[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Stringprep Considered Harmful
Rici Lake writes:
> draft-ietf-ldapbis-strprep-04.txt would define and require the use of a
> stringprep profile for many common LDAP attribute types. The stringprep
> algorithm may fail on certain input strings; if it fails, that input
> string becomes unmatchable.
>
> If all such strings were obviously illegitimate, this would not be a
> problem, but many legitimate strings will fail, and this will create
> problems, some of them serious.
Yes. I don't know much about your specific examples, but in general
I've never understood why people feel the advantages of error returns
from stringprep are more important than the problems they cause.
--
Hallvard