[x500standard] Re: [ldapext] Fwd: I-D Action:draft-zeilenga-ldap-passwords-00.txt
- From: Kurt Zeilenga <Kurt.Zeilenga@xxxxxxxxx>
- To: simo <idra@xxxxxxxxx>
- Date: Mon, 31 Mar 2008 19:50:10 -0700
On Mar 31, 2008, at 5:03 PM, simo wrote:
On Mon, 2008-03-31 at 16:13 -0700, Kurt Zeilenga wrote:
A password doesn't necessarily consist of character data, so specify
their length in characters doesn't make any sense.
In 4.1 you proposed a constraint that password conforms to UTF-8.
In this case data definitely consist of characters.
Here you use character to mean "code point". Above I assumed you
where using character to mean "abstract character".
While a minimum number of code point constraint might be useful, I
think a minimum number of abstract characters constraints would be
more useful. The latter like should be dependent on the SASLprep
constraint, or other constraint which limited passwords to abstract
character sequences.
An administrator, I think, would definitely be confused/disappointed
to
discover that the minimum number of characters accepted varies
depending
on the language used.
Or varied depending on the number of code points used to represent the
abstract character.
(Most latin languages uses mostly 1 byte characters, while many other
languages will use regularly 2 byte (or more) wide characters).
Should we have a default 'Minimum Length of Characters' constraint to
pair to the UTF-8 constraint of 4.1 ?
See above.
4)
The number of constraints seem quite limited, are you open to
suggestion
for more constraint types that are currently commonly used in
various
server implementations ?
Yes.
Thanks,
there are some encoding (utf-8) dependent constraints that are widely
used like:
I was thinking of just having a Unicode Regular Expression constraint.
-- Kurt
-----
www.x500standard.com: The central source for information on the X.500 Directory
Standard.
Other related posts:
