Re: [precis] [http-auth] Unicode normalization, was: Draft Minutes Posted for IETF 87 HTTP-AUTH Session
Peter Saint-Andre <stpeter@stpeter.im> Tue, 04 February 2014 02:33 UTC
Return-Path: <stpeter@stpeter.im>
X-Original-To: precis@ietfa.amsl.com
Delivered-To: precis@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30FCB1A0257; Mon, 3 Feb 2014 18:33:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.437
X-Spam-Level:
X-Spam-Status: No, score=-2.437 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.535, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rRv_RcLeShiM; Mon, 3 Feb 2014 18:33:55 -0800 (PST)
Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id B81FE1A0251; Mon, 3 Feb 2014 18:33:55 -0800 (PST)
Received: from aither.local (unknown [24.8.184.175]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id F19CC4010C; Mon, 3 Feb 2014 19:33:49 -0700 (MST)
Message-ID: <52F0518C.9060506@stpeter.im>
Date: Mon, 03 Feb 2014 19:33:48 -0700
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: Yutaka OIWA <y.oiwa@aist.go.jp>, Julian Reschke <julian.reschke@gmx.de>
References: <CANTg3aCDGf1CjDfkqLDZmMRk7BhH+sGRLwwZnt7GYAo87Bqkcg@mail.gmail.com> <523198DD.8010903@gmx.de> <524FD569.9020103@gmx.de> <52EFCA1F.5070609@gmx.de> <CAMeZVwunZcqd0iAic9wkKn+gk7+-t9L5_1NzHHauMh8qag_13w@mail.gmail.com>
In-Reply-To: <CAMeZVwunZcqd0iAic9wkKn+gk7+-t9L5_1NzHHauMh8qag_13w@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "http-auth@ietf.org" <http-auth@ietf.org>, Matthew Lepinski <mlepinski.ietf@gmail.com>, precis@ietf.org
Subject: Re: [precis] [http-auth] Unicode normalization, was: Draft Minutes Posted for IETF 87 HTTP-AUTH Session
X-BeenThere: precis@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Preparation and Comparison of Internationalized Strings <precis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/precis>, <mailto:precis-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/precis/>
List-Post: <mailto:precis@ietf.org>
List-Help: <mailto:precis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/precis>, <mailto:precis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Feb 2014 02:33:58 -0000
Yes, I think it is best to define a separate profile for HTTPAUTH (based on various conversations at the last IETF meeting). I will try to review your document again very soon. Peter On 2/3/14, 5:18 PM, Yutaka OIWA wrote: > Dear Julian and Peter (added), > > how about the things ongoing about handling of > HTTP-AUTH normalization in context of PRECIS? > > I proposed general-purpose HTTP-AUTH normalization > profile to PRECIS WG (just because I need it :-), > and they considered merging it with new SASLPREPbis. > My current draft is > http://tools.ietf.org/html/draft-oiwa-precis-httpauthprep-00 . > SASLPREPbis is in WG pool as > http://tools.ietf.org/html/draft-ietf-precis-saslprepbis-06 . > > I am awaiting actions for whether the merging > will actually happen or not. > In my understanding, removing of SASL-dependent > natures (e.g. that in Username grammer) from current > saslprepbis is not going forward yet, and current > SASLPREPbis is, at least personally, not applicable > for any HTTP auth schemes except SASL-backed ones. > For clarify, SASLPREPbis is really good, and the differences > are not large but critical. > > I think there is several possible directions for us to go: > > 1) Go merging: push forward to make saslprepbis a > general-purpose precis profile by separating > still-remaining SASL-only features. > IMO, in this case we may need two separate > application notes documents for SASL and HTTP-AUTH. > > 2) Go separate: discuss HTTPAUTH in context of > PRECIS separately from SASLPREP. > I believe that my draft will give us a good starting point, > as my best effort. > > 3) for Julian, one possible best current cheating, if you > can't wait PRECIS WG, might be just specify NFC as a > canonical form. Both SASLPREP and HTTPAUTHprep > (and many other PRECIS profiles) are NFC based, > so it will not likely harm future development of proper > PRECIS-based "preparation" (including normalization). > > Also, I would be happy if Julian (as talked in Vancouver) > and other people in HTTPAUTH WG and PRECIS WG > could give us a feedback on my proposal from the > both WG's points of view. > > 2014-02-04 Julian Reschke <julian.reschke@gmx.de>: >> On 2013-10-05 11:01, Julian Reschke wrote: >>> >>> On 2013-09-12 12:35, Julian Reschke wrote: >>>> >>>> On 2013-08-21 21:22, Matthew Lepinski wrote: >>>>> >>>>> Draft minutes for the HTTP-AUTH session have been posted. >>>>> >>>>> They can be found at: >>>>> http://www.ietf.org/proceedings/87/minutes/minutes-87-httpauth >>>>> >>>>> If you notice any omissions or other errors in the minutes, please let >>>>> us know. >>>>> ... >>>> >>>> >>>> OK, the minutes mention: >>>> >>>> "Unicode Normalization : Getting from what is typed in to Unicode code >>>> points will require discussion" >>>> >>>> So how do we proceed from here? Any concrete proposals for what to say? >>> >>> >>> It seems we don't know what to say then, right? >>> >>> How about: "Beware that differing Unicode normalization forms can cause >>> interoperability problems. See [http://unicode.org/reports/tr15/]."? >>> >>> >>> Best regards, Julian >> >> >> So, does anybody have a good plan how to approach the normalization problem? >> >> Otherwise we'll just have to state that there are dragons out there, and >> that we don't know the solution... >> >> >> Best regards, Julian >> >> _______________________________________________ >> http-auth mailing list >> http-auth@ietf.org >> https://www.ietf.org/mailman/listinfo/http-auth > > > -- Peter Saint-Andre https://stpeter.im/
- Re: [precis] [http-auth] Unicode normalization, w… Yutaka OIWA
- Re: [precis] [http-auth] Unicode normalization, w… Nico Williams
- Re: [precis] [http-auth] Unicode normalization, w… Peter Saint-Andre
- Re: [precis] [http-auth] Unicode normalization, w… Peter Saint-Andre
- Re: [precis] [http-auth] Unicode normalization, w… Julian Reschke
- Re: [precis] [http-auth] Unicode normalization, w… Bjoern Hoehrmann
- Re: [precis] [http-auth] Unicode normalization, w… Yutaka OIWA
- Re: [precis] [http-auth] Unicode normalization, w… Yutaka OIWA
- Re: [precis] [http-auth] Unicode normalization, w… Julian Reschke
- Re: [precis] [http-auth] Unicode normalization, w… Julian Reschke
- Re: [precis] [http-auth] Unicode normalization, w… Yoav Nir
- Re: [precis] [http-auth] Unicode normalization, w… Yutaka OIWA