Hi Max,
Tuomas can give you a definite answer. My understanding is that error
1001 should be sent by the server if the received identity does not
follow the requirements of draft-aura-eap-noob. Besides, implementing
the stricter checks of this draft is easier than validating the ABNF of
RFC7542 (after which you would anyways need to verify compliance with
this draft).
And you are right. The absence of server-assigned realm in Figure 2 is
probably an editorial oversight. However, I wouldn't call the optional
server assigned realm as RESERVED_DOMAIN. If anything, I would call
eap-noob.net as a reserved/special use domain.
--Mohit
On 4/22/20 12:29 PM, Max Crone wrote:
> While implementing EAP-NOOB, I found the explanation on the Invalid
> NAI (error code 1001) in the draft to be unclear.
>
> The document formulates it as follows:
> > If the NAI structure is invalid, the server SHOULD send the error
> > code 1001 to the peer.
>
> However, does this mean that the EAP-NOOB server should verify that
> the NAI follows the formal syntax as specified in RFC 7542, or should
> it verify that the NAI follows the specification of EAP-NOOB, i.e., it
> is of the form "noob@{eap-noob.net||RESERVED_DOMAIN}". I think this
> section could be formulated more clearly to address these concerns.
>
> On that note, Figure 2 seems to be incomplete. The
> EAP-Response/Identity specifies the NAI parameter to be
> "[email protected]", while the specification also has the option of
> configuring this to a reserved domain. In that case, the NAI should
> not use the default realm anymore. Currently, this is not reflected in
> the figure.
>
> If anything remains unclear, I am open for discussion.
>
> ~Max Crone
>
> _______________________________________________
> Emu mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/emu
_______________________________________________
Emu mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/emu
