[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Closing the NAIbis i18n discussion



Bernard Aboba wrote:

Well, no you are not correct :-( If the realm part is an IDN-unaware
name slot, then transformations from the username part will
have to do conversions.



Can you give an example?


internaut<INTCHARINUTF8>.com!bernarda@bt.com ->
bernarda@internaut<INTCHARINASCII>.com

internaut.com!bernarda@bt.com -> bernarda@internaut.com should not require
converting internaut.com (straight ASCII), right?


Right.

If internaut.com contained an international character set (e.g. UTF-8),
then a conversion should still not be necessary in RADIUS, since DNS
lookups aren't done on the realm portion, right?


Well, this assumes that DNS lookups are the only reason
for conversion. I suspect that normalization/canonization
is necessary also for other purposes, such as comparisons,
lookup, and matching in proxies and home servers.



On the other hand, it seems to me that conversions are
going to be necessary anyway in some circumstance, and
this choice appears to place the conversion burden on a relatively
rare function, and in a place where its known for sure that
you need to do a conversion. So I think we are picking
the lesser of two evils :-)



I agree that conversions may need to be done in some circumstances. But
since this is not a common case (might even be nonexistent in RADIUS),
there is no need to optimize for it.


Right.



(If we choose UTF-8 for realm part then one might ask
if the proxies doing routing or policy lookups based on the
realm part would have to normalize realms before comparisons
and lookups; its perfectly reasonable that implementations
or even users send ASCII based versions of international
domain names.)



The implied requirement is that users send domain names in the same format
that they are included in the RADIUS proxy routing table. As Alan noted,
this assumption seems to work today.


Yes. One case where pure reliance on users might still fail is roaming, if
you have one network which has stored the name in UTF-8 and another
one in ASCII... the user wouldn't know what to enter to get his transaction
routed through the network. That's why I believe its still useful
for the RFC to indicate what the correct format is.

But this is just my not-so-educated understanding of
the situation. Other thoughts?



I'm even less educated than you. Perhaps we need to bring in an expert to
validate this?


We already tried...

--Jari



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>