IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: New drafts
On Thursday, October 28, 2004 12:33:22 -0400 der Mouse
<mouse%Rodents.Montreal.QC.CA@localhost> wrote:
Good to see all the new drafts.
In architecture-17, I see new text
It should be noted that these names resemble [RFC0822] email
addresses. This is purely coincidental and actually has
nothing to do with [RFC0822].
RFC 822 is long obsolete; shouldn't that refer to 2822? (Similar
remarks apply to assignednumbers-07 4.6.1.)
Actually, RFC822 is not "obsolete"; it is an Internet Standard.
It is entirely appropriate to refer to "RFC822 addresses", especially in a
context like this where the reference is informative.
I also see
(commonly known as the Rogaway attack
[ROGAWAY],[DAI][BELLARE,KOHNO,NAMPREMPRE],) to work,
s/,)/)/ surely?
And s/][/],[/
userauth-22 contains (in the description of password authentication)
more character set issues, similar to those raised by the recent
discussion of filenames. Built into this text is the assumption that a
password is a sequence of characters; on most systems, it is actually a
sequence of octets, with any conversion between them and characters
left undefined.
Sorry; that's just not true. It wasn't true of filenames and it's not true
of passwords, either.
Kerberos treats passwords as character strings.
Windows treats passwords as character strings.
SASL treats passwords as character strings.
MacOS X treats passwords as character strings.
In fact, if you look, you can probably find a number of situations in which
various UNIX systems treat passwords as character strings and not octet
strings. Consider xdm. Consider the behaviour of 'passwd' with a UTF-8
locale.
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+%cmu.edu@localhost>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA
Home |
Main Index |
Thread Index |
Old Index