[precis] rationale of rfc7613 decisions

Nikos Mavrogiannopoulos <nmav@redhat.com> Thu, 30 March 2017 15:01 UTC

Return-Path: <nmav@redhat.com>
X-Original-To: precis@ietfa.amsl.com
Delivered-To: precis@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id E02DA120726 for <precis@ietfa.amsl.com>; Thu, 30 Mar 2017 08:01:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.923
X-Spam-Status: No, score=-6.923 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id C1L3yAwefWe8 for <precis@ietfa.amsl.com>; Thu, 30 Mar 2017 08:01:03 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56F47129512 for <precis@ietf.org>; Thu, 30 Mar 2017 08:01:00 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 6473983F46 for <precis@ietf.org>; Thu, 30 Mar 2017 14:53:57 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 6473983F46
Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=nmav@redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 6473983F46
Received: from dhcp-10-40-1-102.brq.redhat.com (unknown []) by smtp.corp.redhat.com (Postfix) with ESMTPS id DB20D78DCA for <precis@ietf.org>; Thu, 30 Mar 2017 14:53:56 +0000 (UTC)
Message-ID: <1490885635.10364.10.camel@redhat.com>
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
To: precis@ietf.org
Date: Thu, 30 Mar 2017 16:53:55 +0200
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 2.79 on
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com []); Thu, 30 Mar 2017 14:53:57 +0000 (UTC)
Archived-At: <https://mailarchive.ietf.org/arch/msg/precis/WRFASSjZzb2ddqZJc5bkOlslOLE>
Subject: [precis] rationale of rfc7613 decisions
X-BeenThere: precis@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Preparation and Comparison of Internationalized Strings <precis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/precis>, <mailto:precis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/precis/>
List-Post: <mailto:precis@ietf.org>
List-Help: <mailto:precis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/precis>, <mailto:precis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Mar 2017 15:01:05 -0000

 I'd like to update an rfc in order to follow the rfc7613
recommendations for passwords, however I'd like first to understand the
reason of the restrictions applied to passwords (i.e., freeformclass
choice, space elimination, etc.).

I'm checking both rfc7564 and rfc7613, and I cannot find the rationale
of the restrictions being done. In particular:
 1. why rfc7613 restricts all spaces for passwords to U+0020?
 2. what is the purpose of "Contextual Rule Required" in section 4.3.2
of rfc7564?
 3. why freeform class doesn't allow "Old Hangul Jamo characters"?
 4. why freeform class doesn't allow ignorable charaters?

The context of that, is that I am trying to understand what would be
the drawbacks from recommending a fixed normalization form (e.g., NFC),
for passwords, in contrast to recommending rfc7613.