Re: [kitten] spaces in SASL user names

Alexey Melnikov <alexey.melnikov@isode.com> Mon, 16 April 2012 10:52 UTC

Return-Path: <alexey.melnikov@isode.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6493721F872E for <kitten@ietfa.amsl.com>; Mon, 16 Apr 2012 03:52:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.802
X-Spam-Level:
X-Spam-Status: No, score=-101.802 tagged_above=-999 required=5 tests=[AWL=-0.422, BAYES_00=-2.599, DATE_IN_PAST_24_48=1.219, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uLllmimlFbh4 for <kitten@ietfa.amsl.com>; Mon, 16 Apr 2012 03:52:56 -0700 (PDT)
Received: from rufus.isode.com (rufus.isode.com [62.3.217.251]) by ietfa.amsl.com (Postfix) with ESMTP id 480A821F8704 for <kitten@ietf.org>; Mon, 16 Apr 2012 03:52:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1334573574; d=isode.com; s=selector; i=@isode.com; bh=1ioushwE1eAAe8VpB6EO4Y37RkXffDY4xhhXW56IJxM=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=FE1IWETeuLig1m2RGBqduIjmL/beD704doPOZU1MNctuv4V1BclJzXNdHtOJKEan8CNtsR GdS4bm6qeEmR+b54W82ieBfwrkVaCOuaoI67Wjx2V6RxLkFPY7Oi6q5oIUxAOc/lRSxoss 68/IZnKnIxlnRnJ+B9t6Z8bsK7wx0Nc=;
Received: from [172.16.1.29] (shiny.isode.com [62.3.217.250]) by rufus.isode.com (submission channel) via TCP with ESMTPSA id <T4v6BgAg212f@rufus.isode.com>; Mon, 16 Apr 2012 11:52:54 +0100
X-SMTP-Protocol-Errors: PIPELINING
Message-ID: <4F89AB89.8050303@isode.com>
Date: Sat, 14 Apr 2012 17:53:29 +0100
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2
To: Peter Saint-Andre <stpeter@stpeter.im>
References: <4F84AAA5.3030104@stpeter.im> <4ED1D634F0E26CDC51B61127@[192.168.15.131]> <4F85C4EE.2020901@stpeter.im>
In-Reply-To: <4F85C4EE.2020901@stpeter.im>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: kitten@ietf.org
Subject: Re: [kitten] spaces in SASL user names
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Apr 2012 10:52:57 -0000

On 11/04/2012 18:52, Peter Saint-Andre wrote:
> On 4/11/12 9:48 AM, Chris Newman wrote:
>> --On April 10, 2012 15:48:21 -0600 Peter Saint-Andre
>> <stpeter@stpeter.im>  wrote: At the PRECIS WG session in Paris, we
>> had quite a discussion about spaces in user names. Alexey
>> maintained that this must have been included in SASLprep (RFC 4013)
>> for a good reason, but the reason wasn't clear to folks in the
>> meeting. So I have a few questions:
>>
>> 1. Do SASL user names really need to include spaces?
>>
>>> Absolutely yes. My correct name is "Chris Newman" (with a space).
>>> A user friendly interface would use my correct name. Protocol
>>> design should never unnecessarily obstruct the creation of user
>>> friendly interfaces.
>> 2. If SASL user names do *not* need to include spaces, would it be
>> fine to re-use the PRECIS NameClass for simple user names in SASL?
>>
>> 3. If SASL user names *do* need to include spaces, would it be fine
>> to define simple user names in SASL as a space-separated list of
>> NameClass entities?
>>
>>> I am opposed to changing to the SASL user name ABNF in the
>>> mechanisms, with RFC 4616 being the simplest example of that
>>> ABNF. Given that constraint, I have little opinion about how
>>> PRECIS is used. So the proposal sounds feasible as long as we're
>>> not making ABNF changes to the underlying protocol.
> The document that Alexey and I are working on will not override the
> ABNF in any given mechanism spec (e.g., RFC 4616). However, we'll
> probably want to look at how this work interacts with existing
> mechanisms (e.g., would we need to update those mechanism specs to use
> the PRECIS approach instead of the stringprep approach?).
Yes. But hopefully several SASL mechanisms can be updated by a single 
document.