On Tue, Sep 15, 2009 at 03:28:01PM +0100, Kurt Zeilenga wrote:
On Sep 15, 2009, at 2:41 PM, John C Klensin wrote:
Strangely I don't have John's e-mail; I have only the quoted text to go
on.
--On Tuesday, September 15, 2009 10:55 +0200 Simon Josefsson
<simon(_at_)josefsson(_dot_)org> wrote:
Personally, in
the long term I would prefer to deprecate SASLprep in favor of
Net-UTF-8 (i.e., RFC 5198) for use in SASL applications. I
believe "SHOULD use SASLprep" in SCRAM is a reasonable
trade-off considering these factors.
For whatever it is worth, I agree with this analysis. I'm not
sure that RFC 5198 is an adequate substitute for SASLprep,
I am quite sure that RFC 5198 is not an adequate substitute for
SASLprep as used in SCRAM to prepare usernames and passwords for
(direct or indirect) comparison. Net-UTF8 is not designed to support
comparison of user names and passwords composed of Unicode characters,
but for the transmission of text.
[...]
+1
Nico
--
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf