Re: [http-auth] UTF-8, usernames, passwords
Yutaka OIWA <y.oiwa@aist.go.jp> Tue, 28 October 2014 06:17 UTC
Return-Path: <y.oiwa@aist.go.jp>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42CFC1A005A for <http-auth@ietfa.amsl.com>; Mon, 27 Oct 2014 23:17:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.679
X-Spam-Level:
X-Spam-Status: No, score=-3.679 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DXYe5OpbYPKj for <http-auth@ietfa.amsl.com>; Mon, 27 Oct 2014 23:17:27 -0700 (PDT)
Received: from na3sys010aog102.obsmtp.com (na3sys010aog102.obsmtp.com [74.125.245.72]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81E4D1A010F for <http-auth@ietf.org>; Mon, 27 Oct 2014 23:17:26 -0700 (PDT)
Received: from mail-vc0-f172.google.com ([209.85.220.172]) (using TLSv1) by na3sys010aob102.postini.com ([74.125.244.12]) with SMTP ID DSNKVE809K+sNJ5ofgOXZqqkKVuTRJcFMmqE@postini.com; Mon, 27 Oct 2014 23:17:26 PDT
Received: by mail-vc0-f172.google.com with SMTP id lf12so3201023vcb.31 for <http-auth@ietf.org>; Mon, 27 Oct 2014 23:17:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aist.go.jp; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=2ApKHoIQAjLTvP59WpqK0YwHRz/Lqzl0+tOQwGGa/EY=; b=jw680ixco5wkNjfe5Eu8GYTA/RnnVwKck/h1l4/QUA9UBWyW/+K4T9bdv7PS/nA/PC fmSiLpOomfiu4pXrwlRYSfPwO22aACkSDL5sjnIyr+YEau8mCvoAm2SDvcvZKM/cGVuq YVrKBD9NvaF13Yxz8jmwMiU+CUjdaEUsRT89k=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=2ApKHoIQAjLTvP59WpqK0YwHRz/Lqzl0+tOQwGGa/EY=; b=I+CSEhBhG1gOrIGqIOZHmVKuS0gCtm4wV9GE/lB7hj98bxab0itP0JfwOvFfUnHkkF kS3kWldOz1eylrn52O13IVKbfX1lEJD0jr45Z0qDM0LMo/URZMpTiBnxr/0ZPHa5Eo9x WtV/nnQvNKm8T1cwJx51JbXQMg2c0RThibSCrv0PVjSJS6opndRb6LB/+En7YHGmUxyt OSj/jhJ4o2FcB/Jf7SLh54SusIfSFEiAXDM3Qm+E/rgrZ13p/vN6O3TlWYfgF15O1No0 hbNz2mXrkJJa18lwMc04f3b3H3jd200nvYjMcZxe/Tqv8bbha9PdXiV77jqxxP0JxcbY qa0g==
X-Gm-Message-State: ALoCoQn3vp206GGKs3Q9mmGExQaKTt3kxbNgQXaseemJW7jUKBuJs5xdLGLmQJEf+q0K2oyhuE7xvVoVASCAGl+Gv2Hifo+7tk6F4hNM5RzPVwTmqJWz3bXeToPkEWl3Wgc9T6TEJA0eQADdgDdFetuEJDF5/qnvng==
X-Received: by 10.52.120.50 with SMTP id kz18mr768522vdb.20.1414477043989; Mon, 27 Oct 2014 23:17:23 -0700 (PDT)
X-Received: by 10.52.120.50 with SMTP id kz18mr768513vdb.20.1414477043839; Mon, 27 Oct 2014 23:17:23 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.220.134.70 with HTTP; Mon, 27 Oct 2014 23:17:03 -0700 (PDT)
In-Reply-To: <544EEB8A.7080903@andyet.net>
References: <544E6EDA.4060608@andyet.net> <CAMeZVwubv8XgX1nWzh-z7FFEyjzJapsKSkMS1LET=h7ua7OQzg@mail.gmail.com> <544EEB8A.7080903@andyet.net>
From: Yutaka OIWA <y.oiwa@aist.go.jp>
Date: Tue, 28 Oct 2014 15:17:03 +0900
Message-ID: <CAMeZVws2i1tg1gkxx+e7jmau5Tm2SL=XsBu=8S4FsRb8XzDdqw@mail.gmail.com>
To: Peter Saint-Andre - &yet <peter@andyet.net>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/http-auth/RTT_yJm8yS-bTlmf2d5zZ9XjCtc
Cc: "http-auth@ietf.org" <http-auth@ietf.org>
Subject: Re: [http-auth] UTF-8, usernames, passwords
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Oct 2014 06:17:30 -0000
> Actually that is allowed by the current rule in saslprepbis: > username = userpart [1*(1*SP userpart)] Yes. I intended that two profile specs are consistent on this. Sorry for possible confusions, and thank you for clarification. 2014-10-28 10:04 GMT+09:00 Peter Saint-Andre - &yet <peter@andyet.net>: > On 10/27/14, 6:52 PM, Yutaka OIWA wrote: >> >> Dear all, >> >> As an author of another PRECIS draft for HTTP authentication >> (http://tools.ietf.org/html/draft-oiwa-precis-httpauthprep-00), >> I personally feel that limiting allowing characters to >> IdentifierClass is feasible and reasonable. >> It includes all "sensible IMO" characters for identifiers, >> is binary compatible with all printable ASCII characters, >> and is character-set compatible with ISO-8859-1 set. >> It will not exclude any printable characters which is currently >> officially allowed in the spec. >> >> We should allow any number of "ASCII SPACE" U+0020 >> between printable characters for backward compatibility, > > > Actually that is allowed by the current rule in saslprepbis: > > username = userpart [1*(1*SP userpart)] > >> and should not forbid any printable ASCII characters >> (except some schema-dependent "forbidden-by-protocol" >> character like colon <:> in basic). >> I strongly believe we should forbid any control characters. >> In both Peter's and my proposals, SPACEs in the >> beginning and the tail of the string is not allowed, >> which can be a target to discuss. >> >> I'm currently trying to seek for possible merger of >> my proposal into saslprepbis, to reduce number of >> profiles to implement. > > > Yes, that is a good goal. > > > Peter > > -- > Peter Saint-Andre > https://andyet.com/
- [http-auth] UTF-8, usernames, passwords Peter Saint-Andre - &yet
- Re: [http-auth] UTF-8, usernames, passwords Yutaka OIWA
- Re: [http-auth] UTF-8, usernames, passwords Peter Saint-Andre - &yet
- Re: [http-auth] UTF-8, usernames, passwords Yutaka OIWA
- Re: [http-auth] UTF-8, usernames, passwords Julian Reschke
- Re: [http-auth] UTF-8, usernames, passwords Peter Saint-Andre - &yet
- Re: [http-auth] UTF-8, usernames, passwords Julian Reschke
- Re: [http-auth] UTF-8, usernames, passwords Peter Saint-Andre - &yet
- Re: [http-auth] UTF-8, usernames, passwords Julian Reschke
- Re: [http-auth] UTF-8, usernames, passwords Peter Saint-Andre - &yet
- Re: [http-auth] UTF-8, usernames, passwords Michael Sweet
- Re: [http-auth] UTF-8, usernames, passwords Peter Saint-Andre - &yet
- Re: [http-auth] UTF-8, usernames, passwords Yutaka OIWA
- Re: [http-auth] UTF-8, usernames, passwords Yutaka OIWA
- Re: [http-auth] UTF-8, usernames, passwords Julian Reschke
- Re: [http-auth] UTF-8, usernames, passwords Julian Reschke
- Re: [http-auth] UTF-8, usernames, passwords Yutaka OIWA
- Re: [http-auth] UTF-8, usernames, passwords Yutaka OIWA
- Re: [http-auth] UTF-8, usernames, passwords Yutaka OIWA
- Re: [http-auth] UTF-8, usernames, passwords Peter Saint-Andre - &yet
- Re: [http-auth] UTF-8, usernames, passwords Julian Reschke
- Re: [http-auth] UTF-8, usernames, passwords Martin J. Dürst
- Re: [http-auth] UTF-8, usernames, passwords Peter Saint-Andre - &yet