Spec for nameplates and passwords

[felinira]

We should move towards specifying something about how we expect nameplates and passwords to look like.

We have this open, which should be specified here: magic-wormhole/magic-wormhole-mailbox-server#45

And then I was wondering about passwords. Are there any requirements or limitations on valid passwords? Considering these need to be interoperable this might make sense. For example, should spaces be allowed? Invisible characters?

I don't want to overly limit ourselves here (emoji are for example a fun alternative to passwords), but some sort of specification would be good to improve things like regex detection of codes.

If we come to the conclusion that passwords can be anything, it would at least make sense to add this to the spec.

[meejah]

Some thoughts:

• yes, a spec would be good here
• I believe all the Python implementation demands is "number, then dash, then whatever"
• there is https://github.com/magic-wormhole/magic-wormhole-protocols/blob/main/uri-scheme.md which may already limit what "whatever" can actually be?
• I absolutely would love to see experiments with emoji or other things, so wouldn't want to limit too much via spec

There are some concrete use-cases to consider as well:

• different dictionary/word-lists (including "weird" things like emoji) should remain possible
• humans are allowed to simply make up / pre-agree on a password (and nameplate) before any interacting with any software (so weird arbitrary limits that make this hard should be avoided)
• file-transfer is an important use-case, but not the only one