IETF Logo Mail Archive

Re: [precis] usernames in PRECIS and http-auth

Yutaka OIWA <y.oiwa@aist.go.jp> Thu, 13 March 2014 00:54 UTC

Return-Path: <y.oiwa@aist.go.jp>
X-Original-To: precis@ietfa.amsl.com
Delivered-To: precis@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38E5A1A07CC for <precis@ietfa.amsl.com>; Wed, 12 Mar 2014 17:54:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.078
X-Spam-Level:
X-Spam-Status: No, score=-3.078 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, J_CHICKENPOX_37=0.6, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IbQVGnuv-UoH for <precis@ietfa.amsl.com>; Wed, 12 Mar 2014 17:54:36 -0700 (PDT)
Received: from na3sys010aog104.obsmtp.com (na3sys010aog104.obsmtp.com [74.125.245.76]) by ietfa.amsl.com (Postfix) with ESMTP id 707AD1A07C7 for <precis@ietf.org>; Wed, 12 Mar 2014 17:54:36 -0700 (PDT)
Received: from mail-ve0-f176.google.com ([209.85.128.176]) (using TLSv1) by na3sys010aob104.postini.com ([74.125.244.12]) with SMTP ID DSNKUyEBxiTkgrm5W9oX4/Axfh9WLXdmFF3g@postini.com; Wed, 12 Mar 2014 17:54:30 PDT
Received: by mail-ve0-f176.google.com with SMTP id cz12so325731veb.21 for <precis@ietf.org>; Wed, 12 Mar 2014 17:54:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aist.go.jp; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=vEaZa7pQI2xIAKsWX4o9Uq0FuQeTbS+MybIPdK6ql8E=; b=WNBPMBGQN2Zbye5nH55zhB/5cZVIgBPWfMElUUWV2s2nFqVExzzf91SpbQy7yAQtN3 Q9m/jq4PmyrxXUcTsGEugMj7XznvHnCmj7rdKHc3u1rQT731EdUGMZGL76i2LxCzx1jW 6PI0/BaYbsmTeRO8sDY2rfNtXfJakwWZnB9kI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=vEaZa7pQI2xIAKsWX4o9Uq0FuQeTbS+MybIPdK6ql8E=; b=WprAL8J0Z8QBmxkMM5oKioXSz8osoyx8jqiBFYNDWnIaFbEhhsPKbrnbAV00ZuF3tY 9KNzr1CqmXo6e1TRsJBZ/cTJ98vspn8Z/uA4XhwCA6p1BGp5fjqYo4MaL6i7U6xr1tYW l4xptxZ+7mPBtvvLw5f43s8bKOomNAEs90RWT/0qkXk3g9zs4q5Ive2r9ynOxGA566is GsJySVrd1gdJiiynpOi7S8xFkn+tLK2TZlTcCQZ1R8r/A3mH32hV76NPcYmRXgcb/b0o RCR+yvFezY9Fg4DGd0bdLobKCKHr0FA6Aclk3pHPptdlUl69biyUPks/0kQiRuOM5REn yDzg==
X-Gm-Message-State: ALoCoQlaWTbhsx0r39Q+tcJqPkY5+/0y+3qHcRjbQ7L3KvsPCFnwZixtj+NDJA49YpIPMfBaycdAODgVYwKOlXTiFJwUF+K9wBNXZ/KSSlRVfFM59+h+QeKuElFmCYcVN9Z2tLWcivjTk8Ig9xGsFrYR4SdQrcG0BA==
X-Received: by 10.52.139.237 with SMTP id rb13mr228247vdb.33.1394672069779; Wed, 12 Mar 2014 17:54:29 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.52.139.237 with SMTP id rb13mr228243vdb.33.1394672069626; Wed, 12 Mar 2014 17:54:29 -0700 (PDT)
Received: by 10.58.100.227 with HTTP; Wed, 12 Mar 2014 17:54:29 -0700 (PDT)
Received: by 10.58.100.227 with HTTP; Wed, 12 Mar 2014 17:54:29 -0700 (PDT)
In-Reply-To: <531A09C7.7070904@stpeter.im>
References: <531A09C7.7070904@stpeter.im>
Date: Thu, 13 Mar 2014 09:54:29 +0900
Message-ID: <CAMeZVws7TovweVJU+W347So2_afcUmzoNsRLrOn0Nmq5W=ysrA@mail.gmail.com>
From: Yutaka OIWA <y.oiwa@aist.go.jp>
To: Peter Saint-Andre <stpeter@stpeter.im>
Content-Type: multipart/alternative; boundary="bcaec52c5ccd4a128604f47265b8"
Archived-At: http://mailarchive.ietf.org/arch/msg/precis/Av3oGlqS05BzxzmOelnWIV2SpcQ
Cc: precis@ietf.org
Subject: Re: [precis] usernames in PRECIS and http-auth
X-BeenThere: precis@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Preparation and Comparison of Internationalized Strings <precis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/precis>, <mailto:precis-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/precis/>
List-Post: <mailto:precis@ietf.org>
List-Help: <mailto:precis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/precis>, <mailto:precis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Mar 2014 00:54:41 -0000

Dear Peter,

I feel that I'm bit confusing about the situation and possible mistake.

As presented in a precis WG long before, and as talked with you with Julien,
my intended set for username in HTTP is almost "every printable string", so
"@yoiwa", "@@@@@", "Yutaka Oiwa",
"Y      O" must be all allowed, and
my understanding is that saslprepbis does not allow most of these.
In other words, http's name must be superset of sasl, and is never be a
proper subset of that.
Did I made some mistake on specification or interpretation of saslprepbis?

-- 
Yutaka OIWA <y.oiwa@aist.go.jp> on mobile
2014/03/08 23:49 "Peter Saint-Andre" <stpeter@stpeter.im>:

> As promised at IETF 89, I have compared the username definitions from
> draft-oiwa-precis-httpauthprep-00 and draft-ietf-precis-saslprepbis-06,
> with the purpose of perhaps harmonizing the two approaches so that we can
> avoid multiplying PRECIS profiles beyond necessity.
>
> (I am writing this email on the flight home, and I neglected to load up
> the meeting minutes before leaving, so I might not address all of the
> relevant points in this message.)
>
> First, let's look at the syntax definitions.
>
> draft-ietf-precis-saslprepbis-06 states that a username can (a) consist
> of one of more userparts, or (b) can be of the form userpart@domainpart.The ABNF definition is:
>
>    username   = userpart [1*(1*SP userpart)]
>               / userpart '@' domainpart
>
>    userpart   = 1*(idpoint)
>
>    domainpart = IP-literal / IPv4address / ifqdn
>
>    ifqdn      = 1*1023(domainpoint)
>
> Where:
>
> * an "idpoint" is a UTF-8 encoded Unicode code point that conforms to the
> PRECIS "IdentifierClass"
> * an "IPv4address" is as defined in RFC 3986
> * an "IP-literal" is as defined in RFC 3986
> * a "domainpoint" is a UTF-8 encoded Unicode code point that conforms to
> RFC 5890
>
> By contrast, draft-oiwa-precis-httpauthprep states that a username
> consists of one or more UTF-8 encoded Unicode code points that conform to
> the PRECIS "IdentifierClass". The ABNF definition is:
>
>    userpart   = 1*(idpoint)
>
> We quickly see that an http-auth username is a legal PRECIS username,
> since 1*(idpoint) is simply a userpart as defined in
> draft-ietf-precis-saslprepbis-06, and a PRECIS username can consist of
> only one userpart. Therefore, in this respect, I think the httpauthprep
> text (whether it appears in a standalone document or elsewhere) can simply
> state that for purposes of HTTP authentication a username is a userpart as
> defined in draft-ietf-precis-saslprepbis.
>
> Second, let's look at the string preparation method.
>
> Here, too, draft-oiwa-precis-httpauthprep-00 is a subset of
> draft-ietf-precis-saslprepbis-06. The preparation method in
> draft-ietf-precis-saslprepbis-06 is:
>
>    1.  The base string class is the "IdentifierClass" specified in
>        [I-D.ietf-precis-framework].
>    2.  Fullwidth and halfwidth characters MUST be mapped to their
>        decomposition equivalents.
>    3.  So-called additional mappings MAY be applied, such as those
>        defined in [I-D.ietf-precis-mappings].
>    4.  Uppercase and titlecase characters might be mapped to their
>        lowercase equivalents (see Section 4.2.1 below).
>    5.  Unicode Normalization Form C (NFC) MUST be applied to all
>        characters.
>
> By contrast, the preparation method in draft-oiwa-precis-httpauthprep-00
> is:
>
>    1.  Fullwidth and halfwidth characters MUST be mapped to their
>        decomposition equivalents.
>    2.  Additional mappings SHOULD NOT be applied, such as those defined
>        in [I-D.ietf-precis-mappings], unless there are implementation-
>        dependent reasons to do so, or these are exceptionally required
>        by specific authentication schemes.
>    3.  Case mapping is not applied.
>    4.  Unicode Normalization Form C (NFC) MUST be applied to all
>        characters.o
>
> These two defnitions agree on the width mapping and normalization rules
> described in the PRECIS framework. They appear to differ slightly with
> regard to the additional mapping and case mapping rules. However,
> draft-oiwa-precis-httpauthprep-00 is merely a bit more restrictive with
> regard to matters that are purely optional according to
> draft-ietf-precis-saslprepbis-06. For example, the option of saying that
> "case mapping is not applied" is allowed by the text "uppercase and
> titlecase characters might be mapped to their lowercase equivalents".
>
> To make this clearer, I suggest that we modify the advice in
> draft-oiwa-precis-httpauthprep-00 so that it no longer defines its own
> PRECIS profile. Instead, I suggest that we phrase the httpauthprep text in
> terms of the username profile in draft-ietf-precis-saslprepbis-06. To my
> mind, something like this would work:
>
> ###
>
> For the purposes of HTTP authentication, a username conforms to the syntax
> definition and preparation methods specified in [I.D-draft-ietf-precis-saslprepbis],
> with the following limitations:
>
> * a username conforms to the "userpart" construction from
> [I-D.draft-ietf-precis-saslprepbis]
> * case mapping is not applied
> * delimiter mappings, special mappings, and other so-called additional
> mappings [I-D.draft-ietf-precis-mappings] are not applied
>
> ###
>
> As far as I can see, this simplifies the httpautheprep text quite a bit.
>
> (By the way, draft-oiwa-precis-httpauthprep-00 also seems to copy the
> password profile verbatim from draft-ietf-precis-saslprepbis. I think this
> text can be removed entirely, so that the httpauthprep text can simply
> reference draft-ietf-precis-saslprepbis.)
>
> Yutaka and Alexey (and others), let me know what you think about what I
> have written here.
>
> Thanks,
>
> Peter
>
> _______________________________________________
> precis mailing list
> precis@ietf.org
> https://www.ietf.org/mailman/listinfo/precis
>

v2.23.0 | Report a Bug | By Email