On Tue, May 23, 2023 at 09:46:58PM -0400, Stephen Frost wrote: > Not without breaking things we support today and for what seems like an > unclear benefit given that we've got channel binding today (though > perhaps we need to make sure there's ways to force it on both sides to > be on and to encourage everyone to do that- which is what this change is > generally about, I think). > > As I recall, the reason we do it the way we do is because the SASL spec > that SCRAM is implemented under requires the username to be utf8 encoded > while we support other encodings, and I don't think we want to break > non-utf8 usage.
Yup, I remember this one, the encoding not being enforced by the protocol has been quite an issue when this was implemented, still I was wondering whether that's something that could be worth revisiting at some degree. -- Michael
signature.asc
Description: PGP signature
