Re: [regext] Alexey Melnikov's Discuss on draft-ietf-regext-login-security-07: (with DISCUSS and COMMENT)

"Gould, James" <jgould@verisign.com> Fri, 24 January 2020 21:25 UTC

Return-Path: <jgould@verisign.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E564120884; Fri, 24 Jan 2020 13:25:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kCWIrb71lM6M; Fri, 24 Jan 2020 13:24:58 -0800 (PST)
Received: from mail3.verisign.com (mail3.verisign.com [72.13.63.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C53E120052; Fri, 24 Jan 2020 13:24:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=3754; q=dns/txt; s=VRSN; t=1579901098; h=from:to:cc:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version:subject; bh=KAFbjVdflU0EqnE7F3oZLgl5sTDKps+4t1yhDBhUbHA=; b=NF4VnJMlYklpOoZJteUnQQoEpbU/3s/S15dSICUx7Tk67Oc7B6jNDHoX UdzZHdHzb+nWBD5Fm0gRhHW9clRgKQhC9vF4AkUU1+HIS4n15+QCQR5sQ 8WldykqGG6iLlXTaPwpDVnjL4c3/4ENPHdGafhsx4NYW5mbelU+LS6vRT mCKMWXYAWlGck1/vouRNb4gy6KDOk4+31Z8ehtIVkZDj/x17F5LVVydRV Q/DC1rnhkuVWIaCZVaVhr6YSo4EdRCzYadQAavaa+n164vTL43DKeTffz v4LZVm1/AZUoAYeZSi2gKz7rmwX/xmCuB23KnpIATo6q//WNH2InP98el Q==;
IronPort-SDR: ksAu05LIq+e5FDwxGRuAHdXoCLuJZOkYdNObCEkeOyIkpqk/surBkLdYMTpCw0IbcNMENFy+bu Gm5Cpf0d75W5RILdZy+F/UZoyQxRLo5+IoZ6PBYGeC3dGD+rk9G9VcvF0cHdinu9Eawyyy2OGA ZYsbkmNr9YCY/SRkLTyWeK6ZSyPgnXG2hztEyY5oHjMsoOlbw2iRDqj6+fk/nmmWFFjExwmVk0 sczuqC7HNtJjKsWaq7SqmXj2mBtkmGRGuoJSk8bod03V0pFM/+b47f5a9zgq+vCwabbqY+lEyU LiA=
X-IronPort-AV: E=Sophos;i="5.70,358,1574121600"; d="scan'208";a="569030"
IronPort-PHdr: 9a23:QpAAihar1n3WyQu4bzzH5/n/LSx+4OfEezUN459isYplN5qZps6yZx7h7PlgxGXEQZ/co6odzbaP7+a6BCdZut7B6ClELMUXEUddyI0/pE8JOIa9E0r1LfrnPWQRPf9pcxtbxUy9KlVfA83kZlff8TWY5D8WHQjjZ0IufrymUoHdgN6q2O+s5pbdfxtHhCanYbN1MR66sRjdutMZjId/Jas90AXFr3tHd+hLy25jOFafkwrh6suq85Nv7ipdt+g9+8JcVKnxYrg1Q6FfADk6KW4++dfltQPETQuB53scVnsZnx9VCAXb7x/0Q4n8vDLiuuVyxCeVM8v2TaspWTu59KdkVAXoiCYcODEn9mzcl9F9g7haoBKloBx/3pLUbYSIP/dwYq/RYdUXTndaU81PSyJOHJ+zb4oXD+oAI+lYqZX9p0ATphe6HAWgGf/jxiNNinLwwKY00fkuERve0QIgAdwArWjUotv2OqccU++6wqjIwinMYfxZwjr99JPHchU9rf2QR799c8zcwlQvGQPfiVWQrJToMz2U2OQKrmib6/dvWfqygGAjsQ5xpyagxtwihoLUgY8VyF/E9SJkwIYxONK1U1B7bsC+EJtRrCGaNoR2QsU4T250vyY6z6QLtJimdyYEz5QnwgTQa/2Bc4WQ/BLsSvyRITZjhHJkd7K/gRey8U68xeHmSsa011NKojJLk9TCrHwN0AbT6seBR/Bg/UmhwS6C2x3P5u1ePEw5l6TWJ4Q8zrMwmJcfq0vOEyvulEnrkKOabFgo9+q05+j9f7nrqZyRO5Vphgz9KqgulNKwDOckPgULWmWU4+ex2bn48kD8TrhGkOA5n6jcvZ/BIckWp6y0Dgpb34st6RuwEjGr28kCk3YdNlJKYheHgpDsO1HJPf/3E++yg0+pkDd33/DGOaDhAonVInjDjrjhebF95lZBxQQv1d5T+pJbBKkOLv3yRkP9qsbUDgElPAyz2ebnEM9x2ZkDVm6VHK+ZKrjSsVmS6u0zJOmMYZcZuDf7K/c7+/7jlWI1lUMHcaW035YaZmq0EulmLkiXe3bhjdMMHX8PvgUkTezqjFOCUSRUZ3a3R6885D47CIW7DYfHW4+gm6KB0zmhHp1XfWBGC1+MEXHye4qYXPcMbTqeItV9nTwcSbihV4gh2Am0uwDgzrpoMO7U+isZtZLg09h1+fbelR8o+jxvE8Sd1nuCT2Bwnm8SST822bh1oVZhxVebzah4n/tYGMRS5/xXSQc6OoXRz+1kBNDuVALNZNCJSEypQt++GzE+Usoxw8MSY0Z6A9itkwrD0DCkA78JjrCLBYI78r7S33ToPcZy1XnG27cujlk6W8dPMWqmhqF+9wjVHoLJiFuWmLq3daQG3S7N6GeCwHGPvE5GTA5wX7/JXXcFZkvZtd75/F/NT6eyCbQ7NQtM0cyCK6tUZdL3llhJXvnjONXaY2KwgWiwHgyExrKKbIrkfGUXxD/dB1QckwAP4XaGMhAzBj2/rGLREjNvGk7vb1rw/ul+sny7T1U0zxqRYk1gybW15hAVieabS/MJ0bIOoD0hpClsHFahw9LWDMKNpxB/c6VTf9w870tH2HnYtwNjIpygIbpuhlkEcwR47AvS0EBeDohQnNliiX4uygtxLrzQhFpIcj6c25HzPaP/JGDp4BWmaqqQ1FSIg/iM/aJaots/tlHv+EmLH08v6D8vh9ta1GaY6r3UARATSpP+VAA88B0s9OKSWTU0+46BjS4kCqKzqDKXnotxXOY=
X-IPAS-Result: A2GdAgAQYCte/zGZrQpiAxwBAQEBAQcBAREBBAQBAYF7gxWBMQqECZEVJYNulWOBKxclCQEBAQEBAQEBAQcBIwwBAQKEPgIXgjA4EwIDAQELAQEBBAEBAQEBBQMBAQEChiAMgjspAWkvCTkBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEFAggFAk0FAkcBAR0BAQEBAgEjETMSEAIBCA4KAgISAQELBwICAjAVEAIEDgWDJgGCWy+saXWBMopLgQ4qjDGBQj6BEScMFIJMPoJkAgKBSQIWFwomAQIFgkEygiwEkBY7nwcDB4I5h0KJV4U5gkh4hxKQKpY0gRCSKQIEAgQFAhWBaYF7cBVlAYJBCUcYDYg5gzuFFIU/dA4kikUPFQmBBIEQAQE
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1779.2; Fri, 24 Jan 2020 16:24:53 -0500
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d]) by BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d%5]) with mapi id 15.01.1779.002; Fri, 24 Jan 2020 16:24:53 -0500
From: "Gould, James" <jgould@verisign.com>
To: Alexey Melnikov <aamelnikov@fastmail.fm>
CC: The IESG <iesg@ietf.org>, "draft-ietf-regext-login-security@ietf.org" <draft-ietf-regext-login-security@ietf.org>, Joseph Yee <jyee@afilias.info>, "regext-chairs@ietf.org" <regext-chairs@ietf.org>, "regext@ietf.org" <regext@ietf.org>
Thread-Topic: [EXTERNAL] Re: Alexey Melnikov's Discuss on draft-ietf-regext-login-security-07: (with DISCUSS and COMMENT)
Thread-Index: AQHV0pYVjt1y5yOWOU+Uak7jU+tjD6f6VEYA
Date: Fri, 24 Jan 2020 21:24:53 +0000
Message-ID: <D04FA860-1793-4657-8AD8-F537814BD5D2@verisign.com>
References: <157977713547.22794.12692666659052458667.idtracker@ietfa.amsl.com> <A5D19CB8-BEB8-4675-9C6E-43CE6C914464@verisign.com> <84A60049-F486-4428-B44F-33544B0A325D@fastmail.fm>
In-Reply-To: <84A60049-F486-4428-B44F-33544B0A325D@fastmail.fm>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.12.200112
x-originating-ip: [10.170.148.18]
Content-Type: text/plain; charset="utf-8"
Content-ID: <5BA53565A9C0EF42B36A588D4010CC54@verisign.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/-4wLdea6CwAvDUef0le4WFo8IZY>
Subject: Re: [regext] Alexey Melnikov's Discuss on draft-ietf-regext-login-security-07: (with DISCUSS and COMMENT)
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jan 2020 21:25:00 -0000

Alexey,

I'll go ahead and add the following description of "whitespace" in section 1.1 "Conventions Used in This Document":

"whitespace" is based on the definition for the XML schema whiteSpace datatype in [W3C.REC-xmlschema-2-20041028], which only includes the ASCII whitespace characters #x9 (tab), #xA (linefeed), #xD (carriage return), and #x20 (space).  

-- 
 
JG



James Gould
Distinguished Engineer
jgould@Verisign.com <applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgould@Verisign.com>

703-948-3271
12061 Bluemont Way
Reston, VA 20190

Verisign.com <http://verisigninc.com/>

On 1/24/20, 4:10 AM, "Alexey Melnikov" <aamelnikov@fastmail.fm> wrote:

    Hi James,
    Just replying to 1 point below:
    
    > On 23 Jan 2020, at 21:29, Gould, James <jgould@verisign.com> wrote:
    > 
    >    2) In the same section:
    > 
    >       <loginSec:pw>:  OPTIONAL plain text password that is case sensitive,
    >           has a minimum length of 6 characters, and has a maximum length
    >           that is up to server policy.  All leading and trailing whitespace
    >           is removed, and all internal contiguous whitespace that includes
    >           #x9 (tab), #xA (linefeed), #xD (carriage return), and #x20
    >           (space) is replaced with a single #x20 (space).  This element
    >           MUST only be used if the [RFC5730] <pw> element is set to the
    >           "[LOGIN-SECURITY]" value.
    > 
    >    What is the definition of "whitespace"? Does this only include characters
    >    listed above or does it also include other Unicode characters (e.g. Unicode
    >    whitespace property)? If the former, then instead of using "whitespace that
    >    includes ..." use something like "whitespace is defined as one of ..."
    > 
    > JG - The definition of "whitespace" is based on the definition for XML schema whiteSpace (https://www.w3.org/TR/xmlschema11-2/#rf-whiteSpace), which does not include non-ASCII whitespace.  Validating XML parsers will apply the XML schema whitespace rules defined for the XML Schema "token" type (https://www.w3.org/TR/xmlschema11-2/#token), which is explicitly included in the description of the <loginSec:pw> element based on feedback from the working group.  I don't recommend use of non-ASCII characters for passwords, but I don't believe the extension should disallow it.  
    
    Please clarify this in the document. Probably the easiest way is to add definition of whitespace to the terminology section.
    
    BTW, I believe Precis framework will canonicalize all Unicode whitespaces (around 33 different characters) to ASCII space.
    
    
    Best Regards,
    Alexey