[Gen-art] Re: Gen-ART review of: draft-ietf-secsh-gsskeyex-10.txt

>>>>> "Bill" == Bill Sommerfeld <sommerfeld@sun.com> writes:

    Bill> On Sat, 2005-08-27 at 22:52, Black_David@emc.com wrote:
    >> I found one nit that needs attention.  Section 3.2 of the draft
    >> uses UTF-8 for a "user name" string but doesn't say what the
    >> applicable Unicode character usage and normalization
    >> (stringprep) requirements are.  I believe that this problem is
    >> already addressed via use of the SASL stringprep profile in the
    >> SSH-USERAUTH draft, so a sentence pointing out the (obvious)
    >> fact that "user name" is an SSH user name, and hence is subject
    >> to the SSH-USERAUTH draft's requirements on SSH user names,
    >> including appropriate use of stringprep should suffice.

    Bill> This has been a matter of substantial discussion both in
    Bill> secure shell and in sasl.

    Bill> I may be partly mangling fine details of the consensus
    Bill> result, but after sasl came up with a stringprep,
    Bill> significant concerns surfaced which led to a revised
    Bill> approach: username stringprep really belongs on the ssh
    Bill> server side, which makes it purely a local matter between
    Bill> the server and whatever user account database is consulted
    Bill> by the server.

    Bill> The client prepares the username in UTF-8 format without
    Bill> need for any normalization.  The server (which is a client
    Bill> of the notional user account database) applies the
    Bill> stringprep or other canonicalization required to match the
    Bill> encoding conventions of that database.

Well, mostly.  We recommend to server implementers that they do
stringprep and normalization and if they have no better profile to
use, use saslprep.

I think copying the text from the userauth draft would be reasonable.

_______________________________________________
Gen-art mailing list
Gen-art@ietf.org
https://www1.ietf.org/mailman/listinfo/gen-art