IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
UTF8 username/password issue summary
The current userauth document specifies the use of unnormalized UTF-8 on
the wire and recommends the use of saslprep to normalize them on the server
end. This allows for considerable flexibility in implementation; for
passwords, you may even be able to store per-user hints for this
normalization. Ultimately, however, local OS considerations on the server
will dominate and may constrain what can be done on the server.
There was considerable discussion of this approach in Jan/Feb of this year.
My conclusion from this discussion is that there is no known technical problem with a "just send unnormalized utf8" approach; however,
because there's a general shortage of implementation experience
with non-USASCII usernames and passwords, I don't have a whole lot of confidence that it won't need tweaks in the future.
As an aside, the userauth doc mentions the normalization issue for user
names only in passing (during the password discussion).
- Bill
Home |
Main Index |
Thread Index |
Old Index