>>>>> "Alan" == Alan DeKok <[EMAIL PROTECTED]> writes:
Alan> Hao Zhou (hzhou) wrote:
>> I think publishing a "widely" deployed EAP method is orthogonal
>> to publishing a new method meeting EMU charter. I agree
>> publishing the existing method as deployed is something needs
>> to be done quickly. I am still doubtful that adding the extra
>> stuff required to meet the charter (crypto-binding,
>> crypto-agility, synchronized result indication,
>> internationalization),
Alan> I'm not sure why internationalization is an issue. This
Alan> came up in RADEXT a while ago. The consensus at the time
Alan> was that RFC 4282 discusses internationalization of the NAI,
Alan> and that passwords don't need to be internationalized.
Alan> Internationalization matters for *display* to end users.
Alan> Internationalization is about *languages*. Passwords aren't
Alan> displayed, and they aren't words in any language. They're
Alan> opaque tokens that users have memorized, and can repeat on
Alan> demand to demonstrate secret knowledge.
The consensus of the SASL and Kerberos communities has been different.
In particular, these communities believe that it is strongly desirable
that the same password when entered on two different systems actually
work. To get that, you need to deal with issues like normalization.
Otherwise, if you use a system with input methods that produce
combined characters you will get different results than if you use
input methods that produce decomposed characters.
At some level, this is an implementation issue for the server.
However to support the server, you definitely need to label the
character set, discuss any normalization that the client should do
(often none) and set interoperability goals.
_______________________________________________
Emu mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/emu
