Skip to main content

Shepherd writeup
draft-ietf-precis-saslprepbis

1. Summary

Matthew Miller is the document shepherd, and Barry Leiba is the
responsible AD.  The document type is expected to be Proposed
Standard upon publication. This document will obsolete RFC 4013.

This document describes methods for handling internationalized
usernames and passwords. It provides for a more sustainable approach
than SASLprep (RFC 4013) by leveraging the PRECIS framework; this
includes better adaptability to future versions of Unicode. While
oriented toward SASL authentication schemes, the methods in this
document can be applied to other schemes, such as HTTP-based
authentication.


2. Review and Consensus

This document received wide review, including input from individuals
in the KITTEN and HTTP-AUTH Working Groups, and spanned at least two
Working Group Last Calls.  The consensus in the PRECIS Working Group
is to publish this document.

One of the major points of concern was how to handle case mapping in
usernames. In some protocols the case is significant, others it is
not. To address this concern, the consensus was to define two profiles
for usernames that protocols and applications are expected to choose
exactly one of: UsernameCaseMapped for when case is not significant,
and UsernameCasePreserved for when case is significant.

The other major point of concern was how to deal with changes to the
Unicode specifications (e.g., draft-klensin-idna-5892upd-unicode70).
This concern is not specific to this document -- or even to the PRECIS
Working Group -- but is relevant to all IETF technologies dealing with
internationalized text (e.g., IDNA2008 and PRECIS).  The issues are
complex and the IETF has not yet developed mitigations.  The rough
consensus of the Working Group was to proceed with the PRECIS work as
it stands since it is considered a significant improvement over the
Stringprep-based approach, and to address these issues more
comprehensively once future mitigations have been developed.


3. Intellectual Property

The document is submitted in full compliance with BCPs 78 and 79.
There are no IPR disclosures referencing this document.


4. Other Points

This document does not create any new IANA registries.  It does
register three new profiles to the PRECIS Profiles Registry:
UsernameCaseMapped, UsernameCasePreserved, and OpaqueString.

There is one nit about a possible downref to a non-RFC document
(UNICODE);  the reference is correct and meets with the Working
Group's consensus.  Other nits are in regard to updated I-Ds this
document references; there is no concern that this document is
substantively outdated with regards to the references, and it is
expected the RFC Editor will make the appropriate reference updates
before publication.
Back