Hi. I would appreciate if this document contained a discussion of the implications for RFCs that currently normatively reference RFC 4013. This is warranted since the new document intends to obsolete RFC 4013. SASLprep and the several profiles defined by this document give different outputs for some inputs. This new protocol can also give different outputs depending on which Unicode version the implementation uses. Further, it is not clear how to map different uses of SASLprep into the different profiles described in this document. Combined, these aspects may lead to interoperability and security issues if migration is not coordinated among protocols and implementations. Essentially, what does it mean for this document to obsolete RFC 4013 for an implementation implements a protocol that normatively reference RFC 4013? When are implementations supposed to be updated to use this document? Now, or when the respective RFC is updated to point towards this new document? I have read section 6 on migration. It is helpful, but does not really address the question above. If my assumption that other RFCs needs to be updated before implementations should be updated, please consider clarifying this in the document by adding a paragraph like this to section 6. Feel free to reword or rewrite this as you want. While this section describes migration, this document does not have any direct implication for implementations that implement RFCs that uses SASLprep today. These RFCs will each need to be updated before implementation should migrate to using the techniques described in this document. Non-coordinated updates of protocol implementations can affect interoperability and security and is therefor discouraged. Thanks, /Simon
Attachment:
signature.asc
Description: PGP signature