IETF Logo Mail Archive

Re: [dhcwg] [radext] draft-ietf-dhc-dhcpv6-radius-opt-10

Jouni Korhonen <jouni.nospam@gmail.com> Fri, 05 April 2013 07:19 UTC

Return-Path: <jouni.nospam@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03F4421F86CE; Fri, 5 Apr 2013 00:19:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[AWL=-0.850, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id paZ2iAZWenF7; Fri, 5 Apr 2013 00:19:42 -0700 (PDT)
Received: from mail-la0-x231.google.com (mail-la0-x231.google.com [IPv6:2a00:1450:4010:c03::231]) by ietfa.amsl.com (Postfix) with ESMTP id AA15821F8510; Fri, 5 Apr 2013 00:19:41 -0700 (PDT)
Received: by mail-la0-f49.google.com with SMTP id fs13so3153084lab.22 for <multiple recipients>; Fri, 05 Apr 2013 00:19:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:content-transfer-encoding:message-id:references:to:x-mailer; bh=k+VnuTUbAHx3dsSO+rz8qiJC7SmLitAElkO5AnAH0fs=; b=kn/6UkaruogVzdnJcyZaGR2VMk2T7uTpD5ieT52MqRxcID0vjfJFme+lvXJ7nQL3Il UX5g9f4jxC1WaueNCjT67Dw919oUtOSobVokfz+9KKahwSho/DwJMsI1OwdbMEBM55/v ilPo0LRTDwH8hlFKDqDV1J4cMm6Pu15RNlMeL4grn3fFnXHQPEo0WY7j0mIL0SY7wTQn 0Ds4D9zAqgWYJ+/CTSbheeeZf6itK9QvlcAfrObHzalilPcY4tMXGJKbGPfRxFvW8f8x h0qvH8pLPbyqKyx6PorYtb16kE3NzJRRMAkfX1omcWYnRQvQiJbnQKqJOQEzUiVBtaGi PO7Q==
X-Received: by 10.152.87.243 with SMTP id bb19mr5260590lab.12.1365146380379; Fri, 05 Apr 2013 00:19:40 -0700 (PDT)
Received: from [192.168.250.119] ([194.100.71.98]) by mx.google.com with ESMTPS id w6sm2322943lad.5.2013.04.05.00.19.37 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 05 Apr 2013 00:19:39 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\))
From: Jouni Korhonen <jouni.nospam@gmail.com>
In-Reply-To: <8D23D4052ABE7A4490E77B1A012B630775132374@mbx-01.win.nominum.com>
Date: Fri, 05 Apr 2013 10:19:36 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <9992DCA7-FFB3-4328-A8FC-266109BDD059@gmail.com>
References: <B51C71CC-654D-43F3-A50A-321C171CD562@gmail.com> <515D7B4D.7090201@deployingradius.com> <515db052.24fa440a.4c16.ffff93c2@mx.google.com> <515DBD38.2020607@deployingradius.com> <8D23D4052ABE7A4490E77B1A012B630775131DB4@mbx-01.win.nominum.com> <515DE629.6070706@deployingradius.com> <8D23D4052ABE7A4490E77B1A012B630775132294@mbx-01.win.nominum.com> <515DE957.1060202@deployingradius.com> <8D23D4052ABE7A4490E77B1A012B630775132374@mbx-01.win.nominum.com>
To: Ted Lemon <Ted.Lemon@nominum.com>
X-Mailer: Apple Mail (2.1503)
Cc: "<radext@ietf.org>" <radext@ietf.org>, dhcwg <dhcwg@ietf.org>, Alan DeKok <aland@deployingradius.com>
Subject: Re: [dhcwg] [radext] draft-ietf-dhc-dhcpv6-radius-opt-10
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Apr 2013 07:19:43 -0000

On Apr 5, 2013, at 12:04 AM, Ted Lemon <Ted.Lemon@nominum.com> wrote:

> On Apr 4, 2013, at 4:57 PM, Alan DeKok <aland@deployingradius.com> wrote:
>> Positive statements are usually clearer to understand.
> 
> Yes, and when I read your statement, I understood it to mean the exact opposite of what you intended.   Easier to understand doesn't help if the statement is ambiguous.
> 
>> The intention is for the option to carry RADIUS attributes.  Making
>> that a requirement rather than a suggestion is a good idea.
> 
> This isn't what the text says.   It says that the option must only carry a subset of RADIUS attributes; those listed in a special registry.
> 
> If you don't like the double negative, here's a precise way to say it that doesn't contain a double negative:
> 
> 	This option MUST NOT carry any RADIUS attribute unless it is listed in the
> 	IANA Registry of 'RADIUS attributes permitted in DHCPv6 RADIUS option'.

I don't think this is any improvement over the text Alan provided originally.
My suggestion would be:

   The option-data of OPTION_RADIUS is a list of one or more RADIUS
   attributes received in the Access-Accept message from the RADIUS
   server. The OPTION_RADIUS can only contain RADIUS attributes
   listed in the IANA Registry of 'RADIUS attributes permitted in
   DHCPv6 RADIUS option'.


The next question I have is what happens when a relay includes an attribute
that the server does not understand or is not listed in the registry? There
is no versioning thus it is possible that relay and server have a different
understanding what the IANA registry is. Now the text in Section 6 only
addresses the case where the server does not understand the DHCP option.


- Jouni


> 
> But what the text that means what you said in the second quote above would read like this:
> 
> 	This option MUST NOT carry any RADIUS attribute unless it is listed in the
> 	IANA Registry Radius Types registry in the section titled 'Radius Attribute Types'.




> 
> _______________________________________________
> dhcwg mailing list
> dhcwg@ietf.org
> https://www.ietf.org/mailman/listinfo/dhcwg

v2.23.0 | Report a Bug | By Email