[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Issue: 2486bis internationalization and ! syntax



> One problem with this is that existing code that does the
> query would be unable to do a UTF-8 query but would be
> able to do an IDN query. Oh well, there isn't much Diameter
> usage that would be hit with this...
>
> And there seems to be another more serious problem. Namely, even
> if RADIUS doesn't do DNS queries, it still stores and compares
> strings. If someone has already put in a rule or entry for an
> international DNS name, he has  been able to do so already in
> RFC 2486, because IDNs are really legal DNS names. And he
> likely didn't use UTF-8, because that would have been illegal
> as a NAI. Now, if we suddenly start sending the IDNs as UTF-8
> instead, this will break existing usage. All that is needed for
> this scenario to apply is someone who (a) has an international
> DNS name and (b) has a RADIUS server. What's the likelihood
> of this?
>
> My conclusion: problems in approach #2 seem more likely
> to appear in common cases, so my preference is #1. What
> do others think?

I think that we need to understand more about how existing EAP peer and
RADIUS proxy implementations function with respect to
internationalization.  For example, do existing EAP peer implementations
allow the user to enter UTF-8?  How do existing RADIUS proxy
implementations enter the realm table and how do they compare it against
the realm in the NAI?

I've put out an implementation survey that may help us answer these
questions.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>