Hi Hao,
Thanks for your quick response. I went through the same text that you
did :-) but I was not sure about \0 being illegal in the NAI. If you
think it is OK, I am fine with leaving the text as is.
Cheers
Suresh
Hao Zhou (hzhou) wrote:
Suresh:
Thanks for your review.
Your suggestion on the minor edit of the retry flag makes sense, we will
add it during AUTH48.
As for the issue of "\0" use in GTC response:
While RFC4282 NAI Section 2.1 Format Syntax does permit a "\0" as part
of the NAI, I think you are referring to " x = %x00-FF " in
RFC4282.
However, comments following it states:
";all 128 ASCII characters, no exception; ; as well as all UTF-8-octets
as defined ; above (this was not allowed in ; RFC 2486). Note that x
must nevertheless ; again satisfy the Section 2.4 rules."
Section 2.4 includes the following requirement:
"Prohibited output. Certain characters are not permitted in correctly
formed strings that follow Section 2.3 of [RFC4013]. Ensuring that NAIs
conform to their ABNF is not sufficient; it is also necessary to ensure
that they do not contain prohibited output."
The list of prohibited inputs from RFC4013 include:
- Non-ASCII space characters [StringPrep, C.1.2]
- ASCII control characters [StringPrep, C.2.1]
So it is my interpretation that "\0" is a prohibited input and invalid
character of NAI, and hence will not appear in our GTC response. Is my
interpretation correct and addressing your question?
-----Original Message-----
From: Suresh Krishnan [mailto:[EMAIL PROTECTED]
Sent: Friday, June 27, 2008 4:11 PM
To: General Area Review Team; [EMAIL PROTECTED]
Cc: Tim Polk; [EMAIL PROTECTED]
Subject: Gen-ART review of draft-zhou-emu-fast-gtc-03.txt
I am the assigned Gen-ART reviewer for
draft-zhou-emu-fast-gtc-03.txt
For background on Gen-ART, please see the FAQ at
<http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html>.
Please resolve these comments along with any other Last Call
comments you may receive.
Summary: This draft is almost ready for publication as
informational RFC but I have a couple of comments.
Substantial
===========
* This method uses an ASCII null character '\0' to delimit
the username and the password. Given that the username can be
in the RFC4282 NAI format and the grammar allows for a '\0'
to be part of the NAI, there needs to be some clarifying text
on what happens if there are other '\0'
characters in the response.
Minor
=====
* The draft does not specify what the client needs to do if
the R flag is set to 0 in the error case. e.g. Some text like
this (I do not know what the authors intended to do, so take
this with a grain of salt) will make things much clearer.
"When the server sets this flag to '0' the peer should not prompt the
user for new credentials to try again without restarting the
EAP-FAST
authentication from the beginning"
Cheers
Suresh
_______________________________________________
Gen-art mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/gen-art
