Re: CONSENSUS CALL: draft-zeilenga-sasl-rfc2222bis as WG item
Simon Josefsson <jas@extundo.com> Thu, 26 May 2005 14:00 UTC
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4QE0VcS004035; Thu, 26 May 2005 07:00:31 -0700 (PDT) (envelope-from owner-ietf-sasl@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4QE0VgM004034; Thu, 26 May 2005 07:00:31 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f
Received: from yxa.extundo.com (root@178.230.13.217.in-addr.dgcsystems.net [217.13.230.178]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4QE0QIA004022 for <ietf-sasl@imc.org>; Thu, 26 May 2005 07:00:30 -0700 (PDT) (envelope-from jas@extundo.com)
Received: from latte.josefsson.org (c494102a.s-bi.bostream.se [217.215.27.65]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-1) with ESMTP id j4QE0H06013680 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 26 May 2005 16:00:18 +0200
From: Simon Josefsson <jas@extundo.com>
To: Tom Yu <tlyu@MIT.EDU>
Cc: ietf-sasl@imc.org
Subject: Re: CONSENSUS CALL: draft-zeilenga-sasl-rfc2222bis as WG item
References: <ldvll62q2d5.fsf@cathode-dark-space.mit.edu>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
X-Hashcash: 1:21:050526:tlyu@mit.edu::lD+V2Ck1+qUdkCdX:2xAy
X-Hashcash: 1:21:050526:ietf-sasl@imc.org::hNze6ZE4lboMazB/:5ROQ
X-Hashcash: 1:21:050526:tlyu@mit.edu::qm5w86nW5elbIbG4:09F3
Date: Thu, 26 May 2005 16:00:17 +0200
In-Reply-To: <ldvll62q2d5.fsf@cathode-dark-space.mit.edu> (Tom Yu's message of "Wed, 25 May 2005 20:04:22 -0400")
Message-ID: <iluy8a25bpq.fsf@latte.josefsson.org>
User-Agent: Gnus/5.110004 (No Gnus v0.4) Emacs/22.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Status: No, score=0.1 required=5.0 tests=FORGED_RCVD_HELO autolearn=failed version=3.0.2
X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on yxa-iv
X-Virus-Scanned: ClamAV version 0.84, clamav-milter version 0.84e on yxa.extundo.com
X-Virus-Status: Clean
Sender: owner-ietf-sasl@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-ID: <ietf-sasl.imc.org>
List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Tom Yu <tlyu@MIT.EDU> writes: > If you support the working group adopting > draft-zeilenga-sasl-rfc2222bis as a replacement to > draft-ietf-sasl-rfc2222bis, please reply indicating this support. I read these two documents side by side today, and I didn't find any major problems with Kurt's rewrite. Actually, I found Kurt's version more precise and generally easier to read. Good work! > If you have other comments, please send them as well. I note that there is almost no SASLprep discussion in the new document. SASLprep is only mentioned once, and only in the context of mechanisms: For simple user names and/or passwords in authentication credentials, SASLprep [RFC4013] (a profile of the StringPrep [RFC3454] preparation algorithm), SHOULD be specified as the preparation algorithm. Removing SASLprep discussions from the core document may be a good thing. Doing so will force the SASLprep discussions down into the mechanism specification (for authid) and the protocol profile specification (for authzid), where it may be easier to specify the details. On the other hand, removing SASLprep guidance from the core document may lead to poorer SASLprep discussions in mechanism/profile documents. That is because the SASLprep discussion would have to be duplicated and re-thought for each mechanism/profile. At worst, without proper co-ordination, some decisions made in one mechanism (or profile) could become in conflict with decisions made in some profile (or mechanism). Generally, it seems that with this new document, authors of mechanism/profile documents will have little guidance on how to use SASLprep correctly within the SASL framework. Finally, if the intention was to remove SASLprep discussions from the core document, I think SASLprep could be removed completely. I.e., rewrite the SHOULD paragraph, turning it into a suggestion, and make SASLprep an informational reference. That would make it possible to make mechanisms use a future SASLprep2 without having to revise the core document. Regards, Simon
- CONSENSUS CALL: draft-zeilenga-sasl-rfc2222bis as… Tom Yu
- Re: CONSENSUS CALL: draft-zeilenga-sasl-rfc2222bi… Simon Josefsson
- Re: CONSENSUS CALL: draft-zeilenga-sasl-rfc2222bi… Kurt D. Zeilenga
- Re: CONSENSUS CALL: draft-zeilenga-sasl-rfc2222bi… Simon Josefsson
- Re: CONSENSUS CALL: draft-zeilenga-sasl-rfc2222bi… Sam Hartman
- Re: CONSENSUS CALL: draft-zeilenga-sasl-rfc2222bi… Tom Yu