Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for Encrypted DNS
Alan DeKok <aland@deployingradius.com> Wed, 12 October 2022 17:40 UTC
Return-Path: <aland@deployingradius.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDCD5C14CE23; Wed, 12 Oct 2022 10:40:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ox9Cohj4MiIh; Wed, 12 Oct 2022 10:40:53 -0700 (PDT)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73701C14CF0A; Wed, 12 Oct 2022 10:40:51 -0700 (PDT)
Received: from smtpclient.apple (unknown [75.98.136.130]) by mail.networkradius.com (Postfix) with ESMTPSA id 0DA917AF; Wed, 12 Oct 2022 17:40:46 +0000 (UTC)
Authentication-Results: NetworkRADIUS; dmarc=none (p=none dis=none) header.from=deployingradius.com
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <CAHbrMsAri9uSxfWp28=2o2bCwqoGg_AoqdWk5huduD7E=KoBSw@mail.gmail.com>
Date: Wed, 12 Oct 2022 13:40:45 -0400
Cc: "Joe Clarke (jclarke)" <jclarke=40cisco.com@dmarc.ietf.org>, "opsawg@ietf.org" <opsawg@ietf.org>, "radext@ietf.org" <radext@ietf.org>, "add@ietf.org" <add@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <1D504D41-55EA-47E4-AD3F-DF90A61E86AF@deployingradius.com>
References: <BN9PR11MB53717C0ECBFE57C8932F1888B8229@BN9PR11MB5371.namprd11.prod.outlook.com> <BN9PR11MB5371B8A7880B24F4455EE107B8229@BN9PR11MB5371.namprd11.prod.outlook.com> <CAHbrMsAri9uSxfWp28=2o2bCwqoGg_AoqdWk5huduD7E=KoBSw@mail.gmail.com>
To: Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/2ckZPta3WWqpmbUASiaOuZ4pUW8>
Subject: Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for Encrypted DNS
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Oct 2022 17:40:56 -0000
On Oct 12, 2022, at 1:32 PM, Ben Schwartz <bemasc=40google.com@dmarc.ietf.org> wrote: > > The Encrypted-DNS-SvcParams TLV seems to be limited to 253 octets. This is a problem, since it is meant to hold a SvcParams object that is allowed to be much larger (up to ~65000 octets in principle). The length is less than 253 octets, as it is encapsulated inside of another attribute "wrapper". So the practical limit is probably 250 or less. RADIUS provides for encoding more than 253 octets in an attribute. See https://www.rfc-editor.org/rfc/rfc8044#section-3.16 However, this capability exists only for "top level" attributes, and cannot be used here. Further, RADIUS packets are generally limited to 4K octets total. So even if the limits on this attribute are removed, then there's still a practical limit of around 4000 octets. Alan DeKok.
- [OPSAWG] 🔔 WG LC: RADIUS Extensions for Encrypted… Joe Clarke (jclarke)
- Re: [OPSAWG] 🔔 WG LC: RADIUS Extensions for Encry… Joe Clarke (jclarke)
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Ben Schwartz
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Alan DeKok
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Blumenthal, Uri - 0553 - MITLL
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Ben Schwartz
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Alan DeKok
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… mohamed.boucadair
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… mohamed.boucadair
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Alan DeKok
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… mohamed.boucadair
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Joe Clarke (jclarke)
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Joe Abley
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Ben Schwartz
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Erik Kline
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Alan DeKok
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Michael Richardson
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Alan DeKok
- Re: [OPSAWG] [radext] [Add] 🔔 WG LC: RADIUS Exten… mohamed.boucadair
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… mohamed.boucadair
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Alan DeKok
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… mohamed.boucadair
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… mohamed.boucadair
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Bernie Volz
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… mohamed.boucadair
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Bernie Volz
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… mohamed.boucadair
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Bernie Volz
- Re: [OPSAWG] [dhcwg] [Add] 🔔 WG LC: RADIUS Extens… Alan DeKok
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… mohamed.boucadair
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Bernie Volz
- Re: [OPSAWG] [dhcwg] [Add] 🔔 WG LC: RADIUS Extens… mohamed.boucadair
- Re: [OPSAWG] 🔔 WG LC: RADIUS Extensions for Encry… Joe Clarke (jclarke)
- Re: [OPSAWG] 🔔 WG LC: RADIUS Extensions for Encry… Joe Clarke (jclarke)
- Re: [OPSAWG] [dhcwg] 🔔 WG LC: RADIUS Extensions f… Bernie Volz
- Re: [OPSAWG] [Add] [dhcwg] 🔔 WG LC: RADIUS Extens… mohamed.boucadair
- Re: [OPSAWG] [Add] [dhcwg] 🔔 WG LC: RADIUS Extens… Bernie Volz