Re: [P2PSIP] RELOAD Base issue: stringprep of password
"Cullen Jennings (fluffy)" <fluffy@cisco.com> Wed, 05 December 2012 18:11 UTC
Return-Path: <fluffy@cisco.com>
X-Original-To: p2psip@ietfa.amsl.com
Delivered-To: p2psip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7CF021F8BA9 for <p2psip@ietfa.amsl.com>; Wed, 5 Dec 2012 10:11:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.599
X-Spam-Level:
X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UPPte1zw723z for <p2psip@ietfa.amsl.com>; Wed, 5 Dec 2012 10:11:10 -0800 (PST)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) by ietfa.amsl.com (Postfix) with ESMTP id 515FF21F8BA6 for <p2psip@ietf.org>; Wed, 5 Dec 2012 10:11:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4053; q=dns/txt; s=iport; t=1354731070; x=1355940670; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=or9OkkTit8iiY+1vn/EIWsZ7SI5EjYrMSxlJJuByFPg=; b=gKE6OsPm3W6zK+GegeO3UFXwFcvJs9HVE1tQXqPcVsE/fFoxnfQk3VxW PlA5LMdogok/oQL1ISRT6wrlvIL8SZvZbC7Q6wI2DyFSnxf65tUxY2he9 sDHeES9O+yc1GKnh3KIyFs6HRKoi55Qu3v+L1E/a5uKQ6mVoVZLl58L0r g=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av8EALaNv1CtJV2a/2dsb2JhbABEviQWc4IeAQEBBAEBATc0CxACAQgYCg4GECcLJQIEDgUIiAgMwlOMNwuBEYJEYQOXH48rgnKBbDU
X-IronPort-AV: E=McAfee;i="5400,1158,6917"; a="149774643"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-3.cisco.com with ESMTP; 05 Dec 2012 18:11:09 +0000
Received: from xhc-rcd-x09.cisco.com (xhc-rcd-x09.cisco.com [173.37.183.83]) by rcdn-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id qB5IB9St005540 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 5 Dec 2012 18:11:09 GMT
Received: from xmb-aln-x02.cisco.com ([169.254.5.109]) by xhc-rcd-x09.cisco.com ([173.37.183.83]) with mapi id 14.02.0318.001; Wed, 5 Dec 2012 12:11:09 -0600
From: "Cullen Jennings (fluffy)" <fluffy@cisco.com>
To: Marc Petit-Huguenin <petithug@acm.org>
Thread-Topic: [P2PSIP] RELOAD Base issue: stringprep of password
Thread-Index: AQHN0xPmHYjnPEX4CEGfyLCkvv5VEQ==
Date: Wed, 05 Dec 2012 18:11:09 +0000
Message-ID: <C5E08FE080ACFD4DAE31E4BDBF944EB11327CD1F@xmb-aln-x02.cisco.com>
References: <5AF341E0-FFB9-44DA-A9A5-FBF004F5F4E4@softarmor.com> <7FBFACAB-BEC8-471B-8CDB-76E6483F4575@softarmor.com> <50BF6112.60008@acm.org> <C5E08FE080ACFD4DAE31E4BDBF944EB11327BBBB@xmb-aln-x02.cisco.com> <50BF7442.4010103@acm.org>
In-Reply-To: <50BF7442.4010103@acm.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.20.249.167]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <14B09BE5236EF14AB976E7BB9446ED02@cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "<p2psip@ietf.org>" <p2psip@ietf.org>, Dean Willis <dean.willis@softarmor.com>
Subject: Re: [P2PSIP] RELOAD Base issue: stringprep of password
X-BeenThere: p2psip@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/p2psip>
List-Post: <mailto:p2psip@ietf.org>
List-Help: <mailto:p2psip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Dec 2012 18:11:12 -0000
SASLprep is based on a 10 year old version of unicode and does not provide a reasonable forward compatible way to update the mapping tables for embedded devices. I'd rather not tie ourselves to an absolute version of Unicode. I'd rather not give people the false idea that unicode passwords were going to reliably work across implement ions because that seems pretty unlikely. Obviously there is ongoing work to fix this but the base protocol is a place were for now we can just use characters that are not a problem. On Dec 5, 2012, at 9:20 AM, Marc Petit-Huguenin <petithug@acm.org> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 12/05/2012 07:44 AM, Cullen Jennings (fluffy) wrote: >> >> no one does it for TURN as far as I can tell and I am strongly against >> adding this. > > The implementation I wrote during the development of TURN - AFAIK still > in use at 8x8 - implements SASLprep. As is the one I developed after this. > >> >> On Dec 5, 2012, at 7:58 AM, Marc Petit-Huguenin <petithug@acm.org> wrote: >> >> SASLprep should be mandatory. >> >> SASLprep is already mandatory for TURN (through RFC 5389), so it is not a >> big deal for an implementer to use it also for the enrollment server. >> >> On 11/14/2012 11:35 AM, Dean Willis wrote: >>>>> Cullen, Ekr and I discussed this today, and Cullen solicited input >>>>> from Peter Saint-Andre >>>>> >>>>> >>>>> Peter says: >>>>> >>>>> As to the charset issue, it seems safest to specify that the charset >>>>> must be UTF-8 (we don't want to end up with something like >>>>> charset=windows-1250 as in Section 4.5 of RFC 2388). >>>>> >>>>> As to preparation of usernames and passwords, it seems safest right >>>>> now to say that these strings shall be prepared in accordance with >>>>> SASLprep (RFC 4013) prior to comparison -- see RFC 4616 for text you >>>>> could borrow. >>>>> >>>>> [Eventually, perhaps even relatively soon in "RELOAD years", RFC >>>>> 4013 will be obsoleted by draft-melnikov-precis-saslprepbis; however, >>>>> you might prefer not to gate RELOAD on output from the PRECIS WG.] >>>>> >>>>> >>>>> >>>>> On Nov 9, 2012, at 10:30 AM, Dean Willis wrote: >>>>> >>>>>> >>>>>> AD comment: >>>>>> >>>>>> Section 11.3: What character set is allowed for passwords? What if >>>>>> something is URL escaped - what's going to match? I'm sure you can >>>>>> copy from somewhere else, not quite sure what's best though. >>>>>> >>>>>> >>>>>> Since we're doing passwords in a POST form, I don't know that URL >>>>>> escaping is an issue. Do we have other stringprep issues? Is there >>>>>> something we can crib from elsewhere for this spec? >>>>>> >> >> > > - -- > Marc Petit-Huguenin > Email: marc@petit-huguenin.org > Blog: http://blog.marc.petit-huguenin.org > Profile: http://www.linkedin.com/in/petithug > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.12 (GNU/Linux) > > iQIcBAEBCAAGBQJQv3RAAAoJECnERZXWan7EU4UQAIJopVNbJu7u3wQccUmIf3fP > SnhC25bHNzE7rwANQjIcmy/dqKZMbvaqbaBa5MHeniHD6/V+tUMUg72mgfOI6LYz > rmju/+bBENi+AkIm3EOzxN2yrGccJLW3XqNIVL4tDTItAWnwrrjPIkAfEOCmHmJR > B16V41JYqNcC7NEUYDmh9B7GeIAHKoBzRfi0wOHQhtmh7MrhhszCP3aS1DgAVRWS > 7uOtSTTVZQI/GAFAm2wPUIYX52/yfyKJY9p5+mJuxCzaEB/k3ABwB9f81AVtIYTw > lY+3FQW+lnR+W8HtGdoBzdNAOeayRfHAkOEvvTe2eDz0hD7nppvn3psii+5bpOAq > o6NRxlz9bXOITZOTSh/NE6LCO7rDam/n3ufbmuxOa453E4bn91zSe7NoLNKU+6pG > Dj31aRVoNnRxgEdMuZ2rYgVBXntuB2GRYw0h8F9vXWhl8YO0NmYmCUTB6AFjJq4f > YGE+CBMKEKDBH3QDlQuejDM/FHRYprC5lvIfkbIP2CfClRNNeVRCmxxns0uZbUbj > mBn3pbZQmi9ZIZF8lMzTYk4ZwIb61BkU8k4OA7swkcXUAtFMKFkA2MOkelFUrlBw > 1vwTaHdzFT0uG7H/GszPgj5RT4n4bSazuPj1yAwg8TXcoy2tikSPkYU3mnS50MPA > EY17KAKZx8k5GeJSMYs+ > =jUqV > -----END PGP SIGNATURE----- > _______________________________________________ > P2PSIP mailing list > P2PSIP@ietf.org > https://www.ietf.org/mailman/listinfo/p2psip
- [P2PSIP] RELOAD Base issue: stringprep of password Dean Willis
- Re: [P2PSIP] RELOAD Base issue: stringprep of pas… Dean Willis
- Re: [P2PSIP] RELOAD Base issue: stringprep of pas… Marc Petit-Huguenin
- Re: [P2PSIP] RELOAD Base issue: stringprep of pas… Cullen Jennings (fluffy)
- Re: [P2PSIP] RELOAD Base issue: stringprep of pas… Marc Petit-Huguenin
- Re: [P2PSIP] RELOAD Base issue: stringprep of pas… Cullen Jennings (fluffy)
- Re: [P2PSIP] RELOAD Base issue: stringprep of pas… Dean Willis