Re: New drafts

To: Jeffrey Hutzelman <jhutz%cmu.edu@localhost>
Subject: Re: New drafts
From: Chris Lonvick <clonvick%cisco.com@localhost>
Date: Thu, 28 Oct 2004 19:14:38 -0700 (PDT)

Hi,

On Thu, 28 Oct 2004, Jeffrey Hutzelman wrote:

>
>
> On Thursday, October 28, 2004 12:33:22 -0400 der Mouse
> <mouse%Rodents.Montreal.QC.CA@localhost> wrote:
>
> > Good to see all the new drafts.
> >
> > In architecture-17, I see new text
> >
> > 	It should be noted that these names resemble [RFC0822] email
> > 	addresses.  This is purely coincidental and actually has
> > 	nothing to do with [RFC0822].
> >
> > RFC 822 is long obsolete; shouldn't that refer to 2822?  (Similar
> > remarks apply to assignednumbers-07 4.6.1.)
>
> Actually, RFC822 is not "obsolete"; it is an Internet Standard.
>
> It is entirely appropriate to refer to "RFC822 addresses", especially in a
> context like this where the reference is informative.

OK, I should'a looked before my prior response.  STD-11 still points to
RFC-822.  However, RFC-822 has been "Obsoleted by RFC-2822" and "Updated
by RFC1123, RFC1138, RFC1148, RFC1327, RFC2156".  Nonetheless, it's
usually more appropriate to go with a STD so I'll keep the reference
pointing to RFC-822.


>
>
> > I also see
> >
> > 	(commonly known as the Rogaway attack
> > 	[ROGAWAY],[DAI][BELLARE,KOHNO,NAMPREMPRE],) to work,
> >
> > s/,)/)/ surely?
>
> And s/][/],[/

I used White Out.

>
>
> > userauth-22 contains (in the description of password authentication)
> > more character set issues, similar to those raised by the recent
> > discussion of filenames.  Built into this text is the assumption that a
> > password is a sequence of characters; on most systems, it is actually a
> > sequence of octets, with any conversion between them and characters
> > left undefined.
>
> Sorry; that's just not true.  It wasn't true of filenames and it's not true
> of passwords, either.
>
> Kerberos treats passwords as character strings.
> Windows treats passwords as character strings.
> SASL treats passwords as character strings.
> MacOS X treats passwords as character strings.
> In fact, if you look, you can probably find a number of situations in which
> various UNIX systems treat passwords as character strings and not octet
> strings.  Consider xdm.  Consider the behaviour of 'passwd' with a UTF-8
> locale.


OK.  No changes planned unless we get some consensus.

Thanks,
Chris

References:
- I-D ACTION:draft-ietf-secsh-userauth-22.txt
  - From: Internet-Drafts
- New drafts
  - From: der Mouse
- Re: New drafts
  - From: Jeffrey Hutzelman

Prev by Date: Re: New drafts
Next by Date: Re: New drafts
Previous by Thread: Re: New drafts
Next by Thread: Re: New drafts
Indexes:

Home | Main Index | Thread Index | Old Index