[NNTP] New NNTP AUTHINFO text

[Russ Allbery]

Hello folks,

We're working, in the NNTP group, to find a good resolution to the
handling of stringprep issues for the legacy AUTHINFO command, which is
documented just for backward compatibility.

We've changed the character set from UTF-8 to an octet string for that
command to avoid part of the problem, and have currently tentatively added
the following text:

+     Also note that historically the username is not canonicalized in
+     any way.  Clients and servers MAY use the [SASLprep] profile of the
+     [StringPrep] algorithm to prepare usernames for transmission or
+     comparison, but doing so may cause interoperability problems with
+     legacy implementations.  If canonicalization is desired, the SASL
+     PLAIN [PLAIN] mechanism is recommended as an alternative.

Does this seem okay and address the concerns that you had?  Or do we need
more work in this area?

Thank you for your advice!

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>