IETF Logo Mail Archive

Re: [idn] stringprep: PRI #29

Erik van der Poel <erik@vanderpoel.org> Sun, 20 March 2005 06:06 UTC

Received: from psg.com (mailnull@psg.com [147.28.0.62]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA27109 for <idn-archive@lists.ietf.org>; Sun, 20 Mar 2005 01:06:50 -0500 (EST)
Received: from majordom by psg.com with local (Exim 4.44 (FreeBSD)) id 1DCtWd-0001v7-R3 for idn-data@psg.com; Sun, 20 Mar 2005 06:02:59 +0000
Received: from [207.115.63.101] (helo=pimout2-ext.prodigy.net) by psg.com with esmtp (Exim 4.44 (FreeBSD)) id 1DCtWc-0001ue-Mg for idn@ops.ietf.org; Sun, 20 Mar 2005 06:02:58 +0000
Received: from [10.1.1.2] (adsl-64-174-147-206.dsl.sntc01.pacbell.net [64.174.147.206]) by pimout2-ext.prodigy.net (8.12.10 milter /8.12.10) with ESMTP id j2K62kMW441196; Sun, 20 Mar 2005 01:02:54 -0500
Message-ID: <423D1206.8020501@vanderpoel.org>
Date: Sat, 19 Mar 2005 22:02:46 -0800
From: Erik van der Poel <erik@vanderpoel.org>
User-Agent: Mozilla Thunderbird 1.0 (X11/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Simon Josefsson <jas@extundo.com>
CC: idn@ops.ietf.org
Subject: Re: [idn] stringprep: PRI #29
References: <42322CE2.4040509@vanderpoel.org> <4232B2FD.1080104@vanderpoel.org> <4232BA56.5090001@vanderpoel.org> <iluk6odazwb.fsf@latte.josefsson.org> <00e801c528a8$99ad37d0$72703009@sanjose.ibm.com> <ilull8qb5n5.fsf@latte.josefsson.org> <42367B63.6080300@vanderpoel.org> <4237450A.9010901@v.loewis.de> <423754F3.50405@vanderpoel.org> <ilumzt47ezc.fsf@latte.josefsson.org> <20050316091126.GA24254~@nicemice.net> <iluzmx36h6t.fsf@latte.josefsson.org> <423CD9DC.5080401@vanderpoel.org>
In-Reply-To: <423CD9DC.5080401@vanderpoel.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on psg.com
X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.0.1
Sender: owner-idn@ops.ietf.org
Precedence: bulk
Content-Transfer-Encoding: 7bit

> Keep in mind that Unicode may add new characters 
> in the future that may also be affected.

New characters are not recognized by old implementations, so they are 
less relevant. Sorry about that part. This relatively small mistake in 
my email should not diminish the overall argument, however.

>> Both Kerberos and SASL appears to be going to
>> use the old StringPrep as well, so we will be seeing security critical
>> infrastructure based on the old interpretation.

SASLprep is for user names and passwords. People sometimes put strange 
character sequences into passwords to make them harder to guess, but I 
don't know if apps make it easy to enter the strange sequences affected 
by PRI #29. Just a thought -- not particularly important.

Erik

v2.23.0 | Report a Bug | By Email