Re: [Emu] EAP, RADIUS, UTF-8, RFC 4282 and SASLPREP: the interop nightmare

[Alan DeKok <aland at deployingradius.com>]

Stefan Winter wrote:
> KNetworkManager (openSUSE Linux 11.0, 32-Bit)
> -----------------------------------------------------------------------
> 
> encoding of @müller.de to @m[0xC3][0xBC]ller.de (UTF-8, no punycode)
> encoding of cryillic characters to 2-byte encodings starting with d0 and
> d1 -> looks like cyrillic area of UTF-8, no punycode in realm
> 
> That looks like a good UTF-8 test case. KNetworkManager uses
> wpa_supplicant as a backend.

  It appears that KNetworkManager is responsible for encoding the name
as UTF-8.  Many Linux distributions have bypassed the various non-UTF-8
encodings, and just use UTF-8 everywhere.  This makes "conversion" easy.

> P.S.: add $OPEN_SOURCE_SALES_PITCH_FOR_WPA_SUPPLICANT here ;-)

  Nice, but it's not related to open source.  wpa_supplicant is just
inheriting the encoding used by the host OS, which is UTF-8:

http://lists.shmoo.com/pipermail/hostap/2008-August/018219.html

  ... wpa_supplicant does not really care about the encoding of the
  identity field, i.e., it is just sent out as arbitrary binary data.

  ...In addition, you can set the identity value as a hex string
  (identity=68656c6c6f); of course this is assuming that you know what
  binary data the authentication server expects to see.

  Checking the source, there are no referencFrom emu-bounces at ietf.org  Mon Sep 22 01:24:35 2008
Return-Path: <emu-bounces at ietf.org>
X-Original-To: emu-archive at megatron.ietf.org
Delivered-To: ietfarch-emu-archive at core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 9B4003A6867;
	Mon, 22 Sep 2008 01:24:35 -0700 (PDT)
X-Original-To: emu at core3.amsl.com
Delivered-To: emu at core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 5ECC53A6780
	for <emu at core3.amsl.com>; Mon, 22 Sep 2008 01:24:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.447
X-Spam-Level:
X-Spam-Status: No, score=-2.447 tagged_above=-999 required=5
	tests=[BAYES_00=-2.599, SARE_SUB_ENC_UTF8=0.152]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id fmFu4OGAjbt5 for <emu at core3.amsl.com>;
	Mon, 22 Sep 2008 01:24:33 -0700 (PDT)
Received: from liberty.deployingradius.com (liberty.deployingradius.com
	[88.191.76.128])
	by core3.amsl.com (Postfix) with ESMTP id 56ECC3A6867
	for <emu at ietf.org>; Mon, 22 Sep 2008 01:24:33 -0700 (PDT)
Received: from [10.0.1.49] (alexander.quiconnect.net [213.30.156.62])
	by liberty.deployingradius.com (Postfix) with ESMTPSA id 2DC4B1234231;
	Mon, 22 Sep 2008 10:23:43 +0200 (CEST)
Message-ID: <48D755BF.30302 at deployingradius.com>
Date: Mon, 22 Sep 2008 10:22:23 +0200
From: Alan DeKok <aland at deployingradius.com>
User-Agent: Thunderbird 2.0.0.16 (X11/20080724)
MIME-Version: 1.0
To: Stefan Winter <stefan.winter at restena.lu>
References: <BLU137-W152ECA2F73266AA051FBEB934F0 at phx.gbl>
	<48D37BB7.8070505 at deployingradius.com>
	<BLU137-DAV5A57D6467FDBDF1FBC0D3934E0 at phx.gbl>
	<48D48E89.9040508 at deployingradius.com>
	<BLU137-DAV729DD51115EDC58DB2E4293480 at phx.gbl>
	<48D74278.2000206 at restena.lu>
In-Reply-To: <48D74278.2000206 at restena.lu>
X-Enigmail-Version: 0.95.0
Cc: Bernard Aboba <Bernard_Aboba at hotmail.com>, emu at ietf.org,
	'radext mailing list' <radiusext at ops.ietf.org>
Subject: Re: [Emu] EAP, RADIUS, UTF-8,
 RFC 4282 and SASLPREP: the interop nightmare
X-BeenThere: emu at ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/emu>,
	<mailto:emu-request at ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/emu>
List-Post: <mailto:emu at ietf.org>
List-Help: <mailto:emu-request at ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>,
	<mailto:emu-request at ietf.org?subject=subscribe>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: emu-bounces at ietf.org
Errors-To: emu-bounces at ietf.org

Stefan Winter wrote:
> KNetworkManager (openSUSE Linux 11.0, 32-Bit)
> -----------------------------------------------------------------------
> 
> encoding of @müller.de to @m[0xC3][0xBC]ller.de (UTF-8, no punycode)
> encoding of cryillic characters to 2-byte encodings starting with d0 and
> d1 -> looks like cyrillic area of UTF-8, no punycode in realm
> 
> That looks like a good UTF-8 test case. KNetworkManager uses
> wpa_supplicant as a backend.

  It appears that KNetworkManager is responsible for encoding the name
as UTF-8.  Many Linux distributions have bypassed the various non-UTF-8
encodings, and just use UTF-8 everywhere.  This makes "conversion" easy.

> P.S.: add $OPEN_SOURCE_SALES_PITCH_FOR_WPA_SUPPLICANT here ;-)

  Nice, but it's not related to open source.  wpa_supplicant is just
inheriting the encoding used by the host OS, which is UTF-8:

http://lists.shmoo.com/pipermail/hostap/2008-August/018219.html

  ... wpa_supplicant does not really care about the encoding of the
  identity field, i.e., it is just sent out as arbitrary binary data.

  ...In addition, you can set the identity value as a hex string
  (identity=68656c6c6f); of course this is assuming that you know what
  binary data the authentication server expects to see.

  Checking the source, there are no references to UTes to UTF-8 in anything
other than comments.

  Alan DeKok.
_______________________________________________
Emu mailing list
Emu at ietf.org
https://www.ietf.org/mailman/listinfo/emu


F-8 in anything
other than comments.

  Alan DeKok.
_______________________________________________
Emu mailing list
Emu at ietf.org
https://www.ietf.org/mailman/listinfo/emu