Gene Chang (genchang) wrote: > [EC: ] [EC: ] No... I implied that we cannot assume the backend UI and > the client system UI will convert human input into normalized > passwords the same way unless we explicitly specify the conversion.
Yes. > [EC: ] Whether it is a problem or not depends on your perspective > and on our attitude of being user friendly. I have seen this issue > in the past. Back then, the AAA system could not handle multiple > inputs from multiple character sets. The solution then was to > require all users of a system to "speak" the same language. > In large international deployment, this usually means that all users > us our "English" character set. The time is past for us to expect > single language systems. I agree. The tests I've done on multiple AAA systems indicate that the majority now support UTF-8. This solves many 18n issues, other than composed / decomposed characters. > [EC: ] It depends on where we want to put the normalization and where > we want to handle differences between different operating systems. My opinion is that normalization belongs at the edge, which generally also has information about the language and locale. Once normalization is performed, the password can be sent over the wire *without* language or locale information to the server. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www1.ietf.org/mailman/listinfo/emu
