IETF Logo Mail Archive

Re: [P2PSIP] RELOAD Base issue: stringprep of password

"Cullen Jennings (fluffy)" <fluffy@cisco.com> Wed, 05 December 2012 15:44 UTC

Return-Path: <fluffy@cisco.com>
X-Original-To: p2psip@ietfa.amsl.com
Delivered-To: p2psip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23F7421F8CC2 for <p2psip@ietfa.amsl.com>; Wed, 5 Dec 2012 07:44:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.449
X-Spam-Level:
X-Spam-Status: No, score=-110.449 tagged_above=-999 required=5 tests=[AWL=0.150, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id np3wG73FpWiJ for <p2psip@ietfa.amsl.com>; Wed, 5 Dec 2012 07:44:32 -0800 (PST)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) by ietfa.amsl.com (Postfix) with ESMTP id 189EE21F8CBF for <p2psip@ietf.org>; Wed, 5 Dec 2012 07:44:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2898; q=dns/txt; s=iport; t=1354722272; x=1355931872; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=C+Ry43VpOKT/XiTNCcLbv20U3UgUV/B1CJr7fWLu3ZU=; b=TiyJgtDUreYX/VVdB/zKMbVOdmJofD2ovemXZcrrfEQd+7YB6bsQHMfS 1zPhhymDLvoiiJDdSdmup+sW94qUYYKIgdHoxQxRgVKpXZDqonfE/kqDg gRAvPfTW+GTn9l9TxUoj4xippL0WAeVAhZ0MJS9eF9V9dfVsh4hLHTW6l A=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av8EAG5rv1CtJXG9/2dsb2JhbABEvisWc4IeAQEBBDo/EAIBCBgKDgYQMiUCBA4FCIgIDMI2jDcLgRGCRGEDlx+PK4JygWw1
X-IronPort-AV: E=McAfee;i="5400,1158,6916"; a="149668205"
Received: from rcdn-core2-2.cisco.com ([173.37.113.189]) by rcdn-iport-5.cisco.com with ESMTP; 05 Dec 2012 15:44:31 +0000
Received: from xhc-aln-x10.cisco.com (xhc-aln-x10.cisco.com [173.36.12.84]) by rcdn-core2-2.cisco.com (8.14.5/8.14.5) with ESMTP id qB5FiVss030941 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 5 Dec 2012 15:44:31 GMT
Received: from xmb-aln-x02.cisco.com ([169.254.5.109]) by xhc-aln-x10.cisco.com ([173.36.12.84]) with mapi id 14.02.0318.001; Wed, 5 Dec 2012 09:44:31 -0600
From: "Cullen Jennings (fluffy)" <fluffy@cisco.com>
To: Marc Petit-Huguenin <petithug@acm.org>
Thread-Topic: [P2PSIP] RELOAD Base issue: stringprep of password
Thread-Index: AQHN0vj5slwmpFKtnUCtd7ui5FfaupgKvXcA
Date: Wed, 05 Dec 2012 15:44:31 +0000
Message-ID: <C5E08FE080ACFD4DAE31E4BDBF944EB11327BBBB@xmb-aln-x02.cisco.com>
References: <5AF341E0-FFB9-44DA-A9A5-FBF004F5F4E4@softarmor.com> <7FBFACAB-BEC8-471B-8CDB-76E6483F4575@softarmor.com> <50BF6112.60008@acm.org>
In-Reply-To: <50BF6112.60008@acm.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.20.249.167]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <ADD616449A37A84E96EFDC8464B55FA1@cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "<p2psip@ietf.org>" <p2psip@ietf.org>, Dean Willis <dean.willis@softarmor.com>
Subject: Re: [P2PSIP] RELOAD Base issue: stringprep of password
X-BeenThere: p2psip@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/p2psip>
List-Post: <mailto:p2psip@ietf.org>
List-Help: <mailto:p2psip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Dec 2012 15:44:34 -0000

no one does it for TURN as far as I can tell and I am strongly against adding this.

On Dec 5, 2012, at 7:58 AM, Marc Petit-Huguenin <petithug@acm.org>
 wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> SASLprep should be mandatory.
> 
> SASLprep is already mandatory for TURN (through RFC 5389), so it is not a big
> deal for an implementer to use it also for the enrollment server.
> 
> On 11/14/2012 11:35 AM, Dean Willis wrote:
>> Cullen, Ekr and I discussed this today, and Cullen solicited input from
>> Peter Saint-Andre
>> 
>> 
>> Peter says:
>> 
>> As to the charset issue, it seems safest to specify that the charset must
>> be UTF-8 (we don't want to end up with something like charset=windows-1250
>> as in Section 4.5 of RFC 2388).
>> 
>> As to preparation of usernames and passwords, it seems safest right now to 
>> say that these strings shall be prepared in accordance with SASLprep (RFC 
>> 4013) prior to comparison -- see RFC 4616 for text you could borrow.
>> 
>> [Eventually, perhaps even relatively soon in "RELOAD years", RFC 4013 will
>> be obsoleted by draft-melnikov-precis-saslprepbis; however, you might
>> prefer not to gate RELOAD on output from the PRECIS WG.]
>> 
>> 
>> 
>> On Nov 9, 2012, at 10:30 AM, Dean Willis wrote:
>> 
>>> 
>>> AD comment:
>>> 
>>> Section 11.3: What character set is allowed for passwords? What if 
>>> something is URL escaped - what's going to match? I'm sure you can copy 
>>> from somewhere else, not quite sure what's best though.
>>> 
>>> 
>>> Since we're doing passwords in a POST form, I don't know that URL
>>> escaping is an issue. Do we have other stringprep issues? Is there
>>> something we can crib from elsewhere for this spec?
>>> 
> 
> - -- 
> Marc Petit-Huguenin
> Email: marc@petit-huguenin.org
> Blog: http://blog.marc.petit-huguenin.org
> Profile: http://www.linkedin.com/in/petithug
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
> 
> iQIcBAEBCAAGBQJQv2EJAAoJECnERZXWan7Ex20QAMfEtVjEuLa/5/78bMZVNfCt
> W70aXrEji++RTlit97gRf088IGU0nT4BLRKOPrbFt5ID02dQ6cF9E2XiNXTWq5Iv
> zK9nGBWeik/wXF/5ifUgusOQdT12ifzoE5ydsZFmxzpvcqojfdG4px2c873K+x1f
> bKyNITAhv37L+ozFd78tBuk8s6cHa41PDaOE6h/AM0gDLks+V1NTxzfzcx6C7XSM
> SDL4VctSmQUQQsnskjzVhEB+Sti7uomh14UEcNSa72aVe4GIEAkUOSJqUkSamQJG
> VRgxNOKOXfPZ80QUZyVOCKLCDHm6JZb3QIrHZWavDBunAiu6luUvVaCj9xd4RLOp
> rIgDha+eLfz/MpktWf7Tbju5TJDvmQZe+FZg+5iIMQikkigCqCYNVbrxy/7OfBCs
> yPmV9BhN3KNKLmuBpaYJTG9QRUzxzLu62riaFPfnfCrcFli5FBeJwiK+mPRYZ/ET
> cNbTdBojsmX3Pe97lcnpglpTP6z53XRVMH7GRnjlPMmJQTeSnbEGJzfZW3MQFe54
> Ls/hjanTkqcZRQm6+NxB0mTxVydQma8Np1s0u3EOsG/YC3WhSDVQ+ov0DFdFkuLm
> /pv58kWawB3s45EEj7DWJzWS/sV7RUEKMpeqM1rxyex7noF0CK/R7gzjTaTMH93X
> 98Mg8s2O972VWgU1OQCY
> =nOOr
> -----END PGP SIGNATURE-----

v2.23.0 | Report a Bug | By Email