Re: Normalization of passwords in SASL and SSH

To: Sam Hartman <hartmans-ietf%mit.edu@localhost>
Subject: Re: Normalization of passwords in SASL and SSH
From: Bill Sommerfeld <sommerfeld%sun.com@localhost>
Date: Mon, 29 Nov 2004 17:17:49 -0500

(WG chair hat off.  just my questions)

Why should these proposed rules apply only to passwords and not also to login names?  It seems like the core justification for server side normalization -- that they're often stored in database maintained by a subsystem not under the control of the ssh server implementor -- also applies to usernames.

Is it ever the case that normalization functions would change the human-readable representation meaningfully?  Examples?

If there are multiple available normalization functions it would seem that you might be able to either (a) try several, accept if one matches, and/or (b) "renormalize" already normalized strings using alternate functions, in which case erroneous client-side normalization could well be undone or worked around by the server.

								- Bill

Follow-Ups:
- Re: Normalization of passwords in SASL and SSH
  - From: Sam Hartman

References:
- Normalization of passwords in SASL and SSH
  - From: Sam Hartman

Prev by Date: Re: Normalization of passwords in SASL and SSH
Next by Date: RE: new drafts
Previous by Thread: Re: Normalization of passwords in SASL and SSH
Next by Thread: Re: Normalization of passwords in SASL and SSH
Indexes:

Home | Main Index | Thread Index | Old Index