While implementing EAP-NOOB, I found the explanation on the Invalid NAI
(error code 1001) in the draft to be unclear.
The document formulates it as follows:
> If the NAI structure is invalid, the server SHOULD send the error
> code 1001 to the peer.
However, does this mean that the EAP-NOOB server should verify that the
NAI follows the formal syntax as specified in RFC 7542, or should it
verify that the NAI follows the specification of EAP-NOOB, i.e., it is
of the form "noob@{eap-noob.net||RESERVED_DOMAIN}". I think this section
could be formulated more clearly to address these concerns.
On that note, Figure 2 seems to be incomplete. The EAP-Response/Identity
specifies the NAI parameter to be "n...@eap-noob.net", while the
specification also has the option of configuring this to a reserved
domain. In that case, the NAI should not use the default realm anymore.
Currently, this is not reflected in the figure.
If anything remains unclear, I am open for discussion.
~Max Crone
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu