Re: Unicode in passwords

From: Stephane Bortzmeyer <bortzmeyer_at_nic.fr>
Date: Wed, 7 Oct 2015 13:16:16 +0200

On Tue, Oct 06, 2015 at 10:53:00PM +0200,
 Philippe Verdy <verdy_p_at_wanadoo.fr> wrote
 a message of 72 lines which said:

> it is highly preferable to extend the character repertoire to
> Unicode and accept letters in NFKC form and unified by case folding

As I said before, "the ship has sailed". RFC 7613 has been published,
and uses NFC and case preservation. It is IMHO useless to reopen this
discussion.

> the recent RFC that forgot the issue : its case-insensitive profile
> based on NFC and conversion to lowercase is definitely broken !)

What is broken is your analysis. RFC 7613 does not convert passwords
to lowercase. Indeed, it says exactly the opposite, which seems to
indicate that you did not read it before calling it broken:

       Case-Mapping Rule: Uppercase and titlecase characters MUST NOT be
       mapped to their lowercase equivalents.
       
Received on Wed Oct 07 2015 - 06:17:55 CDT

This archive was generated by hypermail 2.2.0 : Wed Oct 07 2015 - 06:17:56 CDT