Re: Issue: Treatment of null Identity Response

[Jari Arkko <jari.arkko@piuha.net>]

Bernard Aboba wrote:

> RFC 4282 allows use of a userid without a realm ("fred").  It also 
> allows use of a realm without a userid ("@example.com").   So as far 
> as I can tell, an NAI without either a userid or realm is allowed as 
> well.  

I think not -- here's the ABNF:

  nai         =  username
  nai         =/ "@" realm
  nai         =/ username "@" realm

which seems to imply that its either username, realm, or both. And neither
the "username" or "realm" can be an empty string.

> One interpretation is that it represents the anonymous NAI of the 
> local realm, and so is equivalent to "@localrealm".  Since RFC 4282 
> discourages use of pseudonyms such as "anonymous" it is not clear what 
> the preferred representation is for "the anonymous user of the local 
> realm".  Under this line of thought, the null userid might not only be 
> legal, it might actually be the *preferred* representation!

Anyway, even if such a NAI would be legal, I think we should discourage it
at the client side for obvious roaming problems -- of course the NAS 
side could
still use that.

But if I can read (or write) ABNF, then its not a legal NAI...

--Jari


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>