Re: New drafts

[Jeffrey Hutzelman <jhutz%cmu.edu@localhost>]

On Thursday, October 28, 2004 12:33:22 -0400 der Mouse 
<mouse%Rodents.Montreal.QC.CA@localhost> wrote:

> Good to see all the new drafts.
>
> In architecture-17, I see new text
>
> 	It should be noted that these names resemble [RFC0822] email
> 	addresses.  This is purely coincidental and actually has
> 	nothing to do with [RFC0822].
>
> RFC 822 is long obsolete; shouldn't that refer to 2822?  (Similar
> remarks apply to assignednumbers-07 4.6.1.)

Actually, RFC822 is not "obsolete"; it is an Internet Standard.

It is entirely appropriate to refer to "RFC822 addresses", especially in a 
context like this where the reference is informative.


> I also see
>
> 	(commonly known as the Rogaway attack
> 	[ROGAWAY],[DAI][BELLARE,KOHNO,NAMPREMPRE],) to work,
>
> s/,)/)/ surely?

And s/][/],[/


> userauth-22 contains (in the description of password authentication)
> more character set issues, similar to those raised by the recent
> discussion of filenames.  Built into this text is the assumption that a
> password is a sequence of characters; on most systems, it is actually a
> sequence of octets, with any conversion between them and characters
> left undefined.

Sorry; that's just not true.  It wasn't true of filenames and it's not true 
of passwords, either.

Kerberos treats passwords as character strings.
Windows treats passwords as character strings.
SASL treats passwords as character strings.
MacOS X treats passwords as character strings.
In fact, if you look, you can probably find a number of situations in which 
various UNIX systems treat passwords as character strings and not octet 
strings.  Consider xdm.  Consider the behaviour of 'passwd' with a UTF-8 
locale.

-- Jeffrey T. Hutzelman (N3NHS) <jhutz+%cmu.edu@localhost>
  Sr. Research Systems Programmer
  School of Computer Science - Research Computing Facility
  Carnegie Mellon University - Pittsburgh, PA