summaryrefslogtreecommitdiff
path: root/lib/wind/rfc4013.txt
diff options
context:
space:
mode:
Diffstat (limited to 'lib/wind/rfc4013.txt')
-rw-r--r--lib/wind/rfc4013.txt339
1 files changed, 0 insertions, 339 deletions
diff --git a/lib/wind/rfc4013.txt b/lib/wind/rfc4013.txt
deleted file mode 100644
index 54a1d3158..000000000
--- a/lib/wind/rfc4013.txt
+++ /dev/null
@@ -1,339 +0,0 @@
-
-
-
-
-
-
-Network Working Group K. Zeilenga
-Request for Comments: 4013 OpenLDAP Foundation
-Category: Standards Track February 2005
-
-
- SASLprep: Stringprep Profile for User Names and Passwords
-
-Status of This Memo
-
- This document specifies an Internet standards track protocol for the
- Internet community, and requests discussion and suggestions for
- improvements. Please refer to the current edition of the "Internet
- Official Protocol Standards" (STD 1) for the standardization state
- and status of this protocol. Distribution of this memo is unlimited.
-
-Copyright Notice
-
- Copyright (C) The Internet Society (2005).
-
-Abstract
-
- This document describes how to prepare Unicode strings representing
- user names and passwords for comparison. The document defines the
- "SASLprep" profile of the "stringprep" algorithm to be used for both
- user names and passwords. This profile is intended to be used by
- Simple Authentication and Security Layer (SASL) mechanisms (such as
- PLAIN, CRAM-MD5, and DIGEST-MD5), as well as other protocols
- exchanging simple user names and/or passwords.
-
-1. Introduction
-
- The use of simple user names and passwords in authentication and
- authorization is pervasive on the Internet. To increase the
- likelihood that user name and password input and comparison work in
- ways that make sense for typical users throughout the world, this
- document defines rules for preparing internationalized user names and
- passwords for comparison. For simplicity and implementation ease, a
- single algorithm is defined for both user names and passwords.
-
- The algorithm assumes all strings are comprised of characters from
- the Unicode [Unicode] character set.
-
- This document defines the "SASLprep" profile of the "stringprep"
- algorithm [StringPrep].
-
- The profile is designed for use in Simple Authentication and Security
- Layer ([SASL]) mechanisms, such as [PLAIN], [CRAM-MD5], and
- [DIGEST-MD5]. It may be applicable where simple user names and
-
-
-
-Zeilenga Standards Track [Page 1]
-
-RFC 4013 SASLprep February 2005
-
-
- passwords are used. This profile is not intended for use in
- preparing identity strings that are not simple user names (e.g.,
- email addresses, domain names, distinguished names), or where
- identity or password strings that are not character data, or require
- different handling (e.g., case folding).
-
- This document does not alter the technical specification of any
- existing protocols. Any specification that wishes to use the
- algorithm described in this document needs to explicitly incorporate
- this document and provide precise details as to where and how this
- algorithm is used by implementations of that specification.
-
-2. The SASLprep Profile
-
- This section defines the "SASLprep" profile of the "stringprep"
- algorithm [StringPrep]. This profile is intended for use in
- preparing strings representing simple user names and passwords.
-
- This profile uses Unicode 3.2 [Unicode].
-
- Character names in this document use the notation for code points and
- names from the Unicode Standard [Unicode]. For example, the letter
- "a" may be represented as either <U+0061> or <LATIN SMALL LETTER A>.
- In the lists of mappings and the prohibited characters, the "U+" is
- left off to make the lists easier to read. The comments for
- character ranges are shown in square brackets (such as "[CONTROL
- CHARACTERS]") and do not come from the standard.
-
- Note: A glossary of terms used in Unicode can be found in [Glossary].
- Information on the Unicode character encoding model can be found in
- [CharModel].
-
-2.1. Mapping
-
- This profile specifies:
-
- - non-ASCII space characters [StringPrep, C.1.2] that can be
- mapped to SPACE (U+0020), and
-
- - the "commonly mapped to nothing" characters [StringPrep, B.1]
- that can be mapped to nothing.
-
-2.2. Normalization
-
- This profile specifies using Unicode normalization form KC, as
- described in Section 4 of [StringPrep].
-
-
-
-
-
-Zeilenga Standards Track [Page 2]
-
-RFC 4013 SASLprep February 2005
-
-
-2.3. Prohibited Output
-
- This profile specifies the following characters as prohibited input:
-
- - Non-ASCII space characters [StringPrep, C.1.2]
- - ASCII control characters [StringPrep, C.2.1]
- - Non-ASCII control characters [StringPrep, C.2.2]
- - Private Use characters [StringPrep, C.3]
- - Non-character code points [StringPrep, C.4]
- - Surrogate code points [StringPrep, C.5]
- - Inappropriate for plain text characters [StringPrep, C.6]
- - Inappropriate for canonical representation characters
- [StringPrep, C.7]
- - Change display properties or deprecated characters
- [StringPrep, C.8]
- - Tagging characters [StringPrep, C.9]
-
-2.4. Bidirectional Characters
-
- This profile specifies checking bidirectional strings as described in
- [StringPrep, Section 6].
-
-2.5. Unassigned Code Points
-
- This profile specifies the [StringPrep, A.1] table as its list of
- unassigned code points.
-
-3. Examples
-
- The following table provides examples of how various character data
- is transformed by the SASLprep string preparation algorithm
-
- # Input Output Comments
- - ----- ------ --------
- 1 I<U+00AD>X IX SOFT HYPHEN mapped to nothing
- 2 user user no transformation
- 3 USER USER case preserved, will not match #2
- 4 <U+00AA> a output is NFKC, input in ISO 8859-1
- 5 <U+2168> IX output is NFKC, will match #1
- 6 <U+0007> Error - prohibited character
- 7 <U+0627><U+0031> Error - bidirectional check
-
-4. Security Considerations
-
- This profile is intended to prepare simple user name and password
- strings for comparison or use in cryptographic functions (e.g.,
- message digests). The preparation algorithm was specifically
- designed such that its output is canonical, and it is well-formed.
-
-
-
-Zeilenga Standards Track [Page 3]
-
-RFC 4013 SASLprep February 2005
-
-
- However, due to an anomaly [PR29] in the specification of Unicode
- normalization, canonical equivalence is not guaranteed for a select
- few character sequences. These sequences, however, do not appear in
- well-formed text. This specification was published despite this
- known technical problem. It is expected that this specification will
- be revised before further progression on the Standards Track (after
- [Unicode] and/or [StringPrep] specifications have been updated to
- address this problem).
-
- It is not intended for preparing identity strings that are not simple
- user names (e.g., distinguished names, domain names), nor is the
- profile intended for use of simple user names that require different
- handling (such as case folding). Protocols (or applications of those
- protocols) that have application-specific identity forms and/or
- comparison algorithms should use mechanisms specifically designed for
- these forms and algorithms.
-
- Application of string preparation may have an impact upon the
- feasibility of brute force and dictionary attacks. While the number
- of possible prepared strings is less than the number of possible
- Unicode strings, the number of usable names and passwords is greater
- than as if only ASCII was used. Though SASLprep eliminates some
- Unicode code point sequences as possible prepared strings, that
- elimination generally makes the (canonical) output forms practicable
- and prohibits nonsensical inputs.
-
- User names and passwords should be protected from eavesdropping.
-
- General "stringprep" and Unicode security considerations apply. Both
- are discussed in [StringPrep].
-
-5. IANA Considerations
-
- This document details the "SASLprep" profile of the [StringPrep]
- protocol. This profile has been registered in the stringprep profile
- registry.
-
- Name of this profile: SASLprep
- RFC in which the profile is defined: RFC 4013
- Indicator whether or not this is the newest version of the
- profile: This is the first version of the SASPprep profile.
-
-6. Acknowledgement
-
- This document borrows text from "Preparation of Internationalized
- Strings ('stringprep')" and "Nameprep: A Stringprep Profile for
- Internationalized Domain Names", both by Paul Hoffman and Marc
- Blanchet. This document is a product of the IETF SASL WG.
-
-
-
-Zeilenga Standards Track [Page 4]
-
-RFC 4013 SASLprep February 2005
-
-
-7. Normative References
-
- [StringPrep] Hoffman, P. and M. Blanchet, "Preparation of
- Internationalized Strings ("stringprep")", RFC 3454,
- December 2002.
-
- [Unicode] The Unicode Consortium, "The Unicode Standard, Version
- 3.2.0" is defined by "The Unicode Standard, Version
- 3.0" (Reading, MA, Addison-Wesley, 2000. ISBN 0-201-
- 61633-5), as amended by the "Unicode Standard Annex
- #27: Unicode 3.1"
- (http://www.unicode.org/reports/tr27/) and by the
- "Unicode Standard Annex #28: Unicode 3.2"
- (http://www.unicode.org/reports/tr28/).
-
-8. Informative References
-
- [Glossary] The Unicode Consortium, "Unicode Glossary",
- <http://www.unicode.org/glossary/>.
-
- [CharModel] Whistler, K. and M. Davis, "Unicode Technical Report
- #17, Character Encoding Model", UTR17,
- <http://www.unicode.org/unicode/reports/tr17/>, August
- 2000.
-
- [SASL] Melnikov, A., Ed., "Simple Authentication and Security
- Layer (SASL)", Work in Progress.
-
- [CRAM-MD5] Nerenberg, L., "The CRAM-MD5 SASL Mechanism", Work in
- Progress.
-
- [DIGEST-MD5] Leach, P., Newman, C., and A. Melnikov, "Using Digest
- Authentication as a SASL Mechanism", Work in Progress.
-
- [PLAIN] Zeilenga, K., Ed., "The Plain SASL Mechanism", Work in
- Progress.
-
- [PR29] "Public Review Issue #29: Normalization Issue",
- <http://www.unicode.org/review/pr-29.html>, February
- 2004.
-
-Author's Address
-
- Kurt D. Zeilenga
- OpenLDAP Foundation
-
- EMail: Kurt@OpenLDAP.org
-
-
-
-
-Zeilenga Standards Track [Page 5]
-
-RFC 4013 SASLprep February 2005
-
-
-Full Copyright Statement
-
- Copyright (C) The Internet Society (2005).
-
- This document is subject to the rights, licenses and restrictions
- contained in BCP 78, and except as set forth therein, the authors
- retain all their rights.
-
- This document and the information contained herein are provided on an
- "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
- OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
- ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
- INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
- INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
- WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-
-Intellectual Property
-
- The IETF takes no position regarding the validity or scope of any
- Intellectual Property Rights or other rights that might be claimed to
- pertain to the implementation or use of the technology described in
- this document or the extent to which any license under such rights
- might or might not be available; nor does it represent that it has
- made any independent effort to identify any such rights. Information
- on the IETF's procedures with respect to rights in IETF Documents can
- be found in BCP 78 and BCP 79.
-
- Copies of IPR disclosures made to the IETF Secretariat and any
- assurances of licenses to be made available, or the result of an
- attempt made to obtain a general license or permission for the use of
- such proprietary rights by implementers or users of this
- specification can be obtained from the IETF on-line IPR repository at
- http://www.ietf.org/ipr.
-
- The IETF invites any interested party to bring to its attention any
- copyrights, patents or patent applications, or other proprietary
- rights that may cover technology that may be required to implement
- this standard. Please address the information to the IETF at ietf-
- ipr@ietf.org.
-
-
-Acknowledgement
-
- Funding for the RFC Editor function is currently provided by the
- Internet Society.
-
-
-
-
-
-
-Zeilenga Standards Track [Page 6]
-
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-07 18:50:35 +0000