IETF Logo Mail Archive

[kitten] changing "mapped to nothing" in SASLprep-bis

Peter Saint-Andre <stpeter@stpeter.im> Thu, 13 September 2012 21:25 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D1A421F8618 for <kitten@ietfa.amsl.com>; Thu, 13 Sep 2012 14:25:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.67
X-Spam-Level:
X-Spam-Status: No, score=-102.67 tagged_above=-999 required=5 tests=[AWL=-0.071, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aPJFusKVRWtD for <kitten@ietfa.amsl.com>; Thu, 13 Sep 2012 14:25:09 -0700 (PDT)
Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id 8CDCC21F860E for <kitten@ietf.org>; Thu, 13 Sep 2012 14:25:08 -0700 (PDT)
Received: from [64.101.72.115] (unknown [64.101.72.115]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 9E17B40D96 for <kitten@ietf.org>; Thu, 13 Sep 2012 15:25:54 -0600 (MDT)
Message-ID: <50524F33.5090003@stpeter.im>
Date: Thu, 13 Sep 2012 15:25:07 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:15.0) Gecko/20120907 Thunderbird/15.0.1
MIME-Version: 1.0
To: "kitten@ietf.org" <kitten@ietf.org>
X-Enigmail-Version: 1.4.4
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Subject: [kitten] changing "mapped to nothing" in SASLprep-bis
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Sep 2012 21:25:10 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear SASL experts,

RFC 4013 states that certain Unicode code points that are commonly
mapped to nothing (see Appendix B.1 of RFC 3454) can indeed be so
mapped when preparing passwords (and usernames) in SASLprep.

In working on draft-melnikov-precis-saslprepbis (which is intended to
obsolete RFC 4013), Alexey Melnikov and I have followed the general
approach of the PRECIS framework (and before that IDNA2008) by
specifying that such code points would simply be disallowed. In
Unicode 3.2 there are only 27 code points that are affected by this
rule (e.g., U+00AD = SOFT HYPHEN), and since currently they are mapped
to nothing they would not be stored in an authentication database.
However, users might have included such characters in their usernames
or passwords and thus might expect to input those characters when
providing usernames or passwords for authentication purposes.
Therefore, if we change these code points from "mapped to nothing" to
disallowed, it is possible a small number users might experience an
error when inputting these characters with updated versions of their
software, instead of the smooth operation they experienced in the past.

Alexey and I would like to solicit feedback on this issue from
participants in the KITTEN WG and especially from those who have
implemented and deployed software that uses SASLprep. Please send your
feedback to the kitten@ietf.org list or directly to me and Alexey.

Thanks!

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBSTzMACgkQNL8k5A2w/vzHdACfZ9Pg02SjR/5GdNL37RqEHq7s
6s8An3XkJ9RecPZVFAoiNoVHn9EjRvlw
=h82m
-----END PGP SIGNATURE-----

v2.23.0 | Report a Bug | By Email