Re: [http-auth] UTF-8, usernames, passwords
Peter Saint-Andre - &yet <peter@andyet.net> Tue, 28 October 2014 01:05 UTC
Return-Path: <peter@andyet.net>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA9211A87EA for <http-auth@ietfa.amsl.com>; Mon, 27 Oct 2014 18:05:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s8jsQO3lN0QE for <http-auth@ietfa.amsl.com>; Mon, 27 Oct 2014 18:05:20 -0700 (PDT)
Received: from mail-ie0-f169.google.com (mail-ie0-f169.google.com [209.85.223.169]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 163C31A87D1 for <http-auth@ietf.org>; Mon, 27 Oct 2014 18:05:19 -0700 (PDT)
Received: by mail-ie0-f169.google.com with SMTP id tr6so5601908ieb.14 for <http-auth@ietf.org>; Mon, 27 Oct 2014 18:05:19 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=8rDfty/75eb2yraKLbeB+z18Ktnc+11CRIxbR6a+k7A=; b=mlYlwW1Lfbfhy9pyEAexX0xojajWOq/0+d0Fw+/c8VA0dJ7LA4TCzZr8E5YTFONFGK /9Sx8Nd2acN6HC6WoPkAzD247MhQkNtG33lie2/+MENy5KQqn73Ve2C8xWeBBttbkTwv 95fWiJUTBSrQARDZHz6w7KI7wG+rwQ7mB9I7U50ncZYiFLyLts2zc4PsLZhRjN6n4GXn AUq/fv62NSXJ37o86fUnccEknUj/wKxFiMfIDM7aruCE1KaJprkthbJH9TvQpkGLZroY oOek5XBn6kQ6IlkKO9K20jhModbjTRT9RTXlOEUf3uSrYCFz44ueUGLbYvKMagXYR8lP nBDQ==
X-Gm-Message-State: ALoCoQkvtmTTR4/ooJnQNbl5fkDMfggZUlbcUFxfzJHogAej3aGVPhlMnU2BSPA1PIkL7Qrmh2oe
X-Received: by 10.107.7.203 with SMTP id g72mr179223ioi.91.1414458319234; Mon, 27 Oct 2014 18:05:19 -0700 (PDT)
Received: from aither.local (c-73-34-202-214.hsd1.co.comcast.net. [73.34.202.214]) by mx.google.com with ESMTPSA id j2sm30679ioj.6.2014.10.27.18.05.18 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 27 Oct 2014 18:05:18 -0700 (PDT)
Message-ID: <544EEB8A.7080903@andyet.net>
Date: Mon, 27 Oct 2014 19:04:10 -0600
From: Peter Saint-Andre - &yet <peter@andyet.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Yutaka OIWA <y.oiwa@aist.go.jp>
References: <544E6EDA.4060608@andyet.net> <CAMeZVwubv8XgX1nWzh-z7FFEyjzJapsKSkMS1LET=h7ua7OQzg@mail.gmail.com>
In-Reply-To: <CAMeZVwubv8XgX1nWzh-z7FFEyjzJapsKSkMS1LET=h7ua7OQzg@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/http-auth/vFk_v-sTAjaCmhrihdQZhokClFQ
Cc: "http-auth@ietf.org" <http-auth@ietf.org>
Subject: Re: [http-auth] UTF-8, usernames, passwords
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Oct 2014 01:05:22 -0000
On 10/27/14, 6:52 PM, Yutaka OIWA wrote: > Dear all, > > As an author of another PRECIS draft for HTTP authentication > (http://tools.ietf.org/html/draft-oiwa-precis-httpauthprep-00), > I personally feel that limiting allowing characters to > IdentifierClass is feasible and reasonable. > It includes all "sensible IMO" characters for identifiers, > is binary compatible with all printable ASCII characters, > and is character-set compatible with ISO-8859-1 set. > It will not exclude any printable characters which is currently > officially allowed in the spec. > > We should allow any number of "ASCII SPACE" U+0020 > between printable characters for backward compatibility, Actually that is allowed by the current rule in saslprepbis: username = userpart [1*(1*SP userpart)] > and should not forbid any printable ASCII characters > (except some schema-dependent "forbidden-by-protocol" > character like colon <:> in basic). > I strongly believe we should forbid any control characters. > In both Peter's and my proposals, SPACEs in the > beginning and the tail of the string is not allowed, > which can be a target to discuss. > > I'm currently trying to seek for possible merger of > my proposal into saslprepbis, to reduce number of > profiles to implement. Yes, that is a good goal. Peter -- Peter Saint-Andre https://andyet.com/
- [http-auth] UTF-8, usernames, passwords Peter Saint-Andre - &yet
- Re: [http-auth] UTF-8, usernames, passwords Yutaka OIWA
- Re: [http-auth] UTF-8, usernames, passwords Peter Saint-Andre - &yet
- Re: [http-auth] UTF-8, usernames, passwords Yutaka OIWA
- Re: [http-auth] UTF-8, usernames, passwords Julian Reschke
- Re: [http-auth] UTF-8, usernames, passwords Peter Saint-Andre - &yet
- Re: [http-auth] UTF-8, usernames, passwords Julian Reschke
- Re: [http-auth] UTF-8, usernames, passwords Peter Saint-Andre - &yet
- Re: [http-auth] UTF-8, usernames, passwords Julian Reschke
- Re: [http-auth] UTF-8, usernames, passwords Peter Saint-Andre - &yet
- Re: [http-auth] UTF-8, usernames, passwords Michael Sweet
- Re: [http-auth] UTF-8, usernames, passwords Peter Saint-Andre - &yet
- Re: [http-auth] UTF-8, usernames, passwords Yutaka OIWA
- Re: [http-auth] UTF-8, usernames, passwords Yutaka OIWA
- Re: [http-auth] UTF-8, usernames, passwords Julian Reschke
- Re: [http-auth] UTF-8, usernames, passwords Julian Reschke
- Re: [http-auth] UTF-8, usernames, passwords Yutaka OIWA
- Re: [http-auth] UTF-8, usernames, passwords Yutaka OIWA
- Re: [http-auth] UTF-8, usernames, passwords Yutaka OIWA
- Re: [http-auth] UTF-8, usernames, passwords Peter Saint-Andre - &yet
- Re: [http-auth] UTF-8, usernames, passwords Julian Reschke
- Re: [http-auth] UTF-8, usernames, passwords Martin J. Dürst
- Re: [http-auth] UTF-8, usernames, passwords Peter Saint-Andre - &yet