IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Normalization of passwords in SASL and SSH
Sam Hartman wrote:
>
> Hi. A discussion in the IETF 61 secsh meeting re-opened the issue of
> how to handle password normalization for passwords received by the
> server. The ssh protocol had adopted a significantly different
> solution to this problem than the sasl plain mechanism. This concerns
> me; I want to either solve the problem of password normalization in a
> consistent manner or to understand why the ssh requirements are
> different than the sasl requirements.
What are the threats that this normalisation is intended to address?
I'm wary of any recommendations to substantively change the protocol,
especially ones that require implementation of a 91-page RFC
(stringprep) + SASLprep in the privileged path of a server.
-d
Home |
Main Index |
Thread Index |
Old Index