IETF Logo Mail Archive

Re: [dhcwg] [radext] draft-ietf-dhc-dhcpv6-radius-opt-10

Jouni Korhonen <jouni.nospam@gmail.com> Fri, 05 April 2013 12:50 UTC

Return-Path: <jouni.nospam@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 909E521F9777; Fri, 5 Apr 2013 05:50:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.052
X-Spam-Level:
X-Spam-Status: No, score=-3.052 tagged_above=-999 required=5 tests=[AWL=0.547, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sz00tMGHvqY6; Fri, 5 Apr 2013 05:50:44 -0700 (PDT)
Received: from mail-lb0-f170.google.com (mail-lb0-f170.google.com [209.85.217.170]) by ietfa.amsl.com (Postfix) with ESMTP id 90B2F21F9763; Fri, 5 Apr 2013 05:50:43 -0700 (PDT)
Received: by mail-lb0-f170.google.com with SMTP id x11so3730915lbi.29 for <multiple recipients>; Fri, 05 Apr 2013 05:50:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:content-transfer-encoding:message-id:references:to:x-mailer; bh=qKWcUOYooKMuEDY63xPIjXLHD8cr7iEOSENLBMOxOPw=; b=ABfBm5lZhFyr6sjdqMzEC159qDUAns0iJx31uIn7kPyI+S2TBWXEBy5nSda74sV9+b JJm0pXNshrs/1KsalwsOkxos5+5/k3o/boOcZ8brDmWNI1E7kOlEd+tZjo9s7rJ3qrhk /Ik9o9geOQEsLGUv8cjUuhv+QJ6jN5VDf5ktZBByBbc5+c9OqDkmFi9lE3s9bvFxJZ37 e0sNBPyHrQbBm/xzijuXpDpOZ+IzPasFao1vdP8+fbN9eo0CYlBj2I0ukSTa+NAFnQhX ovI9kBSaaKxlLFZvzaTLD4PK1vLi5JNtZpEZfBF1v6/MlL0EhEYX7tyaY69wQBQ6eDNM a8Ww==
X-Received: by 10.112.7.10 with SMTP id f10mr5957683lba.126.1365166242551; Fri, 05 Apr 2013 05:50:42 -0700 (PDT)
Received: from [192.168.250.119] ([194.100.71.98]) by mx.google.com with ESMTPS id ng6sm5633000lab.2.2013.04.05.05.50.40 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 05 Apr 2013 05:50:41 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\))
From: Jouni Korhonen <jouni.nospam@gmail.com>
In-Reply-To: <8D23D4052ABE7A4490E77B1A012B630775132B92@mbx-01.win.nominum.com>
Date: Fri, 05 Apr 2013 15:50:36 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <CFE49718-CB57-4D90-8843-F5E0BD57BF49@gmail.com>
References: <B51C71CC-654D-43F3-A50A-321C171CD562@gmail.com> <515D7B4D.7090201@deployingradius.com> <515db052.24fa440a.4c16.ffff93c2@mx.google.com> <515DBD38.2020607@deployingradius.com> <8D23D4052ABE7A4490E77B1A012B630775131DB4@mbx-01.win.nominum.com> <515DE629.6070706@deployingradius.com> <8D23D4052ABE7A4490E77B1A012B630775132294@mbx-01.win.nominum.com> <515DE957.1060202@deployingradius.com> <8D23D4052ABE7A4490E77B1A012B630775132374@mbx-01.win.nominum.com> <9992DCA7-FFB3-4328-A8FC-266109BDD059@gmail.com> <8D23D4052ABE7A4490E77B1A012B630775132B92@mbx-01.win.nominum.com>
To: Ted Lemon <Ted.Lemon@nominum.com>
X-Mailer: Apple Mail (2.1503)
Cc: "<radext@ietf.org>" <radext@ietf.org>, dhcwg <dhcwg@ietf.org>, Alan DeKok <aland@deployingradius.com>
Subject: Re: [dhcwg] [radext] draft-ietf-dhc-dhcpv6-radius-opt-10
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Apr 2013 12:50:44 -0000

On Apr 5, 2013, at 2:42 PM, Ted Lemon <Ted.Lemon@nominum.com> wrote:

> On Apr 5, 2013, at 3:19 AM, Jouni Korhonen <jouni.nospam@gmail.com> wrote:
>>  The option-data of OPTION_RADIUS is a list of one or more RADIUS
>>  attributes received in the Access-Accept message from the RADIUS
>>  server. The OPTION_RADIUS can only contain RADIUS attributes
>>  listed in the IANA Registry of 'RADIUS attributes permitted in
>>  DHCPv6 RADIUS option'.
> 
> So you took out the normative language, right?   Was that intentional?

That was intentional. If that is a concern one can always change the
"can only" to "MUST". That works too, since the previous sentence
already points out that the option contains one or more attributes,
not all.

>> The next question I have is what happens when a relay includes an attribute
>> that the server does not understand or is not listed in the registry? There
>> is no versioning thus it is possible that relay and server have a different
>> understanding what the IANA registry is. Now the text in Section 6 only
>> addresses the case where the server does not understand the DHCP option.
> 
> Good question.   I think the right answer is that that RADIUS attribute is silently ignored, because, as you say, the server might not be up to date.

Blindly dropping an attribute might not work in all cases. For example, in
some cases the server might not then be able to provide all information
the relay needs.. That is more of a DHCP specification issue but what I
would like to see in this I-D is some text pointing out that the server
and the relay may have a different idea of the registry and the protocol
design need to take that into account.

- Jouni




>

v2.23.0 | Report a Bug | By Email