[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Issue: Treatment of null Identity Response
Bernard Aboba wrote:
RFC 4282 allows use of a userid without a realm ("fred"). It also
allows use of a realm without a userid ("@example.com"). So as far
as I can tell, an NAI without either a userid or realm is allowed as
I think not -- here's the ABNF:
nai = username
nai =/ "@" realm
nai =/ username "@" realm
which seems to imply that its either username, realm, or both. And neither
the "username" or "realm" can be an empty string.
One interpretation is that it represents the anonymous NAI of the
local realm, and so is equivalent to "@localrealm". Since RFC 4282
discourages use of pseudonyms such as "anonymous" it is not clear what
the preferred representation is for "the anonymous user of the local
realm". Under this line of thought, the null userid might not only be
legal, it might actually be the *preferred* representation!
Anyway, even if such a NAI would be legal, I think we should discourage it
at the client side for obvious roaming problems -- of course the NAS
still use that.
But if I can read (or write) ABNF, then its not a legal NAI...
to unsubscribe send a message to firstname.lastname@example.org with
the word 'unsubscribe' in a single line as the message text body.