[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Stringprep Considered Harmful

To: Rici Lake <rici@ricilake.net>
Subject: Re: Stringprep Considered Harmful
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Tue, 9 Nov 2004 11:53:26 +0100
Cc: ietf-ldapbis@OpenLDAP.org
In-reply-to: <0CAE7C1A-31B2-11D9-ADDC-000A957D48A8@ricilake.net>
References: <0CAE7C1A-31B2-11D9-ADDC-000A957D48A8@ricilake.net>

Rici Lake writes:
> draft-ietf-ldapbis-strprep-04.txt would define and require the use of a 
> stringprep profile for many common LDAP attribute types. The stringprep 
> algorithm may fail on certain input strings; if it fails, that input 
> string becomes unmatchable.
> 
> If all such strings were obviously illegitimate, this would not be a 
> problem, but many legitimate strings will fail, and this will create 
> problems, some of them serious.

Yes.  I don't know much about your specific examples, but in general
I've never understood why people feel the advantages of error returns
from stringprep are more important than the problems they cause.

-- 
Hallvard

Follow-Ups:
- Re: Stringprep Considered Harmful (A concrete example)
  - From: Rici Lake <rici@ricilake.net>

References:
- Stringprep Considered Harmful
  - From: Rici Lake <rici@ricilake.net>

Prev by Date: Re: protocol-27 comments #3
Next by Date: Re: Cross-purpose SEQUENCE/CHOICE protocol extension fields
Index(es):
- Chronological
- Thread