Re: [precis] Fwd: I-D Action: draft-blanchet-precis-framework-01.txt
Florian Zeitz <florob@babelmonkeys.de> Sat, 21 May 2011 01:02 UTC
Return-Path: <florob@babelmonkeys.de>
X-Original-To: precis@ietfa.amsl.com
Delivered-To: precis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84C5AE068B for <precis@ietfa.amsl.com>; Fri, 20 May 2011 18:02:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tDc49oJs72l3 for <precis@ietfa.amsl.com>; Fri, 20 May 2011 18:02:50 -0700 (PDT)
Received: from babelmonkeys.de (unknown [IPv6:2a01:4f8:140:9341:a2b3::ab]) by ietfa.amsl.com (Postfix) with ESMTP id C6FEBE0665 for <precis@ietf.org>; Fri, 20 May 2011 18:02:48 -0700 (PDT)
Received: from xdsl-213-196-246-162.netcologne.de ([213.196.246.162] helo=[192.168.0.38]) by babelmonkeys.de with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <florob@babelmonkeys.de>) id 1QNaad-0001O2-3Q for precis@ietf.org; Sat, 21 May 2011 03:02:47 +0200
Message-ID: <4DD70F31.4080308@babelmonkeys.de>
Date: Sat, 21 May 2011 03:02:41 +0200
From: Florian Zeitz <florob@babelmonkeys.de>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110424 Thunderbird/3.1.10
MIME-Version: 1.0
To: precis@ietf.org
References: <4DD2A264.3040001@stpeter.im>
In-Reply-To: <4DD2A264.3040001@stpeter.im>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Subject: Re: [precis] Fwd: I-D Action: draft-blanchet-precis-framework-01.txt
X-BeenThere: precis@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Preparation and Comparison of Internationalized Strings <precis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/precis>, <mailto:precis-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/precis>
List-Post: <mailto:precis@ietf.org>
List-Help: <mailto:precis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/precis>, <mailto:precis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 May 2011 01:02:51 -0000
Am 17.05.2011 18:29, schrieb Peter Saint-Andre:
> This document attempts to incorporate the rough proposal I outlined in
> Prague. It still contains a number of open issues. Feedback is very much
> welcome!
>
> /psa
>
Hy,
this is some feedback based on an initial read-through. It contains both
comments and questions that came to mind during reading.
The questions are largely unfiltered (i.e. answers to them became
somewhat apparent after having read the whole document) in the hope that
this will help identify areas where the text could be improved.
First of all I maintain that "compatibility equivalent" (used in
multiple places) is the wrong term. Unicode 6.0 Chapter 3.7 defines
compatibility equivalent by their full compatibility decompositions
being identical. Compatibility decomposition in turn however is defined
as the result of applying both compatibility mappings and canonical
mappings.
That is different from the definition NFKC(cp) == cp.
I think the proper wording for the category Q is "All compatibility
decomposable characters".
As someone else had mentioned in Prague I too am not sure "Wordything"
is a good expression for passwords. While passwords are words in the
sense of being elements of L((((A|Q)\(L|N|O|P))|K)*) (i.e. The language
described by the regular expression that (hopefully) describes
Wordything) people tend to think of words as "Those things listed in a
dictionary" which is precisely what we don't want people to use as password.
I understand Stringything stems from XMPP's resources.
However the draft describes it as being used for nick-names. It is not
clear to me what the argument for differentiating nick-names and normal
names is. Especially considering both potentially need to be entered by
a end-user.
Having a Valid and a Disallowed rule was quite confusing. Especially
considering that Valid rules contain exceptions from the Disallowed rule
and vice-versa.
Some of the questions that sprung to mind were:
What about code points that are neither matched by the Valid nor the
Disallowed rule? Can that happen?
Is the union of both sets (Valid and Disallowed) the set of all Unicode
code points? Is it guaranteed to stay that way in future Unicode versions?
Also theses rules don't describe behaviour for CONTEXT? code points.
The draft says in a lot of places that directionality, case-mapping and
normalization rules are application specific (At least sections 3,
3.{1,2,3}.{4,5,6} and 4.1). That seams rather redundant.
Maybe that's just me, but if we specify that applications need to
specify how to do normalization I think it might be worthwhile to give
some guidance on when to normalize strings.
The OPEN ISSUE in section 3.2.5 suggests mapping uppercase and titlecase
code points to their lowercase equivalents maximizes entropy. Maybe I'm
just confused, but doesn't that effectively reduce the set of possible
characters and therefore entropy?
Personally I think saying it's NOT RECOMMENDED for application protocols
to perform such mappings is the right thing to do.
Furthermore I think allowing symbols and punctuation is the right thing
to do. In the age of laptops not being able to type your password any
more should be less of a problem.
The Unassigned rule states that not yet assigned code points are to be
considered Unassigned. To me that seems not only trivial, but especially
doesn't appear to be a rule on how to handle unassigned code points at
all...
The fact that code points can only have one derived property appears
strange to me. It makes the algorithm non-deterministic in that it
sometimes sets the derived property to one of three values. I think
allowing multiple derived properties at the same time might be clearer.
Is it expected that people will calculate derived properties themselves,
or look them up in a to be created normative table separate from the
RFC? It seams to me that the former would need a complete Unicode table
and an implementation of a relatively complex algorithm, while the
later is a simple table lookup from a smaller table.
However the former still seems more elegant...
And last and least a remark: IIRC what was agreed on was a inclusive
approach only disallowing certain characters. The pseudo-code however
defaults to DISALLOWED if no class was matched.
That seems right to me, but implies we are still using an approach that
is only allowing certain characters, however it's more flexible and
version agile.
--
Florian Zeitz
> -------- Original Message --------
> Subject: I-D Action: draft-blanchet-precis-framework-01.txt
> Date: Tue, 17 May 2011 09:22:44 -0700
> From: internet-drafts@ietf.org
> Reply-To: internet-drafts@ietf.org
> To: i-d-announce@ietf.org
>
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
>
> Title : PRECIS Framework: Handling Internationalized Strings
> in Protocols
> Author(s) : Marc Blanchet
> Peter Saint-Andre
> Filename : draft-blanchet-precis-framework-01.txt
> Pages : 24
> Date : 2011-05-17
>
> Application protocols that make use of Unicode code points in
> protocol strings need to prepare such strings in order to perform
> comparison operations (e.g., for purposes of authentication or
> authorization). In general, this problem has been labeled the
> "preparation and comparison of internationalized strings" or
> "PRECIS". This document defines a framework that enables
> application
> protocols to prepare various classes of strings in a way that depends
> on the properties of Unicode code points. Because this framework
> does not depend on large tables of Unicode code points as in
> stringprep (RFC 3454), it is more agile with regard to changes in the
> underlying Unicode database and thus provides improved flexibility to
> application protocols. A specification that reuses this framework
> either can directly use the base string classes defined in this
> document or can subclass the base string classes as needed. This
> framework uses an approach similar to that of the revised
> internationalized domain names in applications (IDNA) technology (RFC
> 5890, RFC 5891, RFC 5892, RFC 5893, RFC 5894) and thus adheres to the
> high-level design goals described in RFC 4690, albeit for non-IDNA
> technologies. This document obsoletes RFC 3454.
>
>
> A URL for this Internet-Draft is:
> http://www.ietf.org/internet-drafts/draft-blanchet-precis-framework-01.txt
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
> This Internet-Draft can be retrieved at:
> ftp://ftp.ietf.org/internet-drafts/draft-blanchet-precis-framework-01.txt
> _______________________________________________
> I-D-Announce mailing list
> I-D-Announce@ietf.org
> https://www.ietf.org/mailman/listinfo/i-d-announce
> Internet-Draft directories: http://www.ietf.org/shadow.html
> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
>
>
>
>
> _______________________________________________
> precis mailing list
> precis@ietf.org
> https://www.ietf.org/mailman/listinfo/precis
- [precis] Fwd: I-D Action: draft-blanchet-precis-f… Peter Saint-Andre
- Re: [precis] Fwd: I-D Action: draft-blanchet-prec… Florian Zeitz
- Re: [precis] Fwd: I-D Action: draft-blanchet-prec… Marc Blanchet