Re: [precis] 2 questions from an app developer

Tom Worster <> Tue, 03 November 2015 14:52 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 34F851A1B12 for <>; Tue, 3 Nov 2015 06:52:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.901
X-Spam-Status: No, score=-3.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_I_LETTER=-2, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id pmiygWtgmQKm for <>; Tue, 3 Nov 2015 06:52:19 -0800 (PST)
Received: from ( []) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D4C5C1A1B0E for <>; Tue, 3 Nov 2015 06:52:19 -0800 (PST)
Received: from (localhost.localdomain []) by (SMTP Server) with ESMTP id A01D7180654 for <>; Tue, 3 Nov 2015 09:52:18 -0500 (EST)
Received: by (Authenticated sender: with ESMTPSA id 3AC61180630 for <>; Tue, 3 Nov 2015 09:52:18 -0500 (EST)
Received: from [] ( []) (using TLSv1 with cipher DES-CBC3-SHA) by (trex/5.5.4); Tue, 03 Nov 2015 09:52:18 -0500
User-Agent: Microsoft-MacOutlook/
Date: Tue, 03 Nov 2015 09:52:14 -0500
From: Tom Worster <>
To: <>
Message-ID: <>
Thread-Topic: 2 questions from an app developer
References: <>
In-Reply-To: <>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
Archived-At: <>
Subject: Re: [precis] 2 questions from an app developer
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Preparation and Comparison of Internationalized Strings <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 03 Nov 2015 14:52:21 -0000

Now there's some traffic in the PRECIS list, I'd like to ask this question
again, phrased differently.

Afaict, the etiology of this implementer's non-minimal astonishment is:

o Password is based on OpaqueString Profile

o OpaqueString Profile is based on FreeformClass

o FreeformClass uses Exceptions (F) from RFC 5892 sec. 2.6

o Exceptions (F) disallows MIDDLE DOT except under CONTEXTO

o CONTEXTO rule MIDDLE DOT in RFC 5892 A.3 says "Between 'l' (U+006C)
characters only, used to permit the Catalan character ela geminada to be

o Therefore, for example

    ihαtePa§sωrdrul·lz    is valid

    ihαtePa§sωrdrul·ze    is invalid

Authoring a validation error message that helps the user understand and
fix it was a challenge. "Password may not contain the · character except
as part of a Catalan character ela geminada," is a cute easter egg[1]
but not much use.

I imagine IDNA would not want MIDDLE DOTs in domain names and some
identifiers because of spoofing but that concern is specific to that
domain and surely not to passwords. I don't know Catalan but I use MIDDLE
DOTs for a variety of purposes, not quite daily but often enough to know
it's been OPT-SHIFT-9 since very early MacOS. It's a useful character so I
suspect people will encounter this rule.

RFCs 7564 and 7613 are done and dusted so my question is: did I decode the
specs correctly?


[1] Reminds me of PHP's infamous "Parse error: syntax error, unexpected

On 9/14/15, 9:23 AM, "Tom Worster" <> wrote:

>Do I understand right that an RFC 7613 password must not contain a MIDDLE
>DOT (U+00B7) unless both the previous and next characters are LATIN SMALL
>LETTER L (U+006C)?
>Are test vectors available for either of the RFC 7564  string classes or
>of the RFC 7613 ID and password profiles?
>If this is not the right place for these questions, please steer me in
>the right direction.
>Thanks for your consideration.
>Tom Worster