ietf
[Top] [All Lists]

Re: Internationalization and draft-ietf-abfab-eapapplicability

2013-07-17 09:45:03
Also, note that the important thing is not that applications use UTF-8
for usernames.
It's that they know what character set they are using  and follow EAP's
(lack of) rules when using EAP.

In general, I would not expect an application to encode a username
that's also used in EAP authentication as part of the authentication.

The same username may be encoded in the app protocol in response to
whoami style oppcodes or in response to ACL operations.
But the situation is somewhat complicated by things like SASL
authorization identities and other forms of proxy authorization.

We don't get to place requirements on applications except to say what
they need to do to use EAP.  The protocol requirement for that is that
applications using EAP need to know what character set they have so that
EAP can convert the identity to UTF-8 and so that EAP methods can do any
needed conversions.