IETF Logo Mail Archive

Re: [pcp] Review of draft-maglione-pcp-radius-ext-05

Dean cheng <dean.cheng@huawei.com> Tue, 12 March 2013 14:56 UTC

Return-Path: <dean.cheng@huawei.com>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E5FF11E80A2 for <pcp@ietfa.amsl.com>; Tue, 12 Mar 2013 07:56:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yNxt2MM8y3KR for <pcp@ietfa.amsl.com>; Tue, 12 Mar 2013 07:56:33 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) by ietfa.amsl.com (Postfix) with ESMTP id 58D1D21F8B65 for <pcp@ietf.org>; Tue, 12 Mar 2013 07:56:33 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml203-edg.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.5-GA FastPath queued) with ESMTP id AQO44375; Tue, 12 Mar 2013 14:56:32 +0000 (GMT)
Received: from LHREML406-HUB.china.huawei.com (10.201.5.243) by lhreml203-edg.huawei.com (172.18.7.221) with Microsoft SMTP Server (TLS) id 14.1.323.7; Tue, 12 Mar 2013 14:56:00 +0000
Received: from SZXEML415-HUB.china.huawei.com (10.82.67.154) by lhreml406-hub.china.huawei.com (10.201.5.243) with Microsoft SMTP Server (TLS) id 14.1.323.7; Tue, 12 Mar 2013 14:56:31 +0000
Received: from SZXEML523-MBX.china.huawei.com ([169.254.3.37]) by szxeml415-hub.china.huawei.com ([10.82.67.154]) with mapi id 14.01.0323.007; Tue, 12 Mar 2013 22:56:28 +0800
From: Dean cheng <dean.cheng@huawei.com>
To: Alan DeKok <aland@deployingradius.com>, "pcp@ietf.org" <pcp@ietf.org>
Thread-Topic: [pcp] Review of draft-maglione-pcp-radius-ext-05
Thread-Index: AQHOHyzxiB6lMH73CEiYgjSzgbRF0JiiJlZg
Date: Tue, 12 Mar 2013 14:56:27 +0000
Message-ID: <DC7880973D477648AC15A3BA66253F6851AE950B@szxeml523-mbx.china.huawei.com>
References: <513F39CA.4070701@deployingradius.com>
In-Reply-To: <513F39CA.4070701@deployingradius.com>
Accept-Language: en-US, zh-CN
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.47.157.15]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Subject: Re: [pcp] Review of draft-maglione-pcp-radius-ext-05
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2013 14:56:34 -0000

Alan, thanks for your comments that make sense to me, i.e., make the server names as a series of attributes, and move the "context" before the name attribute, allowing Radius server do the processing in a traditional way.
Dean

> -----Original Message-----
> From: pcp-bounces@ietf.org [mailto:pcp-bounces@ietf.org] On Behalf Of
> Alan DeKok
> Sent: Tuesday, March 12, 2013 7:21 AM
> To: pcp@ietf.org
> Subject: [pcp] Review of draft-maglione-pcp-radius-ext-05
> 
>   This email is a quick review of the draft-maglione-pcp-radius-ext-05
> document.  Overall, it looks fairly good.
> 
>   The main issue I see is the definition of the PCP-server-name
> attribute.  It is defined in reference to draft-ietf-pcp-dhcp, which
> says that the attribute is a list of domain names, separated by spaces.
>  This encoding does not follow the traditional RADIUS methods.
> 
>   Normally, the data would have been sent as a series of attributes of
> the same "type", with different content.  e.g. instead of
> 
> 	PCP-Server-Name = "name1 name2 name3"
> 
>   it would be
> 
> 	PCP-Server-Name = "name1"
> 	PCP-Server-Name = "name2"
> 	PCP-Server-Name = "name3"
> 
>   I think there is good reason to change the definition.  Keeping it as
> a series of space-delimited strings means changing existing RADIUS
> systems.  RADIUS systems already have the means to select one of N
> attributes.  Searching inside of strings is a little more complex.
> 
>   The ASCII art shows this for the definition:
> 
>        0                   1                   2                   3
>        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>       |     Type      |    Length     |  PCP-Server-Name  ....
>       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>       |             Context           |
>       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> 
> 
>   I'm not sure why a fixed-length field "context" comes after a
> variable-length field.  In general, the fixed-length fields should be
> first, as it assists with decoding the data.
> 
>   Further, the document asserts:
> 
>    The data type of PCP Server Name is a string with opaque
>    encapsulation, according to section 2.1 of [RFC6158]
> 
>   I don't see how this is true.  The ietf-pcp-dhcp document does not
> define a structure encoding PCP-Server-Name followed by context.  If it
> did, that structure should be referenced here.
> 
>   It seems to me that both of the fields need to be administered by the
> RADIUS server.  Therefore, they are *not* "opaque data" as per the
> requirements of RFC 6518.
> 
>   I suggest using two attributes instead of one, which has an arbitrary
> structure.  I suggest encoding the PCP-Server-Name as a series of
> attributes, rather than as space-separated strings.
> 
>   Alan DeKok.
> _______________________________________________
> pcp mailing list
> pcp@ietf.org
> https://www.ietf.org/mailman/listinfo/pcp

v2.23.0 | Report a Bug | By Email