Re: [radext] WGLC #1 for draft-ietf-radext-nai-03
Alan DeKok <aland@deployingradius.com> Wed, 19 June 2013 15:36 UTC
Return-Path: <aland@deployingradius.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC2C521F9C97 for <radext@ietfa.amsl.com>; Wed, 19 Jun 2013 08:36:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 70P5oJITfKmD for <radext@ietfa.amsl.com>; Wed, 19 Jun 2013 08:36:29 -0700 (PDT)
Received: from power.freeradius.org (power.freeradius.org [88.190.25.44]) by ietfa.amsl.com (Postfix) with ESMTP id D991321F9CC6 for <radext@ietf.org>; Wed, 19 Jun 2013 08:36:28 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by power.freeradius.org (Postfix) with ESMTP id 00CC4224007C; Wed, 19 Jun 2013 17:35:35 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at power.freeradius.org
Received: from power.freeradius.org ([127.0.0.1]) by localhost (power.freeradius.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 41VHiK4unZUj; Wed, 19 Jun 2013 17:35:32 +0200 (CEST)
Received: from Thor-2.local (bas1-ottawa11-1176120556.dsl.bell.ca [70.26.44.236]) by power.freeradius.org (Postfix) with ESMTPSA id 3A61D2240020; Wed, 19 Jun 2013 17:35:32 +0200 (CEST)
Message-ID: <51C1CFC5.5090209@deployingradius.com>
Date: Wed, 19 Jun 2013 11:35:33 -0400
From: Alan DeKok <aland@deployingradius.com>
User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228)
MIME-Version: 1.0
To: Bernard Aboba <bernard_aboba@hotmail.com>
References: <7104B68E-C97B-4847-B0BF-8590ED1810D7@gmail.com>, <A1E4691F-0EB3-41ED-8771-67CF4AED4FCA@gmail.com>, <51C1BA01.7060106@deployingradius.com> <BLU169-W63408B8B132AA00E972F75938D0@phx.gbl>
In-Reply-To: <BLU169-W63408B8B132AA00E972F75938D0@phx.gbl>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: "radext@ietf.org" <radext@ietf.org>, Jouni Korhonen <jouni.nospam@gmail.com>
Subject: Re: [radext] WGLC #1 for draft-ietf-radext-nai-03
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/radext>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jun 2013 15:36:33 -0000
Bernard Aboba wrote: > [BA] Assuming that the realm is encoded in UTF-8 (which I believe the > draft can require), I don't see why proxy P would have insufficient > information. From the Unicode docs: http://unicode.org/reports/tr15/#Versioning ...To see what difference the composition version makes, suppose that a future version of Unicode were to add the composite Q-caron. For an implementation that uses that future version of Unicode, strings in Normalization Form C or KC would continue to contain the sequence Q + caron, and not the new character Q-caron, because a canonical composition for Q-caron was not defined in the composition version. See Section 5, Composition Exclusion Table, for more information. ... And later: ... If an implementation normalizes a string that contains characters that are not assigned in the version of Unicode that it supports, that string might not be in normalized form according to a future version of Unicode. For example, suppose that a Unicode 5.0 program normalizes a string that contains new Unicode 5.1 characters. That string might not be normalized according to Unicode 5.1. ... i.e. End points and proxies will necessarily have different versions of Unicode. Endpoints (by definition) know about the Unicode version that they have installed. Therefore, they can normalize the realm. Proxies will very often have older versions of unicode than endpoints. Therefore, by the Unicode docs above, they will be unable to create a NFC form when the endpoint sends them non-normalized strings. Therefore, proxies will receive multiple representations of the "same" name, and will be unable to determine that they are the same. The only action that proxies can take is two treat two different strings as being different. Even though updated unicode specs say that they are normalized to the "same" string. > The "opaque string" comparison doesn't even work for > realms which contain no international characters. For example, > "exAMPLE.com" and "example.com" would not be recognized as equivalent. Well, yes. I ignored ASCII-only names in my example. I was trying to focus on i18n names. Alan DeKok.
- [radext] WGLC #1 for draft-ietf-radext-nai-03 Jouni Korhonen
- Re: [radext] WGLC #1 for draft-ietf-radext-nai-03 Jouni Korhonen
- Re: [radext] WGLC #1 for draft-ietf-radext-nai-03 Alan DeKok
- Re: [radext] WGLC #1 for draft-ietf-radext-nai-03 Bernard Aboba
- Re: [radext] WGLC #1 for draft-ietf-radext-nai-03 Alan DeKok
- Re: [radext] WGLC #1 for draft-ietf-radext-nai-03 Alan DeKok
- Re: [radext] WGLC #1 for draft-ietf-radext-nai-03 Sam Hartman
- Re: [radext] WGLC #1 for draft-ietf-radext-nai-03 Bernard Aboba