Last Call Review of draft-ietf-radext-nai-10
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. Document editors and WG chairs should treat these comments just
like any other last call comments.
Summary: Document is ready.
In section 2.6:
Conversion to Unicode as well as normalization SHOULD be performed by
edge systems such as laptops that take "local" text as input. These
edge systems are best suited to determine the users intent, and can
best convert from "local" text to a normalized form.
I think it’s weird to use “laptop” here, as the luggability plays no part. “PC” would be better. In fact, I don’t think mobile phones are any different in this respect.
The same section says that Edge systems should normalize text, so AAA systems should not. It then goes on to say that today edge systems don’t always normalize text, so the AAA systems should. That’s a strange way to move forward, unless we’re sure that double-normalization does not cause problems.
The security considerations text is copied from RFC 4282. It still seems sufficient. This is remarkable considering that privacy is a big part of it, and privacy was not a hot topic on everyone’s mind in 2005 when RFC 4282 was written.