Re: Review of RFC 2486bis

[Bernard Aboba <aboba@internaut.com>]

Section 1.3:

Change:

"For use in romaing, this function is accomplished via the Network Access
Identifier (NAI) submitted by the user to the NAS in the initial PPP
authentication."

To:

"For use in romaing, this function is accomplished via the Network Access
Identifier (NAI) submitted by the user to the NAS in the initial network
access authentication."

Section 2.1:

It appears to me that the grammar doesn't match the examples. For
example, eng%nancy@example.net is a valid NAI but it's not
permitted by the grammar.  Neither is eng!nancy@example.net, since
"eng" is not a valid realm.

Section 2.1:

It looks like foo!@example.com and foo!example.com are valid NAIs based on
this grammar. I think this is not right.

I'd suggest:

nai = username / ([realm "!"] naibase ) / ("@" realm)

naibase = username "@" realm

Section 2.1:

"  The grammar for the NAI is given below, described in ABNF as
   documented in [3].  The grammar for the username is based on [6], and
   the grammar for the realm is an updated version of [1]."

Have we run this grammar through the ABNF checker?

I'm not sure whether the grammar described really is based on [6] for the
username. The way the ichar and istring are defined, they can contain all
128 ASCII characters, using the "\x" format. This is compatible with
IDN for the realm. But is it compatible with SASLPREP or IEN? At one point
IEN was talking about using UTF-8. Time to bring in the experts...

Section 2.3:

Change:

"As a result, realm  portion is typically required in order for the
authentication exchange to be routed to the appropriate server."

To:

"As a result, the realm  portion is typically required in order for the
authentication exchange to be routed to the appropriate server."



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>