On Tue, May 23, 2023 at 09:46:58PM -0400, Stephen Frost wrote:
> Not without breaking things we support today and for what seems like an
> unclear benefit given that we've got channel binding today (though
> perhaps we need to make sure there's ways to force it on both sides to
> be on and to encourage everyone to do that- which is what this change is
> generally about, I think).
>
> As I recall, the reason we do it the way we do is because the SASL spec
> that SCRAM is implemented under requires the username to be utf8 encoded
> while we support other encodings, and I don't think we want to break
> non-utf8 usage.
Yup, I remember this one, the encoding not being enforced by the
protocol has been quite an issue when this was implemented, still I
was wondering whether that's something that could be worth revisiting
at some degree.
--
Michael
