[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: internationalization of textual passwords
At 12:12 PM 3/1/2003, Hal Henderson wrote:
>I agree. Hopefully, they will decided upon UTF-8 and not invent
>something new.
Saying "UTF-8" is insufficient. One needs to say exactly how the
strings are to be prepared to increase the likelihood that two
different, but equivalent, user-inputted Unicode strings are
transferred as same sequence of octets and, hence, will match
when compared by the server.
SASLprep defines a new algorithm for preparing Unicode passwords
(as well as user names) for matching. I'm not aware of a suitable
existing algorithm.
Anyways, I suggest we adopt whatever algorithm the SASL WG
ends up choosing for PLAIN, CRAM-MD5, and DIGEST-MD5 mechanisms
to minimize the implementation burden.
Kurt