Re: IKEv2 issue in RFC2486bis

[Jari Arkko <jari.arkko@piuha.net>]

Bernard Aboba wrote:
> > Question: Would this be part of the NAIbis RFC, or a
> > separate RFC?
>
>
> It should be fixed in the IKEv2 I-D that is now under evaluation.

The IKEv2 people will be glad when they hear about this.

> > My interpretation is that this allows any type of text
> > (even non-ASCII), except ASCII control characters. There's
> > also a special treatment for " and \. So it seems that we
> > can carry an internationalized username here, or even a
> > privacy NAI (but the latter would not make sense with
> > current Digest algorithms).
>
>
> OK.  So is the SIP "username" a subset or superset of the NAI user-name
> grammar?

Taking a new look at the RFCs, there's really three
answers:

(1) If you allow for escape (\x), then both syntaxes can
    represent exactly the same username strings. Technically, this
    means that you can take any HTTP Digest username value
    and put into a legal NAI, but you may have to add/remove
    some escape characters.

(2) If you do not allow for escape or don't do the related
    conversion, then there are some strings that are legal
    in a HTTP Digest username value, but illegal in a NAI.
    Example: <nancy>@example.net

(3) NAI spec requires that the domain name part actually
    be a domain name. RFC 2617 did not require that for the
    username part. So conceivably you could use fred@foo_9.com
    in SIP, but that would be invalid as a NAI. Also, a
    AAA node trying to use the domain name part in some
    manner might get into trouble.

--Jari

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>