RE: Internationalization and draft-ietf-abfab-eapapplicability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Sam said: 

> My recommendation is that we point out the issue. And say that
> strings used within a specific EAP method MUST follow the rules
> for that method. If AAA is used, strings used within AAA MUST
> follow the rules for the AAA protocol in use. We can add an
> informative citation to 4282bis as a snapshot of current
> thinking.

[BA] That works for me. 

> Stefan> Pushing the requirement down to the EAP method won't work
> Stefan> IMHO. Take as example EAP-TTLS in RFC5281. A full-text
> Stefan> search for "UTF" in it yields 0 hits; and a look at section
> Stefan> 7.3 ("EAP Identity Information") does not speak of any
> Stefan> encodings.

[BA] You are right that a number of method specifications are deficient in the internationalization area.  
However, I don't think that's an issue that an ABFAB applicability statement can solve.   
Sam's proposed approach seems like the only feasible one. 

Sam said: 
 
> Nah, you'd just be living in a different hell if you'd been explicit in
> the EAP spec. I know: other parts of the IETF are in that hell. The
> protocols are clear and everything is fine until you realize that the
> backend authentication systems you're dealing with are using a totally
> different set of rules than the protocols.
> That hell sucks too.

[BA] I totally agree. 

> Some EAP methods are going to care a lot. They'll care more about
> passwords than they will usernames. Usernames are complex because they
> can be carried in AAA, EAP identity and within a method.

[BA] Yes, but at least the method-specific identities and passwords are opaque to the EAP core implementation and the AAA protocol. 

> we can write a guidance document for non-standards-track methods that
> are ambiguous giving the best advice we can. We can give good
> requirements in standards-track methods. TEAP is in last-call now; I'm
> fairly sure it gets this reasonably OK, but we should probably check
> that.
>
> However, none of the above matters for this document.

[BA] Exactly.  It's just an applicability statement, not a prescription for world peace :)


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]