[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: RFC 2486bis issue: "Decorated" NAIs and IDN support

To: <jari.arkko@piuha.net>, <aboba@internaut.com>
Subject: RE: RFC 2486bis issue: "Decorated" NAIs and IDN support
From: <john.loughney@nokia.com>
Date: Mon, 18 Jul 2005 08:11:05 +0300
Cc: <Pasi.Eronen@nokia.com>, <paul.hoffman@vpnc.org>, <hardie@qualcomm.com>, <paf@cisco.com>, <radiusext@ops.ietf.org>, <aland@ox.org>

Jari,

I think that this text is good to add.

thanks,
John

> -----Original Message-----
> From: owner-radiusext@ops.ietf.org
> [mailto:owner-radiusext@ops.ietf.org]On Behalf Of ext Jari Arkko
> Sent: 17 July, 2005 00:03
> To: Bernard Aboba
> Cc: Eronen Pasi (Nokia-NRC/Helsinki); paul.hoffman@vpnc.org;
> hardie@qualcomm.com; paf@cisco.com; radiusext@ops.ietf.org; 
> aland@ox.org
> Subject: Re: RFC 2486bis issue: "Decorated" NAIs and IDN support
> 
> 
> Here are the additional text changes, draft URL in the quoted
> mail has also been updated.
> 
> Section 2.5, add at the end:
> 
>    The responsibility for the conversion of international domain names
>    to ASCII is left for the end-systems, such as network 
> access clients
>    and AAA servers.  Similarly, we expect domain name comparisons,
>    matching, resolution, and AAA routing to be performed on the ASCII
>    versions of the international domain names.  This provides a
>    canonical representation, ensures that intermediate systems such as
>    AAA proxies do not need to perform translations, and can 
> be expected
>    to work through systems that are unaware of international character
>    sets.
> 
> Section 2.7, add at the end:
> 
>    Note that the syntax described in this section is optional, and is
>    not a part of the ABNF.  The '!' character may appear in 
> the username
>    portion of a NAI for other purposes as well, and in those cases the
>    rules outlined here do not apply; the interpretation of 
> the username
>    is up to an agreement between the identified user and the 
> realm given
>    after the '@' character.
> 
> --Jari
> 
> Bernard Aboba wrote:
> 
> >Since this is a RADEXT WG draft, would it be possible to 
> include the logic
> >below in the document itself?  If we don't, I can imagine 
> having this same
> >conversation in the future.
> >
> >On Sat, 16 Jul 2005, Jari Arkko wrote:
> >
> >  
> >
> >>Time is running out, so I'm going ahead with submitting
> >>a revision. Here's what I think we agreed:
> >>
> >>1. It is the responsibility of the peer to provide the NAI in
> >>    the correct (IDN-unaware ASCII) format.
> >>
> >>2. Similarly, it is the responsibility of the RADIUS proxy to
> >>    provide its realm table entries in the same ASCII format.
> >>
> >>3. As a result, the proxy does not need to do any conversions in the
> >>    manipulation of "decorated" NAIs. For example, a proxy can
> >>    convert microsoft.com!bernarda@bt.com ->
> >>    bernarda@microsoft.com without having to "translate"
> >>    microsoft.com (assuming that this contained only appropriately
> >>    formatted ASCII characters).
> >>
> >>4. If a DNS lookup needs to be done (not required in RADIUS but
> >>    potentially needed in Diameter) then the proxy can use the
> >>    realm directly without conversion.
> >>
> >>5. Make the '!' related requirements outside the ABNF, because we
> >>    do not _require_ the '!' syntax to be used, '!' is still legal
> >>    to be used for any purpose between consenting parties.
> >>
> >>Here are the suggested text changes. In Section 2.7:
> >>
> >>OLD:
> >>In this case, the part before the (non-escaped) '!' MUST be a
> >>realm name as defined in the ABNF in Section 2.1. When
> >>receiving such an NAI, ...
> >>
> >>NEW:
> >>In this case, the part before the (non-escaped) '!' MUST be a
> >>realm name as defined in the ABNF in Section 2.1. This realm
> >>name is an "IDN-unaware domain name slot", just like the
> >>realm name after the "@" character; see Section 2.4 for
> >>details. When receiving such an NAI, ...
> >>
> >>And a pointer to a new draft revision:
> >>
> >>  http://www.arkko.com/publications/nai/naibis.txt
> >>  http://www.arkko.com/publications/nai/naibisdiff.html
> >>
> >>I'll submit this by monday, if there are further comments please
> >>make them before that.
> >>
> >>--Jari
> >>
> >>
> >>
> >>--
> >>to unsubscribe send a message to radiusext-request@ops.ietf.org with
> >>the word 'unsubscribe' in a single line as the message text body.
> >>archive: <http://psg.com/lists/radiusext/>
> >>
> >>    
> >>
> >
> >
> >  
> >
> 
> 
> 
> --
> to unsubscribe send a message to radiusext-request@ops.ietf.org with
> the word 'unsubscribe' in a single line as the message text body.
> archive: <http://psg.com/lists/radiusext/>
> 

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: Re: RFC 2486bis issue: "Decorated" NAIs and IDN support
Next by Date: new version of draft-ietf-radext-digest-auth
Previous by thread: Re: RFC 2486bis issue: "Decorated" NAIs and IDN support
Next by thread: Last call on MIB documents?
Index(es):
- Date
- Thread