--- 1/draft-ietf-radext-rfc2486bis-04.txt	2006-02-05 01:15:48.000000000 +0100
+++ 2/draft-ietf-radext-rfc2486bis-05.txt	2006-02-05 01:15:48.000000000 +0100
@@ -3,21 +3,21 @@
 Internet-Draft                                                 Microsoft
 Obsoletes: 2486 (if approved)                                 M. Beadles
 Expires: August 22, 2005                                      SmartPipes
                                                                 J. Arkko
                                                                 Ericsson
                                                                P. Eronen
                                                                    Nokia
                                                        February 21, 2005
 
                      The Network Access Identifier
-                    draft-ietf-radext-rfc2486bis-04
+                    draft-ietf-radext-rfc2486bis-05
 
 Status of this Memo
 
    This document is an Internet-Draft and is subject to all provisions
    of section 3 of RFC 3667.  By submitting this Internet-Draft, each
    author represents that any applicable patent or other IPR claims of
    which he or she is aware have been or will be disclosed, and any of
    which he or she become aware will be disclosed, in accordance with
    RFC 3668.
 
@@ -63,27 +63,27 @@
    1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
      1.1   Terminology  . . . . . . . . . . . . . . . . . . . . . . .  3
      1.2   Requirements language  . . . . . . . . . . . . . . . . . .  4
      1.3   Purpose  . . . . . . . . . . . . . . . . . . . . . . . . .  4
    2.  NAI Definition . . . . . . . . . . . . . . . . . . . . . . . .  5
      2.1   Formal Syntax  . . . . . . . . . . . . . . . . . . . . . .  5
      2.2   NAI Length Considerations  . . . . . . . . . . . . . . . .  6
      2.3   Support for Username Privacy . . . . . . . . . . . . . . .  7
      2.4   International Character Sets . . . . . . . . . . . . . . .  7
      2.5   Compatibility with E-Mail Usernames  . . . . . . . . . . .  8
-     2.6   Compatibility with DNS . . . . . . . . . . . . . . . . . .  8
+     2.6   Compatibility with DNS . . . . . . . . . . . . . . . . . .  9
      2.7   Realm Construction . . . . . . . . . . . . . . . . . . . .  9
      2.8   Examples . . . . . . . . . . . . . . . . . . . . . . . . . 10
-   3.  Security Considerations  . . . . . . . . . . . . . . . . . . . 10
+   3.  Security Considerations  . . . . . . . . . . . . . . . . . . . 11
    4.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 11
-   5.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 11
-   5.1   Normative References . . . . . . . . . . . . . . . . . . . . 11
+   5.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 12
+   5.1   Normative References . . . . . . . . . . . . . . . . . . . . 12
    5.2   Informative References . . . . . . . . . . . . . . . . . . . 12
        Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 13
    A.  Changes from RFC 2486  . . . . . . . . . . . . . . . . . . . . 14
    B.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 15
        Intellectual Property and Copyright Statements . . . . . . . . 16
 
 1.  Introduction
 
    Considerable interest exists for a set of features that fit within
    the general category of "roaming capability" for network access,
@@ -324,21 +324,33 @@
    o  Prohibited output.  Certain characters are not permitted in
       correctly formed strings that follow Section 2.3 of
       [I-D.ietf-sasl-saslprep].  Ensuring that NAIs conform to their
       ABNF is not sufficient, it is also necessary to ensure that they
       do not contain prohibited output.
 
    o  Bidirectional characters are handled as specified in Section 2.4
       of [I-D.ietf-sasl-saslprep].
 
    o  Unassigned code points are specified in Section 2.5 of
-      [I-D.ietf-sasl-saslprep].
+      [I-D.ietf-sasl-saslprep].  The use of unassigned code points is
+      prohibited.
+
+   The mapping, normalization, and bidirectional character processing
+   MUST be performed by end systems that take international text as
+   input.  In a network access setting, such systems are typically the
+   client and the AAA server.  NAIs are sent over the wire in their
+   canonical form, and tasks such as normalization do not typically need
+   to be performed by nodes that just pass NAIs around or receive them
+   from the network.  End systems MUST also perform checking for
+   prohibited output and unassigned code points.  Other systems MAY
+   perform such checks, when they know that a particular data item is a
+   NAI.
 
    The realm name is an "IDN-unaware domain name slot" as defined in
    [RFC3490].  That is, it can contain only ASCII characters.  An
    implementation MAY support internationalized domain names (IDNs)
    using the ToASCII operation; see [RFC3490] for more information.
 
 2.5  Compatibility with E-Mail Usernames
 
    As proposed in this document, the Network Access Identifier is of the
    form user@realm.  Please note that while the user portion of the NAI