IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Normalization of passwords in SASL and SSH
(WG chair hat off. just my questions)
Why should these proposed rules apply only to passwords and not also to login names? It seems like the core justification for server side normalization -- that they're often stored in database maintained by a subsystem not under the control of the ssh server implementor -- also applies to usernames.
Is it ever the case that normalization functions would change the human-readable representation meaningfully? Examples?
If there are multiple available normalization functions it would seem that you might be able to either (a) try several, accept if one matches, and/or (b) "renormalize" already normalized strings using alternate functions, in which case erroneous client-side normalization could well be undone or worked around by the server.
- Bill
Home |
Main Index |
Thread Index |
Old Index