Protocol Action: 'Preparation, Enforcement, and Comparison of Internationalized Strings Representing Usernames and Passwords' to Proposed Standard (draft-ietf-precis-saslprepbis-18.txt)
The IESG <iesg-secretary@ietf.org> Mon, 01 June 2015 18:22 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ietf-announce@ietfa.amsl.com
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0ECEB1B30AA; Mon, 1 Jun 2015 11:22:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level:
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S-R_cMtiXSlP; Mon, 1 Jun 2015 11:22:20 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 41FA21B30BC; Mon, 1 Jun 2015 11:22:03 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: Protocol Action: 'Preparation, Enforcement, and Comparison of Internationalized Strings Representing Usernames and Passwords' to Proposed Standard (draft-ietf-precis-saslprepbis-18.txt)
X-Test-IDTracker: no
X-IETF-IDTracker: 6.0.3.p1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20150601182203.14097.82911.idtracker@ietfa.amsl.com>
Date: Mon, 01 Jun 2015 11:22:03 -0700
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf-announce/eNO4783O8d9OPSFyy3KJXr1lHAs>
Cc: precis chair <precis-chairs@tools.ietf.org>, precis mailing list <precis@ietf.org>, RFC Editor <rfc-editor@rfc-editor.org>
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.15
Reply-To: ietf@ietf.org
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-announce/>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Jun 2015 18:22:22 -0000
The IESG has approved the following document: - 'Preparation, Enforcement, and Comparison of Internationalized Strings Representing Usernames and Passwords' (draft-ietf-precis-saslprepbis-18.txt) as Proposed Standard This document is the product of the Preparation and Comparison of Internationalized Strings Working Group. The IESG contact persons are Ben Campbell, Barry Leiba and Alissa Cooper. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-precis-saslprepbis/ Technical Summary This document describes methods for handling internationalized usernames and passwords. It provides for a more sustainable approach than SASLprep (RFC 4013) by leveraging the PRECIS framework; this includes better adaptability to future versions of Unicode. While oriented toward SASL authentication schemes, the methods in this document can be applied to other schemes, such as HTTP-based authentication. Review and Consensus This document received wide review, including input from individuals in the KITTEN and HTTP-AUTH Working Groups, and spanned at least two Working Group Last Calls. The consensus in the PRECIS Working Group is to publish this document. One of the major points of concern was how to handle case mapping in usernames. In some protocols the case is significant, others it is not. To address this concern, the consensus was to define two profiles for usernames that protocols and applications are expected to choose exactly one of: UsernameCaseMapped for when case is not significant, and UsernameCasePreserved for when case is significant. The other major point of concern was how to deal with changes to the Unicode specifications (e.g., draft-klensin-idna-5892upd-unicode70). This concern is not specific to this document -- or even to the PRECIS Working Group -- but is relevant to all IETF technologies dealing with internationalized text (e.g., IDNA2008 and PRECIS). The issues are complex and the IETF has not yet developed mitigations. The rough consensus of the Working Group was to proceed with the PRECIS work as it stands since it is considered a significant improvement over the Stringprep-based approach, and to address these issues more comprehensively once future mitigations have been developed. Personnel Matthew Miller is the document shepherd, and Barry Leiba is the responsible AD.