Re: [precis] Stephen Farrell's Discuss on draft-ietf-precis-saslprepbis-17: (with DISCUSS and COMMENT)
Alexey Melnikov <alexey.melnikov@isode.com> Sat, 30 May 2015 17:18 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: precis@ietfa.amsl.com
Delivered-To: precis@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9876C1A9042; Sat, 30 May 2015 10:18:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.011
X-Spam-Level:
X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 04TwTeN1IMiL; Sat, 30 May 2015 10:18:46 -0700 (PDT)
Received: from statler.isode.com (statler.isode.com [217.34.220.151]) by ietfa.amsl.com (Postfix) with ESMTP id 5462C1A9045; Sat, 30 May 2015 10:18:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1433006325; d=isode.com; s=selector; i=@isode.com; bh=IbmlZX5iPiUbe6e2C6O3MzDJbHSK7jGnizb3CGHan+A=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=X2DYWOiMnZOJf1tVQjNQXD9pnJXnfevgtcovLaVWs2Tnp8YUgZ36QDcazBx08Z6teNJsL9 8zB9lBo9dGO5Q9fy88bjNySPlDq4kRyJYyQFpfZPTQWOrk7VjrF/jEKx/t9nIN10gnMxpD YejvKhFrH2Ixhqcfncb54fGkkuc9Y4Y=;
Received: from [192.168.0.6] (cpc5-nmal20-2-0-cust24.19-2.cable.virginm.net [92.234.84.25]) by statler.isode.com (submission channel) via TCP with ESMTPSA id <VWnw8wAnex93@statler.isode.com>; Sat, 30 May 2015 18:18:44 +0100
X-SMTP-Protocol-Errors: PIPELINING
From: Alexey Melnikov <alexey.melnikov@isode.com>
X-Mailer: iPad Mail (12F69)
In-Reply-To: <87h9qvxhju.fsf@latte.josefsson.org>
Date: Sat, 30 May 2015 18:19:40 +0100
Message-Id: <DAE7BB47-21D2-4911-B52F-5922EE06A489@isode.com>
References: <20150527125619.24017.77007.idtracker@ietfa.amsl.com> <5565C153.1030708@isode.com> <5565C31C.3020309@cs.tcd.ie> <87h9qvxhju.fsf@latte.josefsson.org>
To: Simon Josefsson <simon@josefsson.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/precis/K7N2-tiodh3r2ftlgQonzmIBSys>
Cc: "draft-ietf-precis-saslprepbis@ietf.org" <draft-ietf-precis-saslprepbis@ietf.org>, "precis@ietf.org" <precis@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-precis-saslprepbis.ad@ietf.org" <draft-ietf-precis-saslprepbis.ad@ietf.org>, "precis-chairs@ietf.org" <precis-chairs@ietf.org>, "draft-ietf-precis-saslprepbis.shepherd@ietf.org" <draft-ietf-precis-saslprepbis.shepherd@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [precis] Stephen Farrell's Discuss on draft-ietf-precis-saslprepbis-17: (with DISCUSS and COMMENT)
X-BeenThere: precis@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Preparation and Comparison of Internationalized Strings <precis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/precis>, <mailto:precis-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/precis/>
List-Post: <mailto:precis@ietf.org>
List-Help: <mailto:precis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/precis>, <mailto:precis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 30 May 2015 17:18:47 -0000
Hi Simon, > On 29 May 2015, at 21:19, Simon Josefsson <simon@josefsson.org> wrote: > > Stephen Farrell <stephen.farrell@cs.tcd.ie> writes: > >> Hiya, >> >>> On 27/05/15 14:06, Alexey Melnikov wrote: >>> Hi Stephen, >>> >>>> On 27/05/2015 13:56, Stephen Farrell wrote: >>>> [...] >>>> ---------------------------------------------------------------------- >>>> DISCUSS: >>>> ---------------------------------------------------------------------- >>>> >>>> >>>> 4.1: zero length password - I think you're wrong on that >>>> one but it is arguable. If RFC4013 also prohibited zero >>>> length passwords (I couldn't tell at a quick glance) >>> Yes, zero length password was always prohibited by RFC 4013. If you look >>> at various RFCs that reference SASLPrep, they say "if the password is >>> invalid or zero length after applying SASLPrep normalization, then >>> reject it" (or similar words). >> >> That wins. I'll clear the discuss and make this a comment. > > I question if this is correct -- my SASLprep implementation accepts zero > length passwords. Where in RFC 4013 is the requirement to reject them? SASL PLAIN and SCRAM have relevant text (in case of SCRAM, this only applies to usernames, but they are the same SASLPrep profile, so I think the lack of similar text for passwords was not intentional) > > I think Stephen's thoughts around empty passwords makes a lot of sense. > Empty passwords are used in many places, for good or bad. > > I'm certain that not all RFCs that refer to SASLprep has the wording > above. RFC 5802 (SCRAM) doesn't, as far as I can tell, for example. See above.
- [precis] Stephen Farrell's Discuss on draft-ietf-… Stephen Farrell
- Re: [precis] Stephen Farrell's Discuss on draft-i… Alexey Melnikov
- Re: [precis] Stephen Farrell's Discuss on draft-i… Stephen Farrell
- Re: [precis] Stephen Farrell's Discuss on draft-i… Simon Josefsson
- Re: [precis] Stephen Farrell's Discuss on draft-i… Alexey Melnikov