[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Closing the NAIbis i18n discussion

To: Bernard Aboba <aboba@internaut.com>
Subject: Re: Closing the NAIbis i18n discussion
From: Jari Arkko <jari.arkko@piuha.net>
Date: Wed, 29 Jun 2005 19:07:18 +0300
Cc: radiusext@ops.ietf.org, Alan DeKok <aland@ox.org>
In-reply-to: <Pine.LNX.4.56.0506290629010.25155@internaut.com>
References: <20050511221316.CA58716DD6@mail.nitros9.org> <42B6CEA8.60205@piuha.net> <Pine.LNX.4.56.0506221837290.31279@internaut.com> <42C28BB6.6040508@piuha.net> <Pine.LNX.4.56.0506290629010.25155@internaut.com>
User-agent: Mozilla Thunderbird 1.0 (X11/20041206)

Bernard Aboba wrote:

Well, no you are not correct :-( If the realm part is an IDN-unaware name slot, then transformations from the username part will have to do conversions.

Can you give an example?

internaut<INTCHARINUTF8>.com!bernarda@bt.com ->
bernarda@internaut<INTCHARINASCII>.com

internaut.com!bernarda@bt.com -> bernarda@internaut.com should not require converting internaut.com (straight ASCII), right?

Right.

If internaut.com contained an international character set (e.g. UTF-8), then a conversion should still not be necessary in RADIUS, since DNS lookups aren't done on the realm portion, right?

Well, this assumes that DNS lookups are the only reason
for conversion. I suspect that normalization/canonization
is necessary also for other purposes, such as comparisons,
lookup, and matching in proxies and home servers.

On the other hand, it seems to me that conversions are going to be necessary anyway in some circumstance, and this choice appears to place the conversion burden on a relatively rare function, and in a place where its known for sure that you need to do a conversion. So I think we are picking the lesser of two evils :-)

I agree that conversions may need to be done in some circumstances. But since this is not a common case (might even be nonexistent in RADIUS), there is no need to optimize for it.

Right.

(If we choose UTF-8 for realm part then one might ask if the proxies doing routing or policy lookups based on the realm part would have to normalize realms before comparisons and lookups; its perfectly reasonable that implementations or even users send ASCII based versions of international domain names.)

The implied requirement is that users send domain names in the same format that they are included in the RADIUS proxy routing table. As Alan noted, this assumption seems to work today.

Yes. One case where pure reliance on users might still fail is roaming, if
you have one network which has stored the name in UTF-8 and another
one in ASCII... the user wouldn't know what to enter to get his transaction
routed through the network. That's why I believe its still useful
for the RFC to indicate what the correct format is.

But this is just my not-so-educated understanding of the situation. Other thoughts?

I'm even less educated than you. Perhaps we need to bring in an expert to validate this?

We already tried...

--Jari

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: Closing the NAIbis i18n discussion
  - From: "Alan DeKok" <aland@ox.org>

References:
- Re: Implementation Survey: How does your EAP peer/RADIUS proxy handle internationalization?
  - From: "Alan DeKok" <aland@ox.org>
- Closing the NAIbis i18n discussion
  - From: Jari Arkko <jari.arkko@piuha.net>
- Re: Closing the NAIbis i18n discussion
  - From: Bernard Aboba <aboba@internaut.com>
- Re: Closing the NAIbis i18n discussion
  - From: Jari Arkko <jari.arkko@piuha.net>
- Re: Closing the NAIbis i18n discussion
  - From: Bernard Aboba <aboba@internaut.com>

Prev by Date: Re: Closing the NAIbis i18n discussion
Next by Date: Re: Closing the NAIbis i18n discussion
Previous by thread: Re: Closing the NAIbis i18n discussion
Next by thread: Re: Closing the NAIbis i18n discussion
Index(es):
- Date
- Thread