On Tue, Sep 15, 2009 at 03:28:01PM +0100, Kurt Zeilenga wrote: > On Sep 15, 2009, at 2:41 PM, John C Klensin wrote: Strangely I don't have John's e-mail; I have only the quoted text to go on. > >--On Tuesday, September 15, 2009 10:55 +0200 Simon Josefsson > ><simon@xxxxxxxxxxxxx> wrote: > > > >> Personally, in > >>the long term I would prefer to deprecate SASLprep in favor of > >>Net-UTF-8 (i.e., RFC 5198) for use in SASL applications. I > >>believe "SHOULD use SASLprep" in SCRAM is a reasonable > >>trade-off considering these factors. > > > >For whatever it is worth, I agree with this analysis. I'm not > >sure that RFC 5198 is an adequate substitute for SASLprep, > > I am quite sure that RFC 5198 is not an adequate substitute for > SASLprep as used in SCRAM to prepare usernames and passwords for > (direct or indirect) comparison. Net-UTF8 is not designed to support > comparison of user names and passwords composed of Unicode characters, > but for the transmission of text. > > [...] +1 Nico -- _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf