Re: [Emu] EAP, RADIUS, UTF-8, RFC 4282 and SASLPREP: the interop nightmare

[Alan DeKok <aland@deployingradius.com>]

Bernard Aboba wrote:
> [BA] I agree.  I don't know of any EAP peers that encode the NAI this way
> (although, based on Stefan's tests, they may not use UTF-8 either). 

  I think the correct term is "memcpy".

> [BA] Interesting.  NAIs and e-mail addresses are similar; ...

  Often the same.  Leveraging EAI would be beneficial.

> Since both EAP Identity and RADIUS User-Name are 8-bit clean, the
> same logic (and probably, much of the ABNF) would seem to apply here. 

  I would like very much to know if anyone thinks that they *cannot* be
applied here.

> [BA] I'm trying to understand why the ASCII limitation exists in the first
> place. 
> Presumably there are security protocols out there that utilize UTF-8 encoded
> usernames 
> or  NAIs (perhaps after some normalization procedure), right? 

  Or, it was easier to say "ASCII", and to avoid any unknowns that might
occur of 8-bit data is used.

  Given Stefan's test of MS-CHAP && ISO-8895-15 encodings, I think the
ASCII limitation in the spec is not matched by any similar limitations
in the code.

>> Potentially anywhere a user identifier is used.  User-Name, CUI, and
>> other protocols such as Kerberos.
> 
> RFC 4372 (CUI) Section 2.2 doesn't say anything at all about
> internationalization:

  The CUI is often created as "hash@example.com".  i.e. based off of the
User-Name.  So it's worth double-checking the effects of changing
User-Name on all down-stream uses.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>