ietf
[Top] [All Lists]

Fwd: draft-sheffer-emu-eap-eke

2010-05-14 17:55:44
Begin forwarded message:

From: Marc Blanchet <marc(_dot_)blanchet(_at_)viagenie(_dot_)ca>
Date: May 14, 2010 2:13:25 PM PDT
To: Kurt Zeilenga <Kurt(_dot_)Zeilenga(_at_)Isode(_dot_)com>
Cc: draft-sheffer-emu-eap-eke(_at_)tools(_dot_)ietf(_dot_)org
Subject: Re: [newprep] other customers of *prep

Le 10-05-14 16:49, Kurt Zeilenga a écrit :
Yaron, Glen, Hannes, Scott,

On May 14, 2010, at 12:38 PM, Marc Blanchet wrote:

while reading draft-sheffer-emu-eap-eke-06.txt, I stumbled upon:

section 5.1
  If the password is non-ASCII, it SHOULD be normalized by the sender
  before the EAP-EKE message is constructed.  The normalization method
  is SASLprep, [RFC4013].  Note that the password is not null-
  terminated.

Kind of odd to apply SASLprep only when password is non-ASCII.  Does this 
mean that ASCII control characters, which SASLprep prohibits, are allowed 
when the password is ASCII?  I would hope not.

SASLprep should really be applied here unconditionally to the password text.

I also note that one also needs to specify which SASLprep inputs are to be 
treated as "query" strings and which are "stored" strings [RFC3454].  I 
suspect (I haven't actually read your draft) the former would be the 
appropriate choice here.


Kurt, this draft is in last call, therefore I think you should send your 
comments to iesg/ietf ml.

Marc.

-- Kurt


-- 
=========
IPv6 book: Migrating to IPv6, Wiley. http://www.ipv6book.ca
Stun/Turn server for VoIP NAT-FW traversal: http://numb.viagenie.ca
DTN news service: http://reeves.viagenie.ca
NAT64-DNS64 Opensource: http://ecdysis.viagenie.ca


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>
  • Fwd: draft-sheffer-emu-eap-eke, Kurt Zeilenga <=