[NNTP] AUTHINFO USER/PASS charset & canonicalization

[Russ Allbery]

Ken Murchison <ken at oceana.com> writes:

> I'm not sure I know what you're recommending at this point.  Should I
> remove all references to UTF-8, calling the username and password
> arguments just "string" or "octet string" and use B-CHAR instead of
> P-CHAR in the formal grammar?

I think so, yes.

> What, if anything, are we saying about canonicalization of username? 
> Should I say implementations "MAY" or "SHOULD" use SASLprep?

We seem to be somewhere between MAY and SHOULD.  I don't understand the
issues well enough to be able to pick one or the other.  Sam and Ted both
seemed to feel that recommending canonicalization was worthwhile.  I'm not
sure exactly how canonicalization interacts with existing servers that
don't do canonicalization.  It seems to me that if we're going to
recommend canonicalization, we should say something about the backward
compatibility issues, since that's the whole point of documenting
AUTHINFO.

At the least, we should move back from saying that these strings are in
UTF-8 and instead just treat them as opaque byte strings, since in
practice at those sites that aren't using strict ASCII now, they're not
necessarily going to be UTF-8 (so saying that doesn't help backward
compatibility).

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>