Unicode in passwords

Stephane Bortzmeyer bortzmeyer at nic.fr
Wed Oct 7 06:16:16 CDT 2015

On Tue, Oct 06, 2015 at 10:53:00PM +0200,
 Philippe Verdy <verdy_p at wanadoo.fr> wrote 
 a message of 72 lines which said:

> it is highly preferable to extend the character repertoire to
> Unicode and accept letters in NFKC form and unified by case folding

As I said before, "the ship has sailed". RFC 7613 has been published,
and uses NFC and case preservation. It is IMHO useless to reopen this

> the recent RFC that forgot the issue : its case-insensitive profile
> based on NFC and conversion to lowercase is definitely broken !)

What is broken is your analysis. RFC 7613 does not convert passwords
to lowercase. Indeed, it says exactly the opposite, which seems to
indicate that you did not read it before calling it broken:

       Case-Mapping Rule: Uppercase and titlecase characters MUST NOT be
       mapped to their lowercase equivalents.

More information about the Unicode mailing list