[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: RFC 2486bis issue: "Decorated" NAIs and IDN support
Time is running out, so I'm going ahead with submitting
a revision. Here's what I think we agreed:
1. It is the responsibility of the peer to provide the NAI in
the correct (IDN-unaware ASCII) format.
2. Similarly, it is the responsibility of the RADIUS proxy to
provide its realm table entries in the same ASCII format.
3. As a result, the proxy does not need to do any conversions in the
manipulation of "decorated" NAIs. For example, a proxy can
convert microsoft.com!bernarda@bt.com ->
bernarda@microsoft.com without having to "translate"
microsoft.com (assuming that this contained only appropriately
formatted ASCII characters).
4. If a DNS lookup needs to be done (not required in RADIUS but
potentially needed in Diameter) then the proxy can use the
realm directly without conversion.
5. Make the '!' related requirements outside the ABNF, because we
do not _require_ the '!' syntax to be used, '!' is still legal
to be used for any purpose between consenting parties.
Here are the suggested text changes. In Section 2.7:
OLD:
In this case, the part before the (non-escaped) '!' MUST be a
realm name as defined in the ABNF in Section 2.1. When
receiving such an NAI, ...
NEW:
In this case, the part before the (non-escaped) '!' MUST be a
realm name as defined in the ABNF in Section 2.1. This realm
name is an "IDN-unaware domain name slot", just like the
realm name after the "@" character; see Section 2.4 for
details. When receiving such an NAI, ...
And a pointer to a new draft revision:
http://www.arkko.com/publications/nai/naibis.txt
http://www.arkko.com/publications/nai/naibisdiff.html
I'll submit this by monday, if there are further comments please
make them before that.
--Jari
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>