Dear John, FYI, IETF is working on this issue. See Internet Draft https://tools.ietf.org/html/draft-ietf-precis-saslprepbis-17 based on PRECIS framework RFC 7564 https://tools.ietf.org/html/rfc7564
Best, > 2015/10/01 1:33、John O'Conner <jsocon...@gmail.com> のメール: > > I'm researching potential problems and best practices for password policies > that allow non-Latin-1 Unicode characters. My searching of the unicode.org > site showed me a general security considerations document (UTR #36) but > nothing specific for password policies using Unicode. > > Can you recommend any documents to help me understand potential issues (if > any) for password policies and validation methods that allow characters from > more "exotic" portions of the Unicode space? > > Best regards, > John O'Conner > — Yoriyuki Yamagata National Institute of Advanced Science and Technology (AIST), Senior Researcher http://staff.aist.go.jp/yoriyuki.yamagata/en/