The IESG wrote: > The IESG has received a request from the RADIUS EXTensions WG (radext) > to consider the following document: > - 'RADIUS Extension for Digest Authentication ' > <draft-ietf-radext-rfc4590bis-01.txt> as a Proposed Standard Hi, this draft might be also interesting for the 2831bis (SASL) and 2617bis (HTTP-AUTH) folks. From a quick read I found that the I-D picked the "keep backslash as is" approach between client and proxy, trimming \\ and \" only at the RADIUS server. The other DIGEST-MD5 parameters are as always confusing, I don't see anything related to SASLprep in the draft (it's based on 2617). It mentions 2069 backwards compatibility based on the absence of "QoP", I'm not sure if that's correct for "md5-sess" without "QoP". The draft says that the length of NC is 10, shouldn't that be 8 ? The first example has no CNONCE and no NC, my script claims that this is a fatal error for qop=auth, isn't it ? RFC 2617 says that it MUST be sent for a non-empty qop. The password for the 4590 examples isn't shown, therefore I'm unable to check them, even after adjusting the code to treat qop=auth without CNONCE as 2069 fallback. Should I treat CNONCE as empty and make up an NC 00000001 ? Without SASLprep the draft IMO needs some "I18N considerations" about non-ASCII user names and passwords as mandated by BCP 18 (RFC 2277). Frank _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf