Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for Encrypted DNS
Alan DeKok <aland@deployingradius.com> Thu, 13 October 2022 11:40 UTC
Return-Path: <aland@deployingradius.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E138C1524B5; Thu, 13 Oct 2022 04:40:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ePw0P4-yQFx1; Thu, 13 Oct 2022 04:40:03 -0700 (PDT)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E4FD8C14CE40; Thu, 13 Oct 2022 04:40:02 -0700 (PDT)
Received: from smtpclient.apple (135-23-95-173.cpe.pppoe.ca [135.23.95.173]) by mail.networkradius.com (Postfix) with ESMTPSA id 5EF23F8; Thu, 13 Oct 2022 11:39:59 +0000 (UTC)
Authentication-Results: NetworkRADIUS; dmarc=none (p=none dis=none) header.from=deployingradius.com
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <18256_1665648691_6347C833_18256_484_1_41a902658c604d619e7b829fb62f4441@orange.com>
Date: Thu, 13 Oct 2022 07:39:58 -0400
Cc: Ben Schwartz <bemasc@google.com>, "Joe Clarke (jclarke)" <jclarke@cisco.com>, "opsawg@ietf.org" <opsawg@ietf.org>, "radext@ietf.org" <radext@ietf.org>, "add@ietf.org" <add@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <A9E7BE15-398E-43C7-BA01-8C3D7AE88F5D@deployingradius.com>
References: <BN9PR11MB53717C0ECBFE57C8932F1888B8229@BN9PR11MB5371.namprd11.prod.outlook.com> <BN9PR11MB5371B8A7880B24F4455EE107B8229@BN9PR11MB5371.namprd11.prod.outlook.com> <CAHbrMsAri9uSxfWp28=2o2bCwqoGg_AoqdWk5huduD7E=KoBSw@mail.gmail.com> <1D504D41-55EA-47E4-AD3F-DF90A61E86AF@deployingradius.com> <CAHbrMsAzQ+W5hyz3QiVJAdnf=cAfzHcDpja3VvBWxyAUbhbqtQ@mail.gmail.com> <BFCCA9FC-895B-4960-840B-11AE6DAA377E@deployingradius.com> <18256_1665648691_6347C833_18256_484_1_41a902658c604d619e7b829fb62f4441@orange.com>
To: BOUCADAIR Mohamed INNOV/NET <mohamed.boucadair@orange.com>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/NrNNJVrQw8mXjoVSyD7J2H3Wkrw>
Subject: Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for Encrypted DNS
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Oct 2022 11:40:08 -0000
On Oct 13, 2022, at 4:11 AM, mohamed.boucadair@orange.com wrote: > > Hi Alan, all, > > FYI, we do already have the following in the draft to pass RADIUS attributes in DHCPv6: > > In deployments where the NAS behaves as a DHCPv6 relay agent, the > procedure discussed in Section 3 of [RFC7037] can be followed. To > that aim, Section 6.3 updates the "RADIUS Attributes Permitted in > DHCPv6 RADIUS Option" registry ([DHCP-RADIUS]). I was thinking of the other way around: allowing DHCPv6 options inside of a RADIUS attribute. > For the typical target deployment in the draft, I don' think we have a valid case for long data. That's said, we may include a provision to allow for multiple TLVs; each carrying self-contained key=value data. If that's the target deployment, then that works. I'd suggest updating the draft to explicitly mention this limitation, and describe why it's acceptable. I'd also suggest changing the RADIUS attribute space from 241.X to 245.X. See https://www.rfc-editor.org/rfc/rfc8044#section-3.16 With 241.X, the maximum amount of data which can be carried is 252 octets. This space has to encapsulate all child attributes, including headers and contents. Which means that each individual child attribute can carry much less than 253 octets. With 245.X, the maximum amount of data which can be carried is limited only by the RADIUS packet length. Each child attribute can then carry a full 253 octets of data. And there are no limits on the number of child attributes which ca be carried. Alan DeKok.
- [OPSAWG] 🔔 WG LC: RADIUS Extensions for Encrypted… Joe Clarke (jclarke)
- Re: [OPSAWG] 🔔 WG LC: RADIUS Extensions for Encry… Joe Clarke (jclarke)
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Ben Schwartz
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Alan DeKok
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Blumenthal, Uri - 0553 - MITLL
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Ben Schwartz
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Alan DeKok
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… mohamed.boucadair
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… mohamed.boucadair
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Alan DeKok
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… mohamed.boucadair
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Joe Clarke (jclarke)
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Joe Abley
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Ben Schwartz
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Erik Kline
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Alan DeKok
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Michael Richardson
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Alan DeKok
- Re: [OPSAWG] [radext] [Add] 🔔 WG LC: RADIUS Exten… mohamed.boucadair
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… mohamed.boucadair
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Alan DeKok
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… mohamed.boucadair
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… mohamed.boucadair
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Bernie Volz
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… mohamed.boucadair
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Bernie Volz
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… mohamed.boucadair
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Bernie Volz
- Re: [OPSAWG] [dhcwg] [Add] 🔔 WG LC: RADIUS Extens… Alan DeKok
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… mohamed.boucadair
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Bernie Volz
- Re: [OPSAWG] [dhcwg] [Add] 🔔 WG LC: RADIUS Extens… mohamed.boucadair
- Re: [OPSAWG] 🔔 WG LC: RADIUS Extensions for Encry… Joe Clarke (jclarke)
- Re: [OPSAWG] 🔔 WG LC: RADIUS Extensions for Encry… Joe Clarke (jclarke)
- Re: [OPSAWG] [dhcwg] 🔔 WG LC: RADIUS Extensions f… Bernie Volz
- Re: [OPSAWG] [Add] [dhcwg] 🔔 WG LC: RADIUS Extens… mohamed.boucadair
- Re: [OPSAWG] [Add] [dhcwg] 🔔 WG LC: RADIUS Extens… Bernie Volz