IETF Logo Mail Archive

Re: [dhcwg] [radext] draft-ietf-dhc-dhcpv6-radius-opt-10

Tomek Mrugalski <tomasz.mrugalski@gmail.com> Fri, 05 April 2013 14:16 UTC

Return-Path: <tomasz.mrugalski@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8B3A21F97C8; Fri, 5 Apr 2013 07:16:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HxdYCeV7FmLb; Fri, 5 Apr 2013 07:16:50 -0700 (PDT)
Received: from mail-ea0-x230.google.com (mail-ea0-x230.google.com [IPv6:2a00:1450:4013:c01::230]) by ietfa.amsl.com (Postfix) with ESMTP id CBE3A21F97AA; Fri, 5 Apr 2013 07:16:49 -0700 (PDT)
Received: by mail-ea0-f176.google.com with SMTP id h10so1426403eaj.21 for <multiple recipients>; Fri, 05 Apr 2013 07:16:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:cc :subject:references:in-reply-to:x-tagtoolbar-keys:content-type :content-transfer-encoding; bh=kvcUpe8OcUbg1yBLu9s1lOZPNi1097CCwuuR9Rfsni8=; b=fl3te9NBPUQ+By30DCqMFnNw/MnAimVQUd7SXxPrkW1syNILVHe5+g8/+NbIzdyfgu 5OspbDc2CVdauRCSxLtq/JqheeHwz6wd+JhdXy+bKkD3B7khn9ZC9P49uKpTEwjB+/3O eaHupdKhfX8o+tnfpg2LLBmXRSmm2XlGcsPC7ICbuuxg9pO7rwYhGR3AZyH+gsASx9UW ZqsRJ9R0gmN7uDsjPy9s8gGX2jxPnsjwgBSMAW78dHFqHUdJc64DW7RkAvJMm6eCN2mM JAMEZtrs31pPuLB+LTPVMYr4UQmvSwSEGlkp+jUD/bb9Zly82rm12YJo9f6n/8m2ObbE ioMA==
X-Received: by 10.14.179.5 with SMTP id g5mr19998420eem.41.1365171408917; Fri, 05 Apr 2013 07:16:48 -0700 (PDT)
Received: from ?IPv6:2001:470:6061:1:887e:68e1:7d5e:1422? ([2001:470:6061:1:887e:68e1:7d5e:1422]) by mx.google.com with ESMTPS id d47sm15705304eem.9.2013.04.05.07.16.43 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 05 Apr 2013 07:16:44 -0700 (PDT)
Message-ID: <515EDCC7.5010708@gmail.com>
Date: Fri, 05 Apr 2013 16:16:39 +0200
From: Tomek Mrugalski <tomasz.mrugalski@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130308 Thunderbird/17.0.4
MIME-Version: 1.0
To: dhcwg <dhcwg@ietf.org>
References: <B51C71CC-654D-43F3-A50A-321C171CD562@gmail.com> <515D7B4D.7090201@deployingradius.com> <515db052.24fa440a.4c16.ffff93c2@mx.google.com> <515DBD38.2020607@deployingradius.com> <8D23D4052ABE7A4490E77B1A012B630775131DB4@mbx-01.win.nominum.com> <515DE629.6070706@deployingradius.com> <8D23D4052ABE7A4490E77B1A012B630775132294@mbx-01.win.nominum.com> <515DE957.1060202@deployingradius.com> <8D23D4052ABE7A4490E77B1A012B630775132374@mbx-01.win.nominum.com> <9992DCA7-FFB3-4328-A8FC-266109BDD059@gmail.com> <8D23D4052ABE7A4490E77B1A012B630775132B92@mbx-01.win.nominum.com> <CFE49718-CB57-4D90-8843-F5E0BD57BF49@gmail.com> <8D23D4052ABE7A4490E77B1A012B630775132F65@mbx-01.win.nominum.com>
In-Reply-To: <8D23D4052ABE7A4490E77B1A012B630775132F65@mbx-01.win.nominum.com>
X-TagToolbar-Keys: D20130405161639166
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: "<radext@ietf.org>" <radext@ietf.org>
Subject: Re: [dhcwg] [radext] draft-ietf-dhc-dhcpv6-radius-opt-10
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Apr 2013 14:16:50 -0000

On 05.04.2013 15:12, Ted Lemon wrote:
> On Apr 5, 2013, at 8:50 AM, Jouni Korhonen <jouni.nospam@gmail.com>
> wrote:
>> Blindly dropping an attribute might not work in all cases. For
>> example, in some cases the server might not then be able to provide
>> all information the relay needs..
> 
> Well, I did say "silently ignored," not "dropped," but yeah.   If the
> server doesn't support that attribute, it's not going to have any
> effect anyway.   It seems like silently ignoring it is better than
> dropping the whole message, although I suppose you could argue the
> opposite, since a misconfiguration of this sort is probably something
> the administrator wants to fix immediately, not discover by accident
> years later.
Anyway, dropping the whole message is definitely too radical here. We
have 3 options when server receives an unknown attribute:
a) ignore just the unknown attribute
b) ignore the whole radius option
c) ignore the whole message

I think we have an agreement that a) is the way to go. At least that's
what I strongly recommend.

Also, depending on server implementation, it is quite likely that the
server will parse unknown attributes and handle them in some generic
way, e.g. hex string. This is what some implementations do with unknown
DHCPv6 options and I imagine similar approach can be taken with RADIUS
attributes. Of course, such a behaviour is strictly implementation
specific, so there's no need to put anything about it in the spec.
So whether the attribute is "unknown" or not may be a bit blurry
definition sometimes.

"Server MAY ignore received RADIUS attributes that it does not support."
seems like a reasonable text here. Some implementors will ignore unknown
attribute, some may produce a warning and some my try to handle it in a
generic way.

Tomek

v2.23.0 | Report a Bug | By Email