Re: [P2PSIP] RELOAD Base issue: stringprep of password
Marc Petit-Huguenin <petithug@acm.org> Wed, 05 December 2012 14:58 UTC
Return-Path: <petithug@acm.org>
X-Original-To: p2psip@ietfa.amsl.com
Delivered-To: p2psip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CFD021F8C14 for <p2psip@ietfa.amsl.com>; Wed, 5 Dec 2012 06:58:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.6
X-Spam-Level:
X-Spam-Status: No, score=-102.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R1-oehykgep0 for <p2psip@ietfa.amsl.com>; Wed, 5 Dec 2012 06:58:25 -0800 (PST)
Received: from implementers.org (implementers.org [IPv6:2604:3400:dc1:41:216:3eff:fe5b:8240]) by ietfa.amsl.com (Postfix) with ESMTP id 3337A21F8C13 for <p2psip@ietf.org>; Wed, 5 Dec 2012 06:58:24 -0800 (PST)
Received: from [IPv6:2601:9:4b80:32:9da0:5002:170d:49cb] (unknown [IPv6:2601:9:4b80:32:9da0:5002:170d:49cb]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client CN "Marc Petit-Huguenin", Issuer "implementers.org" (verified OK)) by implementers.org (Postfix) with ESMTPS id 079B3200D1; Wed, 5 Dec 2012 14:58:22 +0000 (UTC)
Message-ID: <50BF6112.60008@acm.org>
Date: Wed, 05 Dec 2012 06:58:26 -0800
From: Marc Petit-Huguenin <petithug@acm.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.11) Gecko/20121122 Icedove/10.0.11
MIME-Version: 1.0
To: Dean Willis <dean.willis@softarmor.com>
References: <5AF341E0-FFB9-44DA-A9A5-FBF004F5F4E4@softarmor.com> <7FBFACAB-BEC8-471B-8CDB-76E6483F4575@softarmor.com>
In-Reply-To: <7FBFACAB-BEC8-471B-8CDB-76E6483F4575@softarmor.com>
X-Enigmail-Version: 1.4.1
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: Cullen Jennings <fluffy@cisco.com>, p2psip@ietf.org
Subject: Re: [P2PSIP] RELOAD Base issue: stringprep of password
X-BeenThere: p2psip@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/p2psip>
List-Post: <mailto:p2psip@ietf.org>
List-Help: <mailto:p2psip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Dec 2012 14:58:26 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 SASLprep should be mandatory. SASLprep is already mandatory for TURN (through RFC 5389), so it is not a big deal for an implementer to use it also for the enrollment server. On 11/14/2012 11:35 AM, Dean Willis wrote: > Cullen, Ekr and I discussed this today, and Cullen solicited input from > Peter Saint-Andre > > > Peter says: > > As to the charset issue, it seems safest to specify that the charset must > be UTF-8 (we don't want to end up with something like charset=windows-1250 > as in Section 4.5 of RFC 2388). > > As to preparation of usernames and passwords, it seems safest right now to > say that these strings shall be prepared in accordance with SASLprep (RFC > 4013) prior to comparison -- see RFC 4616 for text you could borrow. > > [Eventually, perhaps even relatively soon in "RELOAD years", RFC 4013 will > be obsoleted by draft-melnikov-precis-saslprepbis; however, you might > prefer not to gate RELOAD on output from the PRECIS WG.] > > > > On Nov 9, 2012, at 10:30 AM, Dean Willis wrote: > >> >> AD comment: >> >> Section 11.3: What character set is allowed for passwords? What if >> something is URL escaped - what's going to match? I'm sure you can copy >> from somewhere else, not quite sure what's best though. >> >> >> Since we're doing passwords in a POST form, I don't know that URL >> escaping is an issue. Do we have other stringprep issues? Is there >> something we can crib from elsewhere for this spec? >> - -- Marc Petit-Huguenin Email: marc@petit-huguenin.org Blog: http://blog.marc.petit-huguenin.org Profile: http://www.linkedin.com/in/petithug -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJQv2EJAAoJECnERZXWan7Ex20QAMfEtVjEuLa/5/78bMZVNfCt W70aXrEji++RTlit97gRf088IGU0nT4BLRKOPrbFt5ID02dQ6cF9E2XiNXTWq5Iv zK9nGBWeik/wXF/5ifUgusOQdT12ifzoE5ydsZFmxzpvcqojfdG4px2c873K+x1f bKyNITAhv37L+ozFd78tBuk8s6cHa41PDaOE6h/AM0gDLks+V1NTxzfzcx6C7XSM SDL4VctSmQUQQsnskjzVhEB+Sti7uomh14UEcNSa72aVe4GIEAkUOSJqUkSamQJG VRgxNOKOXfPZ80QUZyVOCKLCDHm6JZb3QIrHZWavDBunAiu6luUvVaCj9xd4RLOp rIgDha+eLfz/MpktWf7Tbju5TJDvmQZe+FZg+5iIMQikkigCqCYNVbrxy/7OfBCs yPmV9BhN3KNKLmuBpaYJTG9QRUzxzLu62riaFPfnfCrcFli5FBeJwiK+mPRYZ/ET cNbTdBojsmX3Pe97lcnpglpTP6z53XRVMH7GRnjlPMmJQTeSnbEGJzfZW3MQFe54 Ls/hjanTkqcZRQm6+NxB0mTxVydQma8Np1s0u3EOsG/YC3WhSDVQ+ov0DFdFkuLm /pv58kWawB3s45EEj7DWJzWS/sV7RUEKMpeqM1rxyex7noF0CK/R7gzjTaTMH93X 98Mg8s2O972VWgU1OQCY =nOOr -----END PGP SIGNATURE-----
- [P2PSIP] RELOAD Base issue: stringprep of password Dean Willis
- Re: [P2PSIP] RELOAD Base issue: stringprep of pas… Dean Willis
- Re: [P2PSIP] RELOAD Base issue: stringprep of pas… Marc Petit-Huguenin
- Re: [P2PSIP] RELOAD Base issue: stringprep of pas… Cullen Jennings (fluffy)
- Re: [P2PSIP] RELOAD Base issue: stringprep of pas… Marc Petit-Huguenin
- Re: [P2PSIP] RELOAD Base issue: stringprep of pas… Cullen Jennings (fluffy)
- Re: [P2PSIP] RELOAD Base issue: stringprep of pas… Dean Willis