Re: [precis] Review of draft-melnikov-precis-saslprepbis-03
"Matt Miller (mamille2)" <mamille2@cisco.com> Fri, 21 September 2012 14:55 UTC
Return-Path: <mamille2@cisco.com>
X-Original-To: precis@ietfa.amsl.com
Delivered-To: precis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B15821F8820 for <precis@ietfa.amsl.com>; Fri, 21 Sep 2012 07:55:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.26
X-Spam-Level:
X-Spam-Status: No, score=-10.26 tagged_above=-999 required=5 tests=[AWL=-0.261, BAYES_00=-2.599, J_CHICKENPOX_14=0.6, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7AV9DzsIkNPL for <precis@ietfa.amsl.com>; Fri, 21 Sep 2012 07:55:02 -0700 (PDT)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) by ietfa.amsl.com (Postfix) with ESMTP id 816A521F881D for <precis@ietf.org>; Fri, 21 Sep 2012 07:55:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7962; q=dns/txt; s=iport; t=1348239302; x=1349448902; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=Vhq2gTIslVMtCdOIFex7Ca42tHm3ZvpHTHVkaJ7fPdU=; b=mlBBk4rmBHaDUg7GntKYomH9n6GgZRAJgNURqBWM94v5WqxPCW0yYzJQ CggVeRFGYCXz+/I48hrzUb8aVNIFxXfG55jWk+W7Xpl/Db1TaGEyTD7IH Un7qI3KAH3mMiOCux6e0X3ql2lOZa6V/0qDa6XmTs2wAuFEyWmZ8tTSUh Q=;
X-Files: smime.p7s, PGP.sig : 2214, 535
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av4EAIp+XFCtJV2b/2dsb2JhbABFvhGBCIIgAQEBAwESAV0JBQsCAQgYGBYCMCUCBA4FDhSHXQYLmSegF4scgwiCPmADjmqBIIVagRWNJIFpgmeBWiIb
X-IronPort-AV: E=Sophos; i="4.80,463,1344211200"; d="sig'?p7s'?scan'208"; a="124030727"
Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by rcdn-iport-3.cisco.com with ESMTP; 21 Sep 2012 14:55:02 +0000
Received: from xhc-aln-x14.cisco.com (xhc-aln-x14.cisco.com [173.36.12.88]) by rcdn-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id q8LEt1ZA030653 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 21 Sep 2012 14:55:01 GMT
Received: from xmb-aln-x11.cisco.com ([169.254.6.219]) by xhc-aln-x14.cisco.com ([173.36.12.88]) with mapi id 14.02.0318.001; Fri, 21 Sep 2012 09:55:01 -0500
From: "Matt Miller (mamille2)" <mamille2@cisco.com>
To: Peter Saint-Andre <stpeter@stpeter.im>
Thread-Topic: [precis] Review of draft-melnikov-precis-saslprepbis-03
Thread-Index: AQHNlP+WokQ1fNsRykSn+UGgjKzev5ePLHaAgAAcaQCABfMjgA==
Date: Fri, 21 Sep 2012 14:55:01 +0000
Message-ID: <27C17524-DB6B-45AB-90D2-38A77CAD91F2@cisco.com>
References: <20120914162208.30845.65648.idtracker@ietfa.amsl.com> <50535A6B.8010702@stpeter.im> <8FD6CBCE-60CD-4049-A0E6-B2388D6919DF@cisco.com> <817D19D4-1615-440A-8F75-DEAEFE0BEA58@isode.com> <5057821A.1050903@stpeter.im>
In-Reply-To: <5057821A.1050903@stpeter.im>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-pgp-agent: GPGMail 1.3.3
x-originating-ip: [64.101.72.40]
x-tm-as-product-ver: SMEX-10.2.0.1135-7.000.1014-19200.001
x-tm-as-result: No--37.067700-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1"; boundary="Apple-Mail-6-564922190"
MIME-Version: 1.0
Cc: "precis@ietf.org" <precis@ietf.org>
Subject: Re: [precis] Review of draft-melnikov-precis-saslprepbis-03
X-BeenThere: precis@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Preparation and Comparison of Internationalized Strings <precis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/precis>, <mailto:precis-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/precis>
List-Post: <mailto:precis@ietf.org>
List-Help: <mailto:precis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/precis>, <mailto:precis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Sep 2012 14:55:03 -0000
On Sep 17, 2012, at 14:03, Peter Saint-Andre wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 9/17/12 12:21 PM, Alexey Melnikov wrote: > >> On 17 Sep 2012, at 19:09, "Matt Miller (mamille2)" >> <mamille2@cisco.com> wrote: > > [I agree with the other points that Matt raised. Thanks for the review!] > >>> * 3.2 (Passwords - Preparation) :: I do wonder about the >>> rationale for step 2) (map all non-ASCII space to ASCII space). >>> I myself have not run into conditions where this would matter, >>> but I mostly deal with US-based consumers with passwords almost >>> exclusively in the ASCII range. On the surface, it seems a bit >>> contradictory in principle to the "no bidi rule" rationale that >>> is included. I'm not advocating for retention or removal of step >>> 2), but rather for providing a rationale (one way or the other). >> >> This rule was always in SASLPrep, so this is trying to preserve >> some sort of backward compatibility. Whether it is a good enough >> reason to keep the rule - I don't know. > I just thought it a bit odd that there's a nice big paragraph explaining how a bidi rule would reduce entropy, but the mapping of all non-ASCII space to ASCII space (which would also reduce entropy, theoretically) is a single sentence. However, I'm willing to more than happy to suspend my perceptions over this if others are content with the current text. > This rule applied to stringprep via Appendix B.1 in RFC 3454: > > http://tools.ietf.org/html/rfc3454#appendix-B.1 > > In the interest of full disclosure, the code points involved were: > > U+00AD SOFT HYPHEN > U+034F COMBINING GRAPHEME JOINER > U+1806 MONGOLIAN TODO SOFT HYPHEN > U+180B MONGOLIAN FREE VARIATION SELECTOR ONE > U+180C MONGOLIAN FREE VARIATION SELECTOR TWO > U+180D MONGOLIAN FREE VARIATION SELECTOR THREE > U+200B ZERO WIDTH SPACE > U+200C ZERO WIDTH NON-JOINER > U+200D ZERO WIDTH JOINER > U+2060 WORD JOINER > U+FE00 VARIATION SELECTOR-1 > [...other variation selectors here...] > U+FE0F VARIATION SELECTOR-13 > U+FEFF ZERO WIDTH NO-BREAK SPACE > > As far as I can see, we have two alternatives for SASLprep-bis: > > 1. Continue to map those code points to nothing. > > 2. Disallow those code points by subclassing the FreeClass. > > I don't have a strong feeling either way, although mapping to nothing > has always struck me as a wimpy approach and I'd probably prefer to > explicitly disallow unwanted code points... > Well, about the first 1/3 of those are also listed in Appendix C.1.2, which were mapped to U+0020 in RFC 4013. Specifically: U+00A0 NO-BREAK SPACE U+1680 OGHAM SPACE MARK U+2000 EN QUAD U+2001 EM QUAD U+2002 EN SPACE U+2003 EM SPACE U+2004 THREE-PER-EM SPACE U+2005 FOUR-PER-EM SPACE U+2006 SIX-PER-EM SPACE U+2007 FIGURE SPACE U+2008 PUNCTUATION SPACE U+2009 THIN SPACE U+200A HAIR SPACE U+200B ZERO WIDTH SPACE U+202F NARROW NO-BREAK SPACE U+205F MEDIUM MATHEMATICAL SPACE U+3000 IDEOGRAPHIC SPACE For the purposes of passwords, I don't really know if mapping {Zs} code points to U+0020 is a good idea or not. On one side, more code points means more options (good IMO), but on the other hand I doubt these are values most "password" text entry widgets make easy (or even possible) to input in a predictable manner. As for the rest of B.1, I'm more inclined to disallow (which I think is the case for FreeClass now) than map to nothing. - m&m Matt Miller - <mamille2@cisco.com> Cisco Systems, Inc.
- [precis] Fwd: I-D Action: draft-melnikov-precis-s… Peter Saint-Andre
- Re: [precis] Fwd: I-D Action: draft-melnikov-prec… Marc Blanchet
- Re: [precis] Fwd: I-D Action: draft-melnikov-prec… Matt Miller (mamille2)
- [precis] Review of draft-melnikov-precis-saslprep… Matt Miller (mamille2)
- Re: [precis] Review of draft-melnikov-precis-sasl… Alexey Melnikov
- Re: [precis] Review of draft-melnikov-precis-sasl… Peter Saint-Andre
- Re: [precis] Review of draft-melnikov-precis-sasl… Matt Miller (mamille2)
- Re: [precis] Review of draft-melnikov-precis-sasl… Peter Saint-Andre
- Re: [precis] Review of draft-melnikov-precis-sasl… Alexey Melnikov
- Re: [precis] Review of draft-melnikov-precis-sasl… Peter Saint-Andre