Re: [EAI] AD review of draft-ietf-eai-pop-06
Alexey Melnikov <alexey.melnikov@isode.com> Sun, 19 July 2009 19:46 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: ima@core3.amsl.com
Delivered-To: ima@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6D96F28C121 for <ima@core3.amsl.com>; Sun, 19 Jul 2009 12:46:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.191
X-Spam-Level:
X-Spam-Status: No, score=-2.191 tagged_above=-999 required=5 tests=[AWL=0.408, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8C5hJQcEIyWe for <ima@core3.amsl.com>; Sun, 19 Jul 2009 12:46:28 -0700 (PDT)
Received: from rufus.isode.com (rufus.isode.com [62.3.217.251]) by core3.amsl.com (Postfix) with ESMTP id 48A663A6858 for <ima@ietf.org>; Sun, 19 Jul 2009 12:46:28 -0700 (PDT)
Received: from [92.40.25.192] (92.40.25.192.sub.mbb.three.co.uk [92.40.25.192]) by rufus.isode.com (submission channel) via TCP with ESMTPA id <SmN4EgAe-V8m@rufus.isode.com>; Sun, 19 Jul 2009 20:46:27 +0100
Message-ID: <4A6377ED.4010101@isode.com>
Date: Sun, 19 Jul 2009 20:45:49 +0100
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915
X-Accept-Language: en-us, en
To: EAI WG <ima@ietf.org>
References: <4A5B2FBA.9080908@alvestrand.no> <4A622ED5.2050602@isode.com>
In-Reply-To: <4A622ED5.2050602@isode.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [EAI] AD review of draft-ietf-eai-pop-06
X-BeenThere: ima@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "EAI \(Email Address Internationalization\)" <ima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ima>, <mailto:ima-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ima>
List-Post: <mailto:ima@ietf.org>
List-Help: <mailto:ima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ima>, <mailto:ima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Jul 2009 19:46:29 -0000
After further discussion of this document with Kurt Zeilenga: Alexey Melnikov wrote: >> 3.2. USER Argument to UTF8 Capability >> >> If the USER argument is included with this capability, it indicates >> that the server accepts UTF-8 user names and passwords and applies >> SASLprep [RFC4013] to the arguments of the AUTH, USER, PASS and APOP >> commands. A client that supports APOP and permits UTF-8 in user >> names or passwords MUST also implement SASLprep [RFC4013] on the user >> name and password used to compute the APOP digest. > > I think the last sentence should read: > > A client that supports APOP and permits UTF-8 in user > names or passwords MUST apply SASLprep [RFC4013] to the user > name and password used to compute the APOP digest. > > Also, the document is missing a statement about what should be done > about Unicode characters disallowed by SASLPrep. > So, I would recommend adding the following sentence: > > The server MUST reject UTF-8 user names/password which fails to comply > with the formal syntax in RFC 3629 [RFC3629] or if it encounters a > Unicode > characters listed in section 2.3 of RFC 4013 [RFC4013]. Kurt said that SASLPrep is a MUST for both clients and servers implementing APOP. For USER/PASS, he suggested that SASLPrep is a SHOULD on the server side only (this matches SASL PLAIN mechanism). >> The client does not need to issue the UTF8 command prior to using >> UTF8 in authentication. However, clients MUST NOT use UTF8 in USER, >> PASS, or APOP commands unless the USER argument is included with the >> UTF8 capability. >> >> Use of UTF8 in the AUTH command is governed by the SASL mechanism. > > Should this have an Informative reference to RFC 4422? > > As a side note: UTF-8 was always allowed in AUTH command, as support > for it is required by SASL. Please delete any references to UTF8 updating how AUTH command behave (this affects both sections 3 and 3.2). Each SASL mechanism describes how username and passwords (if any) are encoded, so the current text in EAI-POP3 can be read as conflicting with this.
- [EAI] WG LAST CALL for draft-ietf-eai-pop-06 Harald Tveit Alvestrand
- [EAI] AD review of draft-ietf-eai-pop-06 Alexey Melnikov
- Re: [EAI] AD review of draft-ietf-eai-pop-06 Alexey Melnikov
- Re: [EAI] AD review of draft-ietf-eai-pop-06 Barry Leiba
- Re: [EAI] AD review of draft-ietf-eai-pop-06 Alexey Melnikov
- Re: [EAI] AD review of draft-ietf-eai-pop-06 Randall Gellens
- Re: [EAI] AD review of draft-ietf-eai-pop-06 Randall Gellens
- Re: [EAI] AD review of draft-ietf-eai-pop-06 Randall Gellens
- Re: [EAI] AD review of draft-ietf-eai-pop-06 Randall Gellens
- Re: [EAI] AD review of draft-ietf-eai-pop-06 Alexey Melnikov
- Re: [EAI] AD review of draft-ietf-eai-pop-06 Alexey Melnikov
- Re: [EAI] AD review of draft-ietf-eai-pop-06 Randall Gellens
- Re: [EAI] AD review of draft-ietf-eai-pop-06 Randall Gellens
- Re: [EAI] AD review of draft-ietf-eai-pop-06 Alexey Melnikov
- Re: [EAI] AD review of draft-ietf-eai-pop-06 Randall Gellens