Hello, I've just submitted an -00 on a topic that we've been struggling with in ABFAB recently (but which exists in every EAP-over-AAA scenario, not limited to ABFAB).
http://www.ietf.org/internet-drafts/draft-winter-radext-populating-eapidentity-00.txt Abstract: There are some subtle considerations for an EAP peer regarding the content of the EAP-Response/Identity packet when authenticating with EAP to an EAP server. This document describes two such considerations and suggests workarounds to the associated problems. The issue touches multiple areas and working groups (EAP, EAP methods, RADIUS, Diameter) so I had to do a guesstimate for a proper home. I would think radext is the best match, cc'ing abfab and dime, and also emu even though it's shutting down). If you recall those in-depth discussions about fixing either EAP methods to use UTF-8, or why EAP Identity would need to be restrained to UTF-8 even if a method doesn't do it, then yes: the draft is about that. In ABFAB, we added a ABFAB-specific band-aid sentence to RFC7057: "Circumstances might require that applications need to perform conversion of identities from an application specific character set to UTF-8 or another character set required by a particular EAP method." Which was enough to get the document through IESG, but this should better be fixed more generally for every EAP use case; hence this new draft. It's short and concise - I'd appreciate if you could give it a read and comment. If there's still free time on the agenda, I would also merrily discuss it in London. Greetings, Stefan Winter P.S.: Don't miss my other submission about an EAP Configuration File Format, which I've been told to submit to ops-area/opsawg: http://datatracker.ietf.org/doc/draft-winter-opsawg-eap-metadata/ Annoucement here: http://www.ietf.org/mail-archive/web/ops-area/current/msg01114.html -------- Original Message -------- Subject: New Version Notification for draft-winter-radext-populating-eapidentity-00.txt Date: Fri, 14 Feb 2014 00:43:29 -0800 From: internet-dra...@ietf.org To: Stefan Winter <stefan.win...@restena.lu>, "Stefan Winter" <stefan.win...@restena.lu> A new version of I-D, draft-winter-radext-populating-eapidentity-00.txt has been successfully submitted by Stefan Winter and posted to the IETF repository. Name: draft-winter-radext-populating-eapidentity Revision: 00 Title: Considerations regarding the correct use of EAP-Response/Identity Document date: 2014-02-14 Group: Individual Submission Pages: 6 URL: http://www.ietf.org/internet-drafts/draft-winter-radext-populating-eapidentity-00.txt Status: https://datatracker.ietf.org/doc/draft-winter-radext-populating-eapidentity/ Htmlized: http://tools.ietf.org/html/draft-winter-radext-populating-eapidentity-00 Abstract: There are some subtle considerations for an EAP peer regarding the content of the EAP-Response/Identity packet when authenticating with EAP to an EAP server. This document describes two such considerations and suggests workarounds to the associated problems. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
0x8A39DC66.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu