Re: Implementation Survey: How does your EAP peer/RADIUS proxy handle internationalization?

["Alan DeKok" <aland@ox.org>]

Jari Arkko <jari.arkko@piuha.net> wrote:
> It looks like implementations may actually be capable of
> accepting non-ASCII input. However, there does not appear
> to be any specific support for character set aware comparisons,
> normalization, etc.

  Which is difficult, especially since the locale information isn't
sent in the RADIUS packet.  Without that, I'm not sure how to use
stringprep properly to get better string comparisons.

> What does this imply? I'm not quite sure... and the input
> is too small to make any definite conclusions. But it could
> be that alternative #1 for NAIbis issue resolution is preferrable,
> given that it better ensures correctness of lookups and
> comparisons. Comments?

  As an implementor, my inclination is to avoid the whole issue as it
relates to software, and push it back to the users and administrators.

  That is, get them to type in the strings (names, realms, etc.) as
opaque tokens which have to be entered in one "normal" form.
Precedent exists for this request, in the Windows warning messages
about "you must have capslock off...", which tells the user that what
*they* think of as equivalent strings are not, and the strings must
always be entered as exactly the same set of characters.

  I don't recall hearing that this was an issue for FreeRADIUS, and
it's used in many, many internationalized configurations.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>