Dnia Sun, 24 Nov 2024 11:22:18 +0000, Gioele Barabucci napisał(a): > On 24/11/24 10:43, nick black wrote: > > Gioele Barabucci left as an exercise for the reader: > > > On 23/11/24 09:32, Johannes Schauer Marin Rodrigues wrote: > > > > But my 2 cents on the topic are: Lets please allow more than ascii in > > > > usernames. > > > > > > potentially insecure (homographs) and at > > > high-risk of breaking existing applications (lack of standardized > > > normalization form). > > > > i'm not sure why this is being repeated. > > > > https://unicode.org/reports/tr15/ > > Dear Nick, > > You may have misunderstood that phrase. I was not referring to the fact that > there are no standardized normalization forms for Unicode (I explicitly > mention Annex 15 in [1]), but to the fact that there is no standard that > specifies which of the possible normalization forms should be used for > account names (and other fields in passwd). > > POSIX explicitly limits itself of a subset of ASCII, so it is not going to > mandate any normalization form. Are there other standards (or initiatives) > in this area that you know of?
What about RFC 8265? "Preparation, Enforcement, and Comparison of Internationalized Strings Representing Usernames and Passwords" https://datatracker.ietf.org/doc/html/rfc8265 > Regards, > > [1] https://lists.debian.org/debian-devel/2024/11/msg00305.html -- Michał Politowski
