[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: internationalization of textual passwords

To: <ietf-ldapbis@OpenLDAP.org>, <Kurt@OpenLDAP.org>
Subject: Re: internationalization of textual passwords
From: "Jim Sermersheim" <jimse@novell.com>
Date: Thu, 27 Feb 2003 22:38:00 -0700
Cc: "Alan Clark" <ACLARK@novell.com>, "Dan Fritch" <DFRITCH@novell.com>, "David Ward" <DSWARD@novell.com>, "Hal Henderson" <HAL@novell.com>, "Tolga Acar" <TACAR@novell.com>
Content-disposition: inline

I haven't read SASLPrep yet, but recommending (and in doing so, raising
awareness of the issue) a normalized string form sounds very good to
me.

Jim

>>> "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> 2/27/03 11:12:43 PM >>>
While the simple bind password and userPassword are OCTET STRINGs
and to be compared using octetStringMatch (and I continue to think
this should not be changed, see past discussions), I (as an
individual) think it would be appropriate to RECOMMEND that clients
which provide textual passwords "prepare", using SASLprep, the
string before transmission to the server to ensure that like
passwords will match.  Use of SASLprep here, aside from ensuring
consistency between all LDAP clients desiring to use textual
passwords, would allow the textual strings to be used in various
SASL mechanisms which use SASLprep.

Comments?

Kurt

Prev by Date: Re: internationalization of textual passwords
Next by Date: Re: TLS closure alert and auth/authz ID
Index(es):
- Chronological
- Thread