IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: New drafts



[Jeffrey Hutzelman <jhutz%cmu.edu@localhost>, replying to me]
>> RFC 822 is long obsolete; shouldn't that refer to 2822?
> Actually, RFC822 is not "obsolete"; it is an Internet Standard.

The RFC index I fetched on 2004-10-19 says

0822 Standard for the format of ARPA Internet text messages. D.
     Crocker. Aug-13-1982. (Format: TXT=109200 bytes) (Obsoletes RFC0733)
     (Obsoleted by RFC2822) (Updated by RFC1123, RFC1138, RFC1148,
     RFC1327, RFC2156) (Also STD0011) (Status: STANDARD)

I'm not sure what other construction to put on that "Obsolete by" bit.

> It is entirely appropriate to refer to "RFC822 addresses", especially
> in a context like this where the reference is informative.

Perhaps, but to reference 822 rather than 2822 for them?

>> 	(commonly known as the Rogaway attack
>> 	[ROGAWAY],[DAI][BELLARE,KOHNO,NAMPREMPRE],) to work,
>> s/,)/)/ surely?
> And s/][/],[/

Actually, I find I cut-and-pasted from the old version of that text
rather than the new - both have the ,) problem, but the new text
doesn't have the ][ problem.

>> Built into [userauth-22] is the assumption that a password is a
>> sequence of characters; on most systems, it is actually a sequence
>> of octets, with any conversion between them and characters left
>> undefined.
> Sorry; that's just not true.

It's true on every system I've ever used enough to know how passwords
work on it - which admittedly is restricted to Unix variants.

> In fact, if you look, you can probably find a number of situations in
> which various UNIX systems treat passwords as character strings and
> not octet strings.  Consider xdm.

xdm login windows treat passwords as character strings, yes - but it's
the octet sequences behind them that matter: the password is actually
the octet sequence, not the character sequence. If you set your
password to "rÃë" using 8859-1 (ie, 0x72 0xc3 0xeb), I believe you'll
find you can log in just fine to an xdm login window using 8859-7 by
typing a password consisting of characters two of which I can't display
here in 8859-1: r, capital gamma, lowercase lambda.  (I phrase it that
way because I can't try it; I can't tell how to set the locale for an
arbitrary program, and my xdm (R6.4) doesn't seem to have any explicit
options for it.)  If the password truly were the sequence of characters
rather than the sequence of octets, that wouldn't work.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse%rodents.montreal.qc.ca@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B



Home | Main Index | Thread Index | Old Index