Begin forwarded message:
From: Marc Blanchet <marc(_dot_)blanchet(_at_)viagenie(_dot_)ca>
Date: May 14, 2010 2:13:25 PM PDT
To: Kurt Zeilenga <Kurt(_dot_)Zeilenga(_at_)Isode(_dot_)com>
Cc: draft-sheffer-emu-eap-eke(_at_)tools(_dot_)ietf(_dot_)org
Subject: Re: [newprep] other customers of *prep
Le 10-05-14 16:49, Kurt Zeilenga a écrit :
Yaron, Glen, Hannes, Scott,
On May 14, 2010, at 12:38 PM, Marc Blanchet wrote:
while reading draft-sheffer-emu-eap-eke-06.txt, I stumbled upon:
section 5.1
If the password is non-ASCII, it SHOULD be normalized by the sender
before the EAP-EKE message is constructed. The normalization method
is SASLprep, [RFC4013]. Note that the password is not null-
terminated.
Kind of odd to apply SASLprep only when password is non-ASCII. Does this
mean that ASCII control characters, which SASLprep prohibits, are allowed
when the password is ASCII? I would hope not.
SASLprep should really be applied here unconditionally to the password text.
I also note that one also needs to specify which SASLprep inputs are to be
treated as "query" strings and which are "stored" strings [RFC3454]. I
suspect (I haven't actually read your draft) the former would be the
appropriate choice here.
Kurt, this draft is in last call, therefore I think you should send your
comments to iesg/ietf ml.
Marc.
-- Kurt
--
=========
IPv6 book: Migrating to IPv6, Wiley. http://www.ipv6book.ca
Stun/Turn server for VoIP NAT-FW traversal: http://numb.viagenie.ca
DTN news service: http://reeves.viagenie.ca
NAT64-DNS64 Opensource: http://ecdysis.viagenie.ca
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf