This may be of interest to UASG. Thanks, Nalini Elkins CEO and Founder Inside Products, Inc. www.insidethestack.com (831) 659-8360 --- On Fri, 3/24/17, Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> wrote:
From: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> Subject: [saag] encrypted files with UTF-8/16 passwords To: "IETF SAAG" <saag@ietf.org> Cc: mnystrom@microsoft.com, Kathleen.Moriarty@emc.com, bkaliski@verisign.com Date: Friday, March 24, 2017, 1:07 AM Hi, PKCS#8 (rfc8018) and PKCS#12 (rfc7292) can be used to encrypt keys and certificates with a password. In the first case, PKCS#8 utilizes PKCS#5 for converting a password to an encryption key, and PKCS#5 requires a password to be in UTF-8. For PKCS#12, a password is input in UTF-16 format (mentioned as BMPString in the document) in some preset schemes, but uses UTF-8 for newer schemes like AES via PKCS#5.
However, UTF-8 (and UTF-16) are ambiguous. The same string may have multiple representations, and for that, there are some guidelines in RFC7613 to prepare a unicode string for a password, but they do not update either of these documents.
Given that these are informational RFCs, which would be the proper method to propose an update on them based on these lines and requiring RFC7613 processing for passwords entered in UTF-8?
regards, Nikos
_______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag