[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: internationalization of textual passwords



BTW, SASLprep is detailed in:
  http://www.ietf.org/internet-drafts/draft-ietf-sasl-saslprep-00.txt

Kurt

At 09:42 AM 2/27/2003, Kurt D. Zeilenga wrote:
>While the simple bind password and userPassword are OCTET STRINGs
>and to be compared using octetStringMatch (and I continue to think
>this should not be changed, see past discussions), I (as an
>individual) think it would be appropriate to RECOMMEND that clients
>which provide textual passwords "prepare", using SASLprep, the
>string before transmission to the server to ensure that like
>passwords will match.  Use of SASLprep here, aside from ensuring
>consistency between all LDAP clients desiring to use textual
>passwords, would allow the textual strings to be used in various
>SASL mechanisms which use SASLprep.
>
>Comments?
>
>Kurt