Re: RFC 2486bis issue: "Decorated" NAIs and IDN support

[Jari Arkko <jari.arkko@piuha.net>]

Here are the additional text changes, draft URL in the quoted
mail has also been updated.

Section 2.5, add at the end:

  The responsibility for the conversion of international domain names
  to ASCII is left for the end-systems, such as network access clients
  and AAA servers.  Similarly, we expect domain name comparisons,
  matching, resolution, and AAA routing to be performed on the ASCII
  versions of the international domain names.  This provides a
  canonical representation, ensures that intermediate systems such as
  AAA proxies do not need to perform translations, and can be expected
  to work through systems that are unaware of international character
  sets.

Section 2.7, add at the end:

  Note that the syntax described in this section is optional, and is
  not a part of the ABNF.  The '!' character may appear in the username
  portion of a NAI for other purposes as well, and in those cases the
  rules outlined here do not apply; the interpretation of the username
  is up to an agreement between the identified user and the realm given
  after the '@' character.

--Jari

Bernard Aboba wrote:

> Since this is a RADEXT WG draft, would it be possible to include the logic
> below in the document itself?  If we don't, I can imagine having this same
> conversation in the future.
>
> On Sat, 16 Jul 2005, Jari Arkko wrote:
>
>  
>
> > Time is running out, so I'm going ahead with submitting
> > a revision. Here's what I think we agreed:
> >
> > 1. It is the responsibility of the peer to provide the NAI in
> >    the correct (IDN-unaware ASCII) format.
> >
> > 2. Similarly, it is the responsibility of the RADIUS proxy to
> >    provide its realm table entries in the same ASCII format.
> >
> > 3. As a result, the proxy does not need to do any conversions in the
> >    manipulation of "decorated" NAIs. For example, a proxy can
> >    convert microsoft.com!bernarda@bt.com ->
> >    bernarda@microsoft.com without having to "translate"
> >    microsoft.com (assuming that this contained only appropriately
> >    formatted ASCII characters).
> >
> > 4. If a DNS lookup needs to be done (not required in RADIUS but
> >    potentially needed in Diameter) then the proxy can use the
> >    realm directly without conversion.
> >
> > 5. Make the '!' related requirements outside the ABNF, because we
> >    do not _require_ the '!' syntax to be used, '!' is still legal
> >    to be used for any purpose between consenting parties.
> >
> > Here are the suggested text changes. In Section 2.7:
> >
> > OLD:
> > In this case, the part before the (non-escaped) '!' MUST be a
> > realm name as defined in the ABNF in Section 2.1. When
> > receiving such an NAI, ...
> >
> > NEW:
> > In this case, the part before the (non-escaped) '!' MUST be a
> > realm name as defined in the ABNF in Section 2.1. This realm
> > name is an "IDN-unaware domain name slot", just like the
> > realm name after the "@" character; see Section 2.4 for
> > details. When receiving such an NAI, ...
> >
> > And a pointer to a new draft revision:
> >
> >  http://www.arkko.com/publications/nai/naibis.txt
> >  http://www.arkko.com/publications/nai/naibisdiff.html
> >
> > I'll submit this by monday, if there are further comments please
> > make them before that.
> >
> > --Jari
> >
> >
> >
> > --
> > to unsubscribe send a message to radiusext-request@ops.ietf.org with
> > the word 'unsubscribe' in a single line as the message text body.
> > archive: <http://psg.com/lists/radiusext/>
> >
> >    
>
>
>  



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>