[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: internationalization of textual passwords

To: "Hal Henderson" <HAL@novell.com>
Subject: Re: internationalization of textual passwords
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Sat, 01 Mar 2003 13:25:39 -0800
Cc: <ietf-ldapbis@OpenLDAP.org>
In-reply-to: <se60b1d9.008@prv-mail20.provo.novell.com>

At 12:12 PM 3/1/2003, Hal Henderson wrote:
>I agree.  Hopefully, they will decided upon UTF-8 and not invent
>something new.

Saying "UTF-8" is insufficient.  One needs to say exactly how the
strings are to be prepared to increase the likelihood that two
different, but equivalent, user-inputted Unicode strings are
transferred as same sequence of octets and, hence, will match
when compared by the server.

SASLprep defines a new algorithm for preparing Unicode passwords
(as well as user names) for matching.  I'm not aware of a suitable
existing algorithm.

Anyways, I suggest we adopt whatever algorithm the SASL WG
ends up choosing for PLAIN, CRAM-MD5, and DIGEST-MD5 mechanisms
to minimize the implementation burden.

Kurt

References:
- Re: internationalization of textual passwords
  - From: "Hal Henderson" <HAL@novell.com>

Prev by Date: Re: internationalization of textual passwords
Next by Date: Re: [AuthMeth] clarification on SASL DN AuthZ ID
Index(es):
- Chronological
- Thread