From: Jari Arkko <jari.arkko@piuha.net>
To: Bernard Aboba <bernard_aboba@hotmail.com>
CC: Pasi.Eronen@nokia.com, radiusext@ops.ietf.org
Subject: Re: Issue: Treatment of null Identity Response
Date: Tue, 13 Dec 2005 16:25:12 +0200
Bernard Aboba wrote:
RFC 4282 allows use of a userid without a realm ("fred"). It also allows
use of a realm without a userid ("@example.com"). So as far as I can
tell, an NAI without either a userid or realm is allowed as well.
I think not -- here's the ABNF:
nai = username
nai =/ "@" realm
nai =/ username "@" realm
which seems to imply that its either username, realm, or both. And neither
the "username" or "realm" can be an empty string.
One interpretation is that it represents the anonymous NAI of the local
realm, and so is equivalent to "@localrealm". Since RFC 4282 discourages
use of pseudonyms such as "anonymous" it is not clear what the preferred
representation is for "the anonymous user of the local realm". Under this
line of thought, the null userid might not only be legal, it might
actually be the *preferred* representation!
Anyway, even if such a NAI would be legal, I think we should discourage it
at the client side for obvious roaming problems -- of course the NAS side
could
still use that.
But if I can read (or write) ABNF, then its not a legal NAI...
--Jari
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>