[jdev] saslprep and nodeprep
Waqas Hussain
waqas20 at gmail.com
Wed Sep 26 15:29:58 UTC 2012
On Tue, Sep 25, 2012 at 11:50 PM, Peter Saint-Andre <stpeter at stpeter.im> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Just FYI, I compared SASLprep (RFC 4013) and Nodeprep (RFC 3920)
> recently and it seems that any XMPP localpart that conforms to
> Nodeprep also conforms to SASLprep
Correct. A localpart conforming to nodeprep also conforms to saslprep.
> , so there is no need to perform
> separate SASLprep processing in XMPP client and server code. If you
> disagree with my conclusions, please let me know. :)
>
> Peter
Not true. SASLprep maps non-ASCII space characters [StringPrep, C.1.2]
to SPACE (U+0020). Nodeprep forbids C.1.2 characters. A string with
non-ASCII space characters needs to be saslprepped before it can pass
nodeprep. Of course, we can get away with just replacing spaces rather
than full saslprep.
Also, all this only applies if the SASL authentication string is an
XMPP localpart :)
Aside: I've been analyzing our various old stringprep profiles (their
overlap, etc), and will soon be comparing them the new stringprep.
--
Waqas Hussain
More information about the JDev
mailing list