That sounds good. Would be good to have text stating that passwords of length 255 characters (the current max) shall be allowed. Requiring a minimum length of 8 or a least 6 characters would be good.
Cheers, John From: Emu <emu-boun...@ietf.org> on behalf of Alan DeKok <al...@deployingradius.com> Date: Wednesday, 25 January 2023 at 02:15 To: EMU WG <emu@ietf.org> Subject: [Emu] draft-ietf-emu-rfc7170bis-03.txt and password length Section 4.2.14 (Basic-Password-Auth-Resp TLV) defines the length of the password "PassLen" as "Length of Password field in octets'. However, there is no requirement that the length be greater than zero. The same issue goes for the UserLen field. TBH, any password less than 8 octets should be viewed with great suspicion. I'll push some text, unless anyone has objections. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
