Re: [precis] 2 questions from an app developer

Tom Worster <fsb@thefsb.org> Tue, 03 November 2015 14:52 UTC

Return-Path: <fsb@thefsb.org>
X-Original-To: precis@ietfa.amsl.com
Delivered-To: precis@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34F851A1B12 for <precis@ietfa.amsl.com>; Tue, 3 Nov 2015 06:52:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.901
X-Spam-Level:
X-Spam-Status: No, score=-3.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_I_LETTER=-2, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pmiygWtgmQKm for <precis@ietfa.amsl.com>; Tue, 3 Nov 2015 06:52:19 -0800 (PST)
Received: from smtp66.iad3a.emailsrvr.com (smtp66.iad3a.emailsrvr.com [173.203.187.66]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4C5C1A1B0E for <precis@ietf.org>; Tue, 3 Nov 2015 06:52:19 -0800 (PST)
Received: from smtp25.relay.iad3a.emailsrvr.com (localhost.localdomain [127.0.0.1]) by smtp25.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id A01D7180654 for <precis@ietf.org>; Tue, 3 Nov 2015 09:52:18 -0500 (EST)
Received: by smtp25.relay.iad3a.emailsrvr.com (Authenticated sender: fsb-AT-thefsb.org) with ESMTPSA id 3AC61180630 for <precis@ietf.org>; Tue, 3 Nov 2015 09:52:18 -0500 (EST)
X-Sender-Id: fsb@thefsb.org
Received: from [10.0.1.2] (c-73-4-147-142.hsd1.ma.comcast.net [73.4.147.142]) (using TLSv1 with cipher DES-CBC3-SHA) by 0.0.0.0:465 (trex/5.5.4); Tue, 03 Nov 2015 09:52:18 -0500
User-Agent: Microsoft-MacOutlook/14.5.7.151005
Date: Tue, 03 Nov 2015 09:52:14 -0500
From: Tom Worster <fsb@thefsb.org>
To: <precis@ietf.org>
Message-ID: <D25E1EBF.673C8%fsb@thefsb.org>
Thread-Topic: 2 questions from an app developer
References: <D21C42AE.654C4%fsb@thefsb.org>
In-Reply-To: <D21C42AE.654C4%fsb@thefsb.org>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/precis/udKI0WxrT1MyXWdjcEXEROKqWN8>
Subject: Re: [precis] 2 questions from an app developer
X-BeenThere: precis@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Preparation and Comparison of Internationalized Strings <precis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/precis>, <mailto:precis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/precis/>
List-Post: <mailto:precis@ietf.org>
List-Help: <mailto:precis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/precis>, <mailto:precis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Nov 2015 14:52:21 -0000

Now there's some traffic in the PRECIS list, I'd like to ask this question
again, phrased differently.

Afaict, the etiology of this implementer's non-minimal astonishment is:

o Password is based on OpaqueString Profile

o OpaqueString Profile is based on FreeformClass

o FreeformClass uses Exceptions (F) from RFC 5892 sec. 2.6

o Exceptions (F) disallows MIDDLE DOT except under CONTEXTO

o CONTEXTO rule MIDDLE DOT in RFC 5892 A.3 says "Between 'l' (U+006C)
characters only, used to permit the Catalan character ela geminada to be
expressed."

o Therefore, for example

    ihαtePa§sωrdrul·lz    is valid

    ihαtePa§sωrdrul·ze    is invalid

Authoring a validation error message that helps the user understand and
fix it was a challenge. "Password may not contain the · character except
as part of a Catalan character ela geminada," is a cute easter egg[1]
but not much use.

I imagine IDNA would not want MIDDLE DOTs in domain names and some
identifiers because of spoofing but that concern is specific to that
domain and surely not to passwords. I don't know Catalan but I use MIDDLE
DOTs for a variety of purposes, not quite daily but often enough to know
it's been OPT-SHIFT-9 since very early MacOS. It's a useful character so I
suspect people will encounter this rule.

RFCs 7564 and 7613 are done and dusted so my question is: did I decode the
specs correctly?


Tom

[1] Reminds me of PHP's infamous "Parse error: syntax error, unexpected
T_PAAMAYIM_NEKUDOTAYIM"


On 9/14/15, 9:23 AM, "Tom Worster" <fsb@thefsb.org> wrote:

>Hi,
>
>Do I understand right that an RFC 7613 password must not contain a MIDDLE
>DOT (U+00B7) unless both the previous and next characters are LATIN SMALL
>LETTER L (U+006C)?
>
>Are test vectors available for either of the RFC 7564  string classes or
>of the RFC 7613 ID and password profiles?
>
>If this is not the right place for these questions, please steer me in
>the right direction.
>
>Thanks for your consideration.
>
>Tom Worster