[pcp] Review of draft-maglione-pcp-radius-ext-05
Alan DeKok <aland@deployingradius.com> Tue, 12 March 2013 14:21 UTC
Return-Path: <aland@deployingradius.com>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B889121F8BA2 for <pcp@ietfa.amsl.com>; Tue, 12 Mar 2013 07:21:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vREvScPli4pg for <pcp@ietfa.amsl.com>; Tue, 12 Mar 2013 07:21:45 -0700 (PDT)
Received: from power.freeradius.org (power.freeradius.org [88.190.25.44]) by ietfa.amsl.com (Postfix) with ESMTP id D712221F8B4C for <pcp@ietf.org>; Tue, 12 Mar 2013 07:21:44 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by power.freeradius.org (Postfix) with ESMTP id 80BA02240D64 for <pcp@ietf.org>; Tue, 12 Mar 2013 15:21:00 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at power.freeradius.org
Received: from power.freeradius.org ([127.0.0.1]) by localhost (power.freeradius.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Or0qbs5b39pH for <pcp@ietf.org>; Tue, 12 Mar 2013 15:21:00 +0100 (CET)
Received: from Thor-2.local (bas1-ottawa11-1177737335.dsl.bell.ca [70.50.216.119]) by power.freeradius.org (Postfix) with ESMTPSA id B0F772240A12 for <pcp@ietf.org>; Tue, 12 Mar 2013 15:20:59 +0100 (CET)
Message-ID: <513F39CA.4070701@deployingradius.com>
Date: Tue, 12 Mar 2013 10:20:58 -0400
From: Alan DeKok <aland@deployingradius.com>
User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228)
MIME-Version: 1.0
To: "pcp@ietf.org" <pcp@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: [pcp] Review of draft-maglione-pcp-radius-ext-05
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2013 14:21:46 -0000
This email is a quick review of the draft-maglione-pcp-radius-ext-05
document. Overall, it looks fairly good.
The main issue I see is the definition of the PCP-server-name
attribute. It is defined in reference to draft-ietf-pcp-dhcp, which
says that the attribute is a list of domain names, separated by spaces.
This encoding does not follow the traditional RADIUS methods.
Normally, the data would have been sent as a series of attributes of
the same "type", with different content. e.g. instead of
PCP-Server-Name = "name1 name2 name3"
it would be
PCP-Server-Name = "name1"
PCP-Server-Name = "name2"
PCP-Server-Name = "name3"
I think there is good reason to change the definition. Keeping it as
a series of space-delimited strings means changing existing RADIUS
systems. RADIUS systems already have the means to select one of N
attributes. Searching inside of strings is a little more complex.
The ASCII art shows this for the definition:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | PCP-Server-Name ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Context |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
I'm not sure why a fixed-length field "context" comes after a
variable-length field. In general, the fixed-length fields should be
first, as it assists with decoding the data.
Further, the document asserts:
The data type of PCP Server Name is a string with opaque
encapsulation, according to section 2.1 of [RFC6158]
I don't see how this is true. The ietf-pcp-dhcp document does not
define a structure encoding PCP-Server-Name followed by context. If it
did, that structure should be referenced here.
It seems to me that both of the fields need to be administered by the
RADIUS server. Therefore, they are *not* "opaque data" as per the
requirements of RFC 6518.
I suggest using two attributes instead of one, which has an arbitrary
structure. I suggest encoding the PCP-Server-Name as a series of
attributes, rather than as space-separated strings.
Alan DeKok.
- [pcp] Review of draft-maglione-pcp-radius-ext-05 Alan DeKok
- Re: [pcp] Review of draft-maglione-pcp-radius-ext… Dean cheng
- Re: [pcp] Review of draft-maglione-pcp-radius-ext… mohamed.boucadair
- Re: [pcp] Review of draft-maglione-pcp-radius-ext… Alan DeKok
- Re: [pcp] Review of draft-maglione-pcp-radius-ext… Alan DeKok
- Re: [pcp] Review of draft-maglione-pcp-radius-ext… Dean cheng