IETF Logo Mail Archive

Re: [xmpp] SASLprep vs. nodeprep

Dave Cridland <dave@cridland.net> Mon, 10 August 2009 20:08 UTC

Return-Path: <dave@cridland.net>
X-Original-To: xmpp@core3.amsl.com
Delivered-To: xmpp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3C70228C2A1 for <xmpp@core3.amsl.com>; Mon, 10 Aug 2009 13:08:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XwO+awKohvzq for <xmpp@core3.amsl.com>; Mon, 10 Aug 2009 13:08:03 -0700 (PDT)
Received: from peirce.dave.cridland.net (peirce.dave.cridland.net [217.155.137.61]) by core3.amsl.com (Postfix) with ESMTP id 0B73628C29C for <xmpp@ietf.org>; Mon, 10 Aug 2009 13:08:03 -0700 (PDT)
Received: from puncture ((unknown) [217.155.137.60]) by peirce.dave.cridland.net (submission) via TCP with ESMTPA id <SoB-IwAqP5cp@peirce.dave.cridland.net>; Mon, 10 Aug 2009 21:08:04 +0100
X-SMTP-Protocol-Errors: NORDNS
References: <4A80790D.3010605@stpeter.im>
In-Reply-To: <4A80790D.3010605@stpeter.im>
MIME-Version: 1.0
Message-Id: <8048.1249934881.543311@puncture>
Date: Mon, 10 Aug 2009 21:08:01 +0100
From: Dave Cridland <dave@cridland.net>
To: Peter Saint-Andre <stpeter@stpeter.im>, XMPP Working Group <xmpp@ietf.org>
Content-Type: text/plain; delsp="yes"; charset="us-ascii"; format="flowed"
Subject: Re: [xmpp] SASLprep vs. nodeprep
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Aug 2009 20:08:04 -0000

On Mon Aug 10 20:46:21 2009, Peter Saint-Andre wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> The SCRAM I-D (draft-ietf-sasl-scram-04) says the following:
> 
>    Before sending the username to the server, the client MUST
>    prepare the username using the "SASLPrep" profile [RFC4013]
>    of the "stringprep" algorithm [RFC3454].
> 
> This might be perceived as contradicting 3920bis, where we say that  
> the
> localpart of a JabberID "MUST be formatted such that the Nodeprep
> profile of [STRINGPREP] can be applied without failing". However, I
> think that nodeprep is more strict than SASLprep, so perhaps we are  
> OK.
> 
> 
I don't think there's a contradiction:

A jid node MUST pass Nodeprep.

A simple username MUST be the jid node.

A simple username used in SCRAM MUST have SASLprep applied before  
transmission.

None of the above have a conflict I can see - it's merely that a  
jid's node might be have more restrictions than previously we've  
considered. It would be worthwhile mentioning this case in  
particular, and in general, that implementations may have further  
restrictions on the form of a node identifier, in section 3.3.


> In any case, I think that the text in the SCRAM I-D needs to say  
> that
> the SASLprep profile can be applied without failing, not that the
> username must be prepared using SASLprep.
> 
> 
I'll answer this one on the SASL list.

Dave.
-- 
Dave Cridland - mailto:dave@cridland.net - xmpp:dwd@dave.cridland.net
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade

v2.23.0 | Report a Bug | By Email