Re: [dhcwg] I-D Action: draft-boucadair-dhcwg-rfc4014-update-00.txt

Alan DeKok <aland@deployingradius.com> Wed, 19 October 2022 13:43 UTC

Return-Path: <aland@deployingradius.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8B8CC14F75F for <dhcwg@ietfa.amsl.com>; Wed, 19 Oct 2022 06:43:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.906
X-Spam-Level:
X-Spam-Status: No, score=-6.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b1Vobix_LzyT for <dhcwg@ietfa.amsl.com>; Wed, 19 Oct 2022 06:42:59 -0700 (PDT)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 38416C14F743 for <dhcwg@ietf.org>; Wed, 19 Oct 2022 06:42:58 -0700 (PDT)
Received: from smtpclient.apple (135-23-95-173.cpe.pppoe.ca [135.23.95.173]) by mail.networkradius.com (Postfix) with ESMTPSA id D9B88672; Wed, 19 Oct 2022 13:42:55 +0000 (UTC)
Authentication-Results: NetworkRADIUS; dmarc=none (p=none dis=none) header.from=deployingradius.com
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <17695_1666011175_634D5026_17695_93_1_e29e439685d941e585f87709fbba3c93@orange.com>
Date: Wed, 19 Oct 2022 09:42:54 -0400
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <C8340E9F-9A56-47F9-8F95-33E5B4AC719F@deployingradius.com>
References: <166600727234.23935.1660471028632089675@ietfa.amsl.com> <11412_1666009014_634D47B6_11412_272_2_528bd3b9da81447a9b2a4ebdfec01d05@orange.com> <50F00ADA-A65A-49BF-84BA-91664676636C@deployingradius.com> <17695_1666011175_634D5026_17695_93_1_e29e439685d941e585f87709fbba3c93@orange.com>
To: Mohamed Boucadair <mohamed.boucadair@orange.com>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/D9sYR3PLul1Ir1eUvf_uPuxMXOo>
Subject: Re: [dhcwg] I-D Action: draft-boucadair-dhcwg-rfc4014-update-00.txt
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Dynamic Host Configuration <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Oct 2022 13:43:03 -0000

On Oct 17, 2022, at 8:52 AM, mohamed.boucadair@orange.com wrote:
> [Med] This is equivalent to implementations such as: https://www.juniper.net/documentation/us/en/software/junos/subscriber-mgmt-sessions/topics/topic-map/dhcp-options-radius-server.html.

  Yes.  There are a few other vendors doing the same thing.

  So if it's useful... it should be standardized.

>>  I think it may be best to forbid DHCPv4-Options from being
>> carried inside of the RADIUS Attributes Sub-option.
> 
> [Med] If we forbid this, how a relay agent can then relay, e.g., the encrypted DNS information received from a RADIUS server to a DHCP serve? This is no an RSOO, but RADIUS data. 

  Hmm... true.

  Maybe just add a note saying that nesting things twice is a bad idea?

  i.e. RADIUS packets with DHCP-Options and then RADIUS attributes inside of that is NOT RECOMMENDED

   and DHCP packets with RADIUS attributes and the DHCP-Options inside of that is NOT RECOMMENDED

  Alan DeKok.