SASLprep200x
Paul Hoffman
phoffman at imc.org
Fri Jan 5 19:45:30 CET 2007
At 10:06 AM -0500 1/5/07, John C Klensin wrote:
>I think we are not disagreeing, but not communicating.
Fully disagree. Fortunately, you made that easy to see in the next sentence.
>In our
>end result, we need to, somehow, accommodate at least three
>different applications and whatever requirements they produce:
>
> (i) IDNs
> (ii) Identifiers to be used to name certificates and
> other security credentials
> (iii) Passwords and other strings that benefit from high
> entropy.
We have no such "need".
We need (i), of course.
We also need (ii) but only insofar as domain names used in those
certs and credentials. To be explicit: we do not need to do anything
to let "Johnson&Johnson" use their name in the issuer name or subject
name fields of PKIX certificates. That is out of scope for
StringPrep. If the security community wants an interoperable way to
handle free-text strings, they can invent it themselves. (Yes, I will
be a stuckee with the giant target on his chest for this one; I'll
live with that. Fortunately, Simon will be standing next to me.)
We should not even consider (iii). The fast that the SASL community
wanted to use StringPrep2003 for their needs then, and now may regret
that decision, is Not Our Problem, particularly because they can fix
their problem themselves with a lot less effort than it would take us
to accommodate them.
More information about the Idna-update
mailing list