On Tue, Sep 15, 2009 at 09:41:47AM -0400, John C Klensin wrote: > > [...] > > For whatever it is worth, I agree with this analysis. I'm not > sure that RFC 5198 is an adequate substitute for SASLprep, but > it is far better than unrestricted UTF-8 (which, IMO, we should > no longer be recommending in any protocol that requires > comparison of strings). [OT for the draft-ietf-sasl-scram thread, but possibly of interest to the IETF list.] NFSv4 left normalization form unspecified for filenames. We ended up implementing normalization-insensitive and normalization-preserving behavior in ZFS in Solaris. The normalization-insensitive part and high-performance normalization code was the relatively easy part. The normalization-preserving part was non-trivial, or would be/have been for filesystems that don't/didn't already hash directory contents (as ZFS did). (ZFS uses locally normalized file names as input to the hash function, but stores application-/remote fs protocol-provided file names unnormalized in the directory hash entries.) The lesson is, IMO, that in the general case I think we can get way with not specifying normalization forms for _query_ strings, but not for _storage_ strings. Nico -- _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf