Re: [http-auth] Unicode normalization, was: Draft Minutes Posted for IETF 87 HTTP-AUTH Session

Yes, I think it is best to define a separate profile for HTTPAUTH (based 
on various conversations at the last IETF meeting). I will try to review 
your document again very soon.

Peter

On 2/3/14, 5:18 PM, Yutaka OIWA wrote:
> Dear Julian and Peter (added),
>
> how about the things ongoing about handling of
> HTTP-AUTH normalization in context of PRECIS?
>
> I proposed general-purpose HTTP-AUTH normalization
> profile to PRECIS WG (just because I need it :-),
> and they considered merging it with new SASLPREPbis.
> My current draft is
> http://tools.ietf.org/html/draft-oiwa-precis-httpauthprep-00 .
> SASLPREPbis is in WG pool as
> http://tools.ietf.org/html/draft-ietf-precis-saslprepbis-06 .
>
> I am awaiting actions for whether the merging
> will actually happen or not.
> In my understanding, removing of SASL-dependent
> natures (e.g. that in Username grammer) from current
> saslprepbis is not going forward yet, and current
> SASLPREPbis is, at least personally, not applicable
> for any HTTP auth schemes except SASL-backed ones.
> For clarify, SASLPREPbis is really good, and the differences
> are not large but critical.
>
> I think there is several possible directions for us to go:
>
> 1) Go merging: push forward to make saslprepbis a
>      general-purpose precis profile by separating
>      still-remaining SASL-only features.
>      IMO, in this case we may need two separate
>      application notes documents for SASL and HTTP-AUTH.
>
> 2) Go separate: discuss HTTPAUTH in context of
>      PRECIS separately from SASLPREP.
>      I believe that my draft will give us a good starting point,
>      as my best effort.
>
> 3) for Julian, one possible best current cheating, if you
>      can't wait PRECIS WG, might be just specify NFC as a
>      canonical form.  Both SASLPREP and HTTPAUTHprep
>      (and many other PRECIS profiles) are NFC based,
>      so it will not likely harm future development of proper
>      PRECIS-based "preparation" (including normalization).
>
> Also, I would be happy if Julian (as talked in Vancouver)
> and other people in HTTPAUTH WG and PRECIS WG
> could give us a feedback on my proposal from the
> both WG's points of view.
>
> 2014-02-04 Julian Reschke <julian.reschke@gmx.de>:
>> On 2013-10-05 11:01, Julian Reschke wrote:
>>>
>>> On 2013-09-12 12:35, Julian Reschke wrote:
>>>>
>>>> On 2013-08-21 21:22, Matthew Lepinski wrote:
>>>>>
>>>>> Draft minutes for the HTTP-AUTH session have been posted.
>>>>>
>>>>> They can be found at:
>>>>> http://www.ietf.org/proceedings/87/minutes/minutes-87-httpauth
>>>>>
>>>>> If you notice any omissions or other errors in the minutes, please let
>>>>> us know.
>>>>> ...
>>>>
>>>>
>>>> OK, the minutes mention:
>>>>
>>>> "Unicode Normalization : Getting from what is typed in to Unicode code
>>>> points will require discussion"
>>>>
>>>> So how do we proceed from here? Any concrete proposals for what to say?
>>>
>>>
>>> It seems we don't know what to say then, right?
>>>
>>> How about: "Beware that differing Unicode normalization forms can cause
>>> interoperability problems. See [http://unicode.org/reports/tr15/]."?
>>>
>>>
>>> Best regards, Julian
>>
>>
>> So, does anybody have a good plan how to approach the normalization problem?
>>
>> Otherwise we'll just have to state that there are dragons out there, and
>> that we don't know the solution...
>>
>>
>> Best regards, Julian
>>
>> _______________________________________________
>> http-auth mailing list
>> http-auth@ietf.org
>> https://www.ietf.org/mailman/listinfo/http-auth
>
>
>

-- 
Peter Saint-Andre
https://stpeter.im/