Re: [sasl] Last Call: draft-ietf-sasl-scram

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



IMO, this is a close relative of a different problem, one that's old and well-understood: Characters that shift to different keys when you cross a boundary.

I (now) live in Germany and come from Norway. Germany has Y and Z swapped. Shortly after I started travelling to Germany, I stopped using Y and Z in passwords. They were too much trouble. This is (at least among the people I know) the common solution.

I may well be making a silly mistake, but my gut says that the compatibility mappings will not have a serious enough impact on password entropy that we must make an effort to migrate from SASLprep.

I agree, because I think that if a character doesn't have a reliable, unchanging representation, then using that character in a password today is begging for trouble. Can't be typed on the wrong keyboard/OK, can't be transmitted through a program that happens to normalize the right/wrong way, etc.

Arnt
_______________________________________________

Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]