Re: Normalization of passwords in SASL and SSH
Sam Hartman <hartmans-ietf@mit.edu> Tue, 30 November 2004 04:27 UTC
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id iAU4Rhwq076583; Mon, 29 Nov 2004 20:27:43 -0800 (PST) (envelope-from owner-ietf-sasl@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id iAU4RhsD076582; Mon, 29 Nov 2004 20:27:43 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f
Received: from pretender.boolean.net (root@router.boolean.net [198.144.206.49]) by above.proper.com (8.12.11/8.12.9) with ESMTP id iAU4RgsP076548 for <ietf-sasl@imc.org>; Mon, 29 Nov 2004 20:27:42 -0800 (PST) (envelope-from Kurt@OpenLDAP.org)
Received: from gypsy.OpenLDAP.org (kurt@localhost [127.0.0.1]) by pretender.boolean.net (8.12.10/8.12.11) with ESMTP id iAU4RnZv020606 for <ietf-sasl@imc.org>; Tue, 30 Nov 2004 04:27:49 GMT (envelope-from Kurt@OpenLDAP.org)
Message-Id: <6.1.2.0.0.20041129202753.02da7cd0@127.0.0.1>
X-Sender: kurt@127.0.0.1
X-Mailer: QUALCOMM Windows Eudora Version 6.1.2.0
Date: Mon, 29 Nov 2004 20:28:25 -0800
To: ietf-sasl@imc.org
From: Sam Hartman <hartmans-ietf@mit.edu>
Subject: Re: Normalization of passwords in SASL and SSH
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id iAU4RhsP076565
Sender: owner-ietf-sasl@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-ID: <ietf-sasl.imc.org>
List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
>>>>> "Niels" == Niels Möller <nisse@lysator.liu.se> writes: Niels> If I understand your proposal, as it applies to ssh, you're Niels> suggesting that we should Niels> 1. Strike the new text on normalization, in effect Niels> reverting to what was in older drafts Niels> (e.g. draft-ietf-secsh-userauth-18.txt says "Note that the Niels> password is encoded in ISO-10646 UTF-8. It is up to the Niels> server how it interprets the password and validates it Niels> against the password database."). Niels> 2. Add some new text saying that we recommend that systems Niels> supporting non-ascii passwords always normalize passwords Niels> and usernames whenever they are added to the database, or Niels> compared (with or without hashing) to existing entries in Niels> the database. And say that ssh implementations that both store the passwords and compare them SHOULD use saslprep for normalization.
- Re: Normalization of passwords in SASL and SSH Bill Sommerfeld
- Re: Normalization of passwords in SASL and SSH Sam Hartman
- Re: Normalization of passwords in SASL and SSH Sam Hartman
- Normalization of passwords in SASL and SSH Sam Hartman
- Re: Normalization of passwords in SASL and SSH Kurt D. Zeilenga