Here is where I think we are:1. In RFC 2486bis a null NAI is not legal. So no data in the EAP-Response/Identity should not be treated as a request for privacy (e.g. the anonymous user within the local realm). If the desire is to indicate "the anonymous user in the local realm" then the NAI "@localrealm" should be used instead.
2. Since there is no identity in the EAP-Response/Identity field, the RADIUS client should include the Calling-Station-ID (MAC Address) in the User-Name field, as it would for Service Type = Call Check. However, the Service-Type should not actually be set to Call-Check since the call has already been accepted.
From: Jari Arkko <jari.arkko@piuha.net> To: Bernard Aboba <bernard_aboba@hotmail.com> CC: Pasi.Eronen@nokia.com, radiusext@ops.ietf.org Subject: Re: Issue: Treatment of null Identity Response Date: Wed, 14 Dec 2005 13:10:19 +0200 I think we should (1) discourage use of empty string in the client for privacy purposes and (2) document the different current usage in the NAS side and recommend X for new implementations. I'm leaning on X being no User-Name but use of CSID instead. --Jari
-- to unsubscribe send a message to radiusext-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/radiusext/>