IETF Logo Mail Archive

Re: [Dime] Dime WG at IETF 113 / Vienna ??

Alan DeKok <aland@deployingradius.com> Fri, 11 March 2022 13:48 UTC

Return-Path: <aland@deployingradius.com>
X-Original-To: dime@ietfa.amsl.com
Delivered-To: dime@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F31613A13AD for <dime@ietfa.amsl.com>; Fri, 11 Mar 2022 05:48:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BRV6-FfwMQJI for <dime@ietfa.amsl.com>; Fri, 11 Mar 2022 05:48:40 -0800 (PST)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E83653A13B3 for <dime@ietf.org>; Fri, 11 Mar 2022 05:48:39 -0800 (PST)
Received: from smtpclient.apple (24-52-251-6.cable.teksavvy.com [24.52.251.6]) by mail.networkradius.com (Postfix) with ESMTPSA id 0F4A03A2; Fri, 11 Mar 2022 13:48:34 +0000 (UTC)
Authentication-Results: NetworkRADIUS; dmarc=none (p=none dis=none) header.from=deployingradius.com
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 15.0 \(3693.60.0.1.1\))
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <20220311072831.GC28768@openfortress.nl>
Date: Fri, 11 Mar 2022 08:48:33 -0500
Cc: Diameter Maint/Ext <dime@ietf.org>, adriaan@cnossos.nl, henri@mansoft.nl
Content-Transfer-Encoding: quoted-printable
Message-Id: <3F7435B6-DE96-4963-BEAF-094CA1B7EAAC@deployingradius.com>
References: <20220310070355.GC24851@openfortress.nl> <4ADABF6A-51D7-4018-99B6-D4A42C0A9777@deployingradius.com> <20220311072831.GC28768@openfortress.nl>
To: Rick van Rein <rick@OPENFORTRESS.NL>
X-Mailer: Apple Mail (2.3693.60.0.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dime/kQjcGXZhdZz_tDGqXwyu5Kahkek>
Subject: Re: [Dime] Dime WG at IETF 113 / Vienna ??
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dime/>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Mar 2022 13:48:46 -0000

On Mar 11, 2022, at 2:28 AM, Rick van Rein <rick@OPENFORTRESS.NL> wrote:
> Ah, the term was used informally.  I am talking of a name without
> domain, like "fred".  I will clarify this in the text:

  OK.  If the identity	doesn't have a realm, then it can't be routed.

>   However, the NAI can be just utf8-username whereas BYOID always
>   needs to express the domain, so the root of the grammar tree is
>   different:

  Sure.  It may be sufficient to just say "don't do that".  RFC 7542 allows NAIs without realms for historical purposes. But makes it clear that if there's any AAA routing, the realm has to exist.

> Every site that says "login with your Google / Facebook account"
> shows that it is tempting to use an identity provider to avoid
> local accounts.  We'd rather facilitate things from a domain
> under our own control than to delegate decisions on account access
> to such data-hungry parties.

  While I agree, I've been fighting this battle for a long time.  I've moved on to other work.

>>  This is not correct.  The utf8-realm is case sensitive,
> 
> Autch, really?

  Sorry, typo. The utf8-realm is a domain name, which is case INsensitive.   Please ignore the typo.

  Alan DeKok.

v2.23.0 | Report a Bug | By Email