Suresh:
Thanks for your review.
Your suggestion on the minor edit of the retry flag makes sense, we will
add it during AUTH48.
As for the issue of "\0" use in GTC response:
While RFC4282 NAI Section 2.1 Format Syntax does permit a "\0" as part
of the NAI, I think you are referring to " x = %x00-FF " in
RFC4282.
However, comments following it states:
";all 128 ASCII characters, no exception; ; as well as all UTF-8-octets
as defined ; above (this was not allowed in ; RFC 2486). Note that x
must nevertheless ; again satisfy the Section 2.4 rules."
Section 2.4 includes the following requirement:
"Prohibited output. Certain characters are not permitted in correctly
formed strings that follow Section 2.3 of [RFC4013]. Ensuring that NAIs
conform to their ABNF is not sufficient; it is also necessary to ensure
that they do not contain prohibited output."
The list of prohibited inputs from RFC4013 include:
- Non-ASCII space characters [StringPrep, C.1.2]
- ASCII control characters [StringPrep, C.2.1]
So it is my interpretation that "\0" is a prohibited input and invalid
character of NAI, and hence will not appear in our GTC response. Is my
interpretation correct and addressing your question?
> -----Original Message-----
> From: Suresh Krishnan [mailto:[EMAIL PROTECTED]
> Sent: Friday, June 27, 2008 4:11 PM
> To: General Area Review Team; [EMAIL PROTECTED]
> Cc: Tim Polk; [EMAIL PROTECTED]
> Subject: Gen-ART review of draft-zhou-emu-fast-gtc-03.txt
>
> I am the assigned Gen-ART reviewer for
> draft-zhou-emu-fast-gtc-03.txt
>
> For background on Gen-ART, please see the FAQ at
> <http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html>.
>
> Please resolve these comments along with any other Last Call
> comments you may receive.
>
> Summary: This draft is almost ready for publication as
> informational RFC but I have a couple of comments.
>
> Substantial
> ===========
>
> * This method uses an ASCII null character '\0' to delimit
> the username and the password. Given that the username can be
> in the RFC4282 NAI format and the grammar allows for a '\0'
> to be part of the NAI, there needs to be some clarifying text
> on what happens if there are other '\0'
> characters in the response.
>
> Minor
> =====
>
> * The draft does not specify what the client needs to do if
> the R flag is set to 0 in the error case. e.g. Some text like
> this (I do not know what the authors intended to do, so take
> this with a grain of salt) will make things much clearer.
>
> "When the server sets this flag to '0' the peer should not prompt the
> user for new credentials to try again without restarting the
> EAP-FAST
> authentication from the beginning"
>
> Cheers
> Suresh
>
>
>
>
>
>
>
>
>
_______________________________________________
Gen-art mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/gen-art
