorithm that normalize strings.

  Yes.  The systems which do end-user input likely have enough
information to normalize the data.  No one else does.  As a result,
everyone else should compare the two strings for equality.  They should
not normalize the strings.

> 2) Passwords sent to servers.  This has similar properties as 1) but
> there could be differences in how they are treated.
> 
> 3) Passwords sent to servers only in hashed form.  This has stricter
> normalization requirements than 1) and 2) -- NFC is most certainly
> needed, and probably something more, similar to SASLprep but preferably
> without some of the problems that SASLprep has.

  I beleive that (2) and (3) are the same case.  For (3), we will end up
checking for:

	hash(p1) == hash(p2)

  For strong hashes, the simplest way to ensure this is true is if:

	p1 == p2

> The problem with normalization early is that you end up with a interop
> problem where both the client and server needs to implement the exact
> same normalization algorithms for things to be robust.  If normalization
> only happens in one implementation, things will be predictable.

  RFC 5198 specifies a normalized form.  If two implementations
"normalize" to the RFC 5198 form differently, one of them is wrong.

  Alan DeKok.

v2.23.0 | Report a Bug | By Email