[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RFC 2486bis issue: "Decorated" NAIs and IDN support



Here are the additional text changes, draft URL in the quoted
mail has also been updated.

Section 2.5, add at the end:

  The responsibility for the conversion of international domain names
  to ASCII is left for the end-systems, such as network access clients
  and AAA servers.  Similarly, we expect domain name comparisons,
  matching, resolution, and AAA routing to be performed on the ASCII
  versions of the international domain names.  This provides a
  canonical representation, ensures that intermediate systems such as
  AAA proxies do not need to perform translations, and can be expected
  to work through systems that are unaware of international character
  sets.

Section 2.7, add at the end:

  Note that the syntax described in this section is optional, and is
  not a part of the ABNF.  The '!' character may appear in the username
  portion of a NAI for other purposes as well, and in those cases the
  rules outlined here do not apply; the interpretation of the username
  is up to an agreement between the identified user and the realm given
  after the '@' character.

--Jari

Bernard Aboba wrote:

Since this is a RADEXT WG draft, would it be possible to include the logic
below in the document itself?  If we don't, I can imagine having this same
conversation in the future.

On Sat, 16 Jul 2005, Jari Arkko wrote:



Time is running out, so I'm going ahead with submitting
a revision. Here's what I think we agreed:

1. It is the responsibility of the peer to provide the NAI in
   the correct (IDN-unaware ASCII) format.

2. Similarly, it is the responsibility of the RADIUS proxy to
   provide its realm table entries in the same ASCII format.

3. As a result, the proxy does not need to do any conversions in the
   manipulation of "decorated" NAIs. For example, a proxy can
   convert microsoft.com!bernarda@bt.com ->
   bernarda@microsoft.com without having to "translate"
   microsoft.com (assuming that this contained only appropriately
   formatted ASCII characters).

4. If a DNS lookup needs to be done (not required in RADIUS but
   potentially needed in Diameter) then the proxy can use the
   realm directly without conversion.

5. Make the '!' related requirements outside the ABNF, because we
   do not _require_ the '!' syntax to be used, '!' is still legal
   to be used for any purpose between consenting parties.

Here are the suggested text changes. In Section 2.7:

OLD:
In this case, the part before the (non-escaped) '!' MUST be a
realm name as defined in the ABNF in Section 2.1. When
receiving such an NAI, ...

NEW:
In this case, the part before the (non-escaped) '!' MUST be a
realm name as defined in the ABNF in Section 2.1. This realm
name is an "IDN-unaware domain name slot", just like the
realm name after the "@" character; see Section 2.4 for
details. When receiving such an NAI, ...

And a pointer to a new draft revision:

 http://www.arkko.com/publications/nai/naibis.txt
 http://www.arkko.com/publications/nai/naibisdiff.html

I'll submit this by monday, if there are further comments please
make them before that.

--Jari



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>










-- to unsubscribe send a message to radiusext-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/radiusext/>