IETF Logo Mail Archive

Re: [Dime] FW: [Editorial Errata Reported] RFC4072 (2317)

Souheil Ben Ayed <souheil@tera.ics.keio.ac.jp> Fri, 02 July 2010 09:01 UTC

Return-Path: <souheil@tera.ics.keio.ac.jp>
X-Original-To: dime@core3.amsl.com
Delivered-To: dime@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 726983A696C for <dime@core3.amsl.com>; Fri, 2 Jul 2010 02:01:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.639
X-Spam-Level:
X-Spam-Status: No, score=0.639 tagged_above=-999 required=5 tests=[AWL=0.729, BAYES_00=-2.599, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V8sC2d8EAwMA for <dime@core3.amsl.com>; Fri, 2 Jul 2010 02:01:36 -0700 (PDT)
Received: from maro.tera.ics.keio.ac.jp (maro.tera.ics.keio.ac.jp [131.113.71.3]) by core3.amsl.com (Postfix) with ESMTP id 051703A689C for <dime@ietf.org>; Fri, 2 Jul 2010 02:01:36 -0700 (PDT)
Received: from [131.113.71.108] (dhcp108.tera.ics.keio.ac.jp [131.113.71.108]) by maro.tera.ics.keio.ac.jp (Postfix) with ESMTPSA id 23F612C; Fri, 2 Jul 2010 17:23:06 +0900 (JST)
Message-ID: <4C2DA1E3.9020400@tera.ics.keio.ac.jp>
Date: Fri, 02 Jul 2010 17:22:59 +0900
From: Souheil Ben Ayed <souheil@tera.ics.keio.ac.jp>
User-Agent: Thunderbird 2.0.0.24 (X11/20100411)
MIME-Version: 1.0
To: Glen Zorn <gwz@net-zen.net>
References: <EDC652A26FB23C4EB6384A4584434A04022F42F2@307622ANEX5.global.avaya.com> <004801cb18ec$7f16a4d0$7d43ee70$@net> <4C2C5750.5080504@tera.ics.keio.ac.jp> <006b01cb1903$f83b8e40$e8b2aac0$@net>
In-Reply-To: <006b01cb1903$f83b8e40$e8b2aac0$@net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: dime@ietf.org
Subject: Re: [Dime] FW: [Editorial Errata Reported] RFC4072 (2317)
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dime>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Jul 2010 09:01:36 -0000

Glen Zorn wrote:
>
> Souheil Ben Ayed [mailto:souheil@tera.ics.keio.ac.jp] writes:
>
>  
>
> Dear all,
>
> Please read the section " 2.7.  Accounting" of the RFC 4072.
>
> In this section, it is described that one or more
> Accounting-EAP-Auth-Method AVPs may be added in a Diameter-EAP-Answer 
> with a successful result code.
>
>  
>
> So what is correct ?
> - Allow adding one or more Accounting-EAP-Auth-Method AVPs?
> - or only one Accounting-EAP-Auth-Method AVP can be included in a 
> Diameter-EAP-Answer?
>
> The latter, I think.
>
>
When only one Accounting-EAP-Auth-Method AVP is included in a 
Diameter-EAP-Answer, which EAP method will be included in this AVP in 
the case of an authentication with EAP-TTLS/EAP-MD5, EAP-TTLS/EAP-TLS or 
any other EAP method that creates a tunnel then authenticates the user 
with a second EAP method? Should we include only the first used EAP 
method (in this case EAP-TTLS Type 21), or the second EAP method used 
for the authentication ?

Souheil
>
>
> Souheil
>
>
> Glen Zorn wrote:
>
> Dan Romascanu [mailto://dromasca@avaya.com] writes:
>  
>   
>
>     Dime WG,
>
>      
>
>     Please assess this errata report.
>
>      
>
>     If I understand well then Souheil's observation is that more
>
>     Accounting-EAP-Auth-Method AVPs can be included. This seems more like a
>
>     Technical errata, which if accepted can create interoperability problems
>
>     with existing deployment. Am I correct?
>
>         
>
>  
> I think that your understanding is correct, but the errata makes no sense to
> me: AFAIK, only one EAP method can be used in authenticating a user (EAP
> methods cannot be chained) & even if they could (as proposed for the new
> tunneled EAP method under development in EMU), the structure of the Diameter
> EAP app mirrors that of EAP (request/response).  Two EAP methods cannot be
> operational simultaneously, so why would two method identifiers need to be
> in the same Diameter message?
>  
>   
>
>     Thanks and Regards,
>
>      
>
>     Dan
>
>      
>
>     -----Original Message-----
>
>     From: RFC Errata System [mailto:rfc-editor@rfc-editor.org]
>
>     Sent: Thursday, July 01, 2010 7:31 AM
>
>     To: pasi.eronen@nokia.com <mailto:pasi.eronen@nokia.com>; tomhiller@lucent.com <mailto:tomhiller@lucent.com>; gwz@cisco.com <mailto:gwz@cisco.com>;
>
>     Romascanu, Dan (Dan); rbonica@juniper.net <mailto:rbonica@juniper.net>; Bernard_Aboba@hotmail.com <mailto:Bernard_Aboba@hotmail.com>;
>
>     david@mitton.com <mailto:david@mitton.com>; john.loughney@nokia.com <mailto:john.loughney@nokia.com>
>
>     Cc: souheil.benayed@gmail.com <mailto:souheil.benayed@gmail.com>; rfc-editor@rfc-editor.org <mailto:rfc-editor@rfc-editor.org>
>
>     Subject: [Editorial Errata Reported] RFC4072 (2317)
>
>      
>
>      
>
>     The following errata report has been submitted for RFC4072, "Diameter
>
>     Extensible Authentication Protocol (EAP) Application".
>
>      
>
>     --------------------------------------
>
>     You may review the report below and at:
>
>     http://www.rfc-editor.org/errata_search.php?rfc=4072&eid=2317 <http://www.rfc-editor.org/errata_search.php?rfc=4072&eid=2317>
>
>      
>
>     --------------------------------------
>
>     Type: Editorial
>
>     Reported by: Souheil Ben Ayed <souheil.benayed@gmail.com> <mailto:souheil.benayed@gmail.com>
>
>      
>
>     Section: 3.2.
>
>      
>
>     Original Text
>
>     -------------
>
>           <Diameter-EAP-Answer> ::= < Diameter Header: 268, PXY >
>
>      
>
>                                     < Session-Id >
>
>      
>
>                                     { Auth-Application-Id }
>
>      
>
>                                     { Auth-Request-Type }
>
>      
>
>                                     { Result-Code }
>
>      
>
>                                     { Origin-Host }
>
>      
>
>                                     { Origin-Realm }
>
>      
>
>                                     [ User-Name ]
>
>      
>
>                                     [ EAP-Payload ]
>
>      
>
>                                     [ EAP-Reissued-Payload ]
>
>      
>
>                                     [ EAP-Master-Session-Key ]
>
>      
>
>                                     [ EAP-Key-Name ]
>
>      
>
>                                     [ Multi-Round-Time-Out ]
>
>      
>
>                                     [ Accounting-EAP-Auth-Method ]
>
>      
>
>                                     [ Service-Type ]
>
>      
>
>     Corrected Text
>
>     --------------
>
>           <Diameter-EAP-Answer> ::= < Diameter Header: 268, PXY >
>
>      
>
>                                     < Session-Id >
>
>      
>
>                                     { Auth-Application-Id }
>
>      
>
>                                     { Auth-Request-Type }
>
>      
>
>                                     { Result-Code }
>
>      
>
>                                     { Origin-Host }
>
>      
>
>                                     { Origin-Realm }
>
>      
>
>                                     [ User-Name ]
>
>      
>
>                                     [ EAP-Payload ]
>
>      
>
>                                     [ EAP-Reissued-Payload ]
>
>      
>
>                                     [ EAP-Master-Session-Key ]
>
>      
>
>                                     [ EAP-Key-Name ]
>
>      
>
>                                     [ Multi-Round-Time-Out ]
>
>      
>
>                                   * [ Accounting-EAP-Auth-Method ]
>
>      
>
>                                     [ Service-Type ]
>
>      
>
>     Notes
>
>     -----
>
>     When one or more EAP methods used for authenticating the user, for each
>
>     used EAP method an Accounting-EAP-Auth-Method AVP is added in the
>
>     Diameter-EAP-Answer with a successful result code. In the message format
>
>     of Diameter-EAP-Answer, one or more Accounting-EAP-Auth-Method AVPs can
>
>     be included.
>
>      
>
>     Instructions:
>
>     -------------
>
>     This errata is currently posted as "Reported". If necessary, please use
>
>     "Reply All" to discuss whether it should be verified or rejected. When a
>
>     decision is reached, the verifying party (IESG) can log in to change the
>
>     status and edit the report, if necessary.
>
>      
>
>     --------------------------------------
>
>     RFC4072 (draft-ietf-aaa-eap-10)
>
>     --------------------------------------
>
>     Title               : Diameter Extensible Authentication Protocol (EAP)
>
>     Application
>
>     Publication Date    : August 2005
>
>     Author(s)           : P. Eronen, Ed., T. Hiller, G. Zorn
>
>     Category            : PROPOSED STANDARD
>
>     Source              : Authentication, Authorization and Accounting
>
>     Area                : Operations and Management
>
>     Stream              : IETF
>
>     Verifying Party     : IESG
>
>     _______________________________________________
>
>     DiME mailing list
>
>     DiME@ietf.org <mailto:DiME@ietf.org>
>
>     https://www.ietf.org/mailman/listinfo/dime
>
>         
>
>  
>  
> _______________________________________________
> DiME mailing list
> DiME@ietf.org <mailto:DiME@ietf.org>
> https://www.ietf.org/mailman/listinfo/dime
>  
>   
>
>  
>

v2.23.0 | Report a Bug | By Email