Hi. I would appreciate if this document contained a discussion of the
implications for RFCs that currently normatively reference RFC 4013.
This is warranted since the new document intends to obsolete RFC 4013.
SASLprep and the several profiles defined by this document give
different outputs for some inputs. This new protocol can also give
different outputs depending on which Unicode version the implementation
uses. Further, it is not clear how to map different uses of SASLprep
into the different profiles described in this document. Combined, these
aspects may lead to interoperability and security issues if migration is
not coordinated among protocols and implementations.
Essentially, what does it mean for this document to obsolete RFC 4013
for an implementation implements a protocol that normatively reference
RFC 4013? When are implementations supposed to be updated to use this
document? Now, or when the respective RFC is updated to point towards
this new document?
I have read section 6 on migration. It is helpful, but does not really
address the question above.
If my assumption that other RFCs needs to be updated before
implementations should be updated, please consider clarifying this in
the document by adding a paragraph like this to section 6. Feel free to
reword or rewrite this as you want.
While this section describes migration, this document does not have
any direct implication for implementations that implement RFCs that
uses SASLprep today. These RFCs will each need to be updated before
implementation should migrate to using the techniques described in
this document. Non-coordinated updates of protocol implementations
can affect interoperability and security and is therefor discouraged.
Thanks,
/Simon
signature.asc
Description: PGP signature