On 25.01.23 09:21, John Mattsson wrote:
If you want to add some implementation guidance I think that's fine, but this isn't really a protocol consideration. I could envision the following circumstance, by the way: a username triggers the server to initiate a new inner method, and the password is not sent, knowing this. Or the password is ignored.That sounds good. Would be good to have text stating that passwords of length 255 characters (the current max) shall be allowed. Requiring a minimum length of 8 or a least 6 characters would be good.
Eliot
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
