IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: New drafts
Hi,
On Thu, 28 Oct 2004, Jeffrey Hutzelman wrote:
>
>
> On Thursday, October 28, 2004 12:33:22 -0400 der Mouse
> <mouse%Rodents.Montreal.QC.CA@localhost> wrote:
>
> > Good to see all the new drafts.
> >
> > In architecture-17, I see new text
> >
> > It should be noted that these names resemble [RFC0822] email
> > addresses. This is purely coincidental and actually has
> > nothing to do with [RFC0822].
> >
> > RFC 822 is long obsolete; shouldn't that refer to 2822? (Similar
> > remarks apply to assignednumbers-07 4.6.1.)
>
> Actually, RFC822 is not "obsolete"; it is an Internet Standard.
>
> It is entirely appropriate to refer to "RFC822 addresses", especially in a
> context like this where the reference is informative.
OK, I should'a looked before my prior response. STD-11 still points to
RFC-822. However, RFC-822 has been "Obsoleted by RFC-2822" and "Updated
by RFC1123, RFC1138, RFC1148, RFC1327, RFC2156". Nonetheless, it's
usually more appropriate to go with a STD so I'll keep the reference
pointing to RFC-822.
>
>
> > I also see
> >
> > (commonly known as the Rogaway attack
> > [ROGAWAY],[DAI][BELLARE,KOHNO,NAMPREMPRE],) to work,
> >
> > s/,)/)/ surely?
>
> And s/][/],[/
I used White Out.
>
>
> > userauth-22 contains (in the description of password authentication)
> > more character set issues, similar to those raised by the recent
> > discussion of filenames. Built into this text is the assumption that a
> > password is a sequence of characters; on most systems, it is actually a
> > sequence of octets, with any conversion between them and characters
> > left undefined.
>
> Sorry; that's just not true. It wasn't true of filenames and it's not true
> of passwords, either.
>
> Kerberos treats passwords as character strings.
> Windows treats passwords as character strings.
> SASL treats passwords as character strings.
> MacOS X treats passwords as character strings.
> In fact, if you look, you can probably find a number of situations in which
> various UNIX systems treat passwords as character strings and not octet
> strings. Consider xdm. Consider the behaviour of 'passwd' with a UTF-8
> locale.
OK. No changes planned unless we get some consensus.
Thanks,
Chris
Home |
Main Index |
Thread Index |
Old Index