[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldapext] Fwd: I-D Action:draft-zeilenga-ldap-passwords-00.txt

To: simo <idra@samba.org>
Subject: Re: [ldapext] Fwd: I-D Action:draft-zeilenga-ldap-passwords-00.txt
From: Kurt Zeilenga <Kurt.Zeilenga@Isode.com>
Date: Mon, 31 Mar 2008 19:50:10 -0700
Cc: x500standard@freelists.org, LDAP Extensions list <ldapext@ietf.org>
Delivered-to: ldapext@core3.amsl.com
In-reply-to: <1207008231.24112.45.camel@localhost.localdomain>
References: <20080331174501.8F71328C198@core3.amsl.com> <3D27B3E2-C6EA-42AD-BE13-4FD46221E2CA@Isode.com> <1206997641.24112.10.camel@localhost.localdomain> <5C148842-FAD8-4535-BD19-383065C87781@Isode.com> <1207008231.24112.45.camel@localhost.localdomain>

On Mar 31, 2008, at 5:03 PM, simo wrote:
>
> On Mon, 2008-03-31 at 16:13 -0700, Kurt Zeilenga wrote:
>>
>> A password doesn't necessarily consist of character data, so specify
>> their length in characters doesn't make any sense.
>
> In 4.1 you proposed a constraint that password conforms to UTF-8.
> In this case data definitely consist of characters.

Here you use character to mean "code point".  Above I assumed you  
where using character to mean "abstract character".

While a minimum number of code point constraint might be useful, I  
think a minimum number of abstract characters constraints would be  
more useful.  The latter like should be dependent on the SASLprep  
constraint, or other constraint which limited passwords to abstract  
character sequences.

> An administrator, I think, would definitely be confused/disappointed  
> to
> discover that the minimum number of characters accepted varies  
> depending
> on the language used.

Or varied depending on the number of code points used to represent the  
abstract character.

> (Most latin languages uses mostly 1 byte characters, while many other
> languages will use regularly 2 byte (or more) wide characters).
>
> Should we have a default 'Minimum Length of Characters' constraint to
> pair to the UTF-8 constraint of 4.1 ?

See above.

>
>
>>> 4)
>>>
>>> The number of constraints seem quite limited, are you open to
>>> suggestion
>>> for more constraint types that are currently commonly used in  
>>> various
>>> server implementations ?
>>
>> Yes.
>
> Thanks,
> there are some encoding (utf-8) dependent constraints that are widely
> used like:

I was thinking of just having a Unicode Regular Expression constraint.

-- Kurt
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www.ietf.org/mailman/listinfo/ldapext

References:
- Re: [ldapext] Fwd: I-D Action:draft-zeilenga-ldap-passwords-00.txt
  - From: simo <idra@samba.org>

Prev by Date: Re: [ldapext] Fwd: I-D Action:draft-zeilenga-ldap-passwords-00.txt
Next by Date: [ldapext] Password Policy Administrative Model
Index(es):
- Chronological
- Thread