Re: [radext] Implementation inventions
Heikki Vatiainen <hvn@radiatorsoftware.com> Tue, 22 August 2023 12:03 UTC
Return-Path: <hvn@radiatorsoftware.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C5A0C14CE4A for <radext@ietfa.amsl.com>; Tue, 22 Aug 2023 05:03:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.908
X-Spam-Level:
X-Spam-Status: No, score=-6.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=radiatorsoftware-com.20221208.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ASBzv-upq0kn for <radext@ietfa.amsl.com>; Tue, 22 Aug 2023 05:03:16 -0700 (PDT)
Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89C57C14CE42 for <radext@ietf.org>; Tue, 22 Aug 2023 05:03:16 -0700 (PDT)
Received: by mail-ed1-x52c.google.com with SMTP id 4fb4d7f45d1cf-5256d74dab9so5342579a12.1 for <radext@ietf.org>; Tue, 22 Aug 2023 05:03:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=radiatorsoftware-com.20221208.gappssmtp.com; s=20221208; t=1692705794; x=1693310594; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=FBP/tE/lgnMCH3wnoCHrvDu7QGMA9YXsmZWu8FGp+l4=; b=GQOgKxu4MQSb6fB14cLyNdcsUQfjNULOwpvd81xw2nwRNuQWNZbxuobGdn7++kvdyN UoOkKsPlUjJB5prRZHc+r3Yz3rHExk1irCfR5PeKeoB/ea9k5FRRmU4QVW7fFTgIH1dK 7KCcG1zwrkZe2TVScgA/xSa6MMrHf4RuzTbwH5e3HyhdJexvhpYc64bD7O8WLGcpnU6V ngXwxcxfNCq9kKpIMiwz6dc43bysldd9kFy2Q5+aQuDTmQBDHa82ivY7Un2ra5HWX/yN 7Kp/Zwll/AiXeQQ6rqeciDsHfkIWrODS+E5v9tcKwJiRwKfAbc8YG+HQHbTDE8WvX4aB Y6HQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692705794; x=1693310594; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=FBP/tE/lgnMCH3wnoCHrvDu7QGMA9YXsmZWu8FGp+l4=; b=Fvnit1fb8jzl2zeVQxO0RUZxf7JfBZcqR+HSPhvaUxTbqe93Ez3+/x1GHacWOvVkx+ hm9Ezl3FPNWWjJHKrmKDVAkJ92II2i+1razsMOvhpfeSCgZvkuVZtfGINAhg90SS7GZn jiwdSfd0AxsO7ECRXNf+c2bNJuGk/GgDC1j0mwMbZbuup3zmlXnvgi2SsKzFoPrbRoOe vLfPA2kJNFyFVFOoGOtF81yBCCkacVgCU/1rOCJIGFLMwa+djAAjSweMrVu/BAMPL8FL LgwMkM2DmsQqbPq4oGe08kQ9WEJ5eLiT+iTILdMsmmNcXj+U5irlDMsZOVYgBbomjCp+ yQFw==
X-Gm-Message-State: AOJu0YyPyfH6+if7O9IXCKTJUJJFElQMDSrFQ+AdOcV0M6FYZgQ0MSXu eMZBiVrHC55Kn5KweFQ07ZgygiX0RL4o/EjkBiPrKszCwQxjIGod
X-Google-Smtp-Source: AGHT+IGofNgIdWpDIGKFTeQMBs2wyEaZyuh2AN1mtsQyfYJ+msJ5MUUuCjEgdu3BDP0UfwGQL0tZJE4UiWiIRyGSZv4=
X-Received: by 2002:aa7:d4cc:0:b0:523:c19d:a521 with SMTP id t12-20020aa7d4cc000000b00523c19da521mr6103456edr.40.1692705793907; Tue, 22 Aug 2023 05:03:13 -0700 (PDT)
MIME-Version: 1.0
References: <2B40BD0B-8C16-491C-90F8-B744F2E4E2D3@deployingradius.com> <SN4PR10MB5589C79F441AFBB72493DA84A10CA@SN4PR10MB5589.namprd10.prod.outlook.com> <A4625416-E62C-45F9-ABDF-3FDF3034511C@deployingradius.com>
In-Reply-To: <A4625416-E62C-45F9-ABDF-3FDF3034511C@deployingradius.com>
From: Heikki Vatiainen <hvn@radiatorsoftware.com>
Date: Tue, 22 Aug 2023 15:02:57 +0300
Message-ID: <CAA7Lko_WY-yDX5XJUqNGN2MQ+m5_9eY_4eEBs1VJNsgZ3mOrsQ@mail.gmail.com>
To: "radext@ietf.org" <radext@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008e36c1060381c7e4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/1ci23SJlTQy8kyQeUMymxO27dHE>
Subject: Re: [radext] Implementation inventions
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Aug 2023 12:03:17 -0000
On Tue, 8 Aug 2023 at 00:33, Alan DeKok <aland@deployingradius.com> wrote: > On Aug 7, 2023, at 5:20 PM, Michael Sym <msym@singledigits.com> wrote: > > > > Great list, Alan. We’ve unfortunately seen so many of these “inventive” > behaviors. And are trying to address the garbage Acct-Input/Output-Octets > values in WBA’s RADIUS Accounting Assurance work area. > > > > I wholeheartedly agree with the challenge in reliably tying accounting > packets to an authentication. That would be an extremely helpful missing > piece for this group to address. Requiring “Acct-Session-Id” and/or > “Acct-Multi-Session-Id” in Access-Requests could be a good place to start. > > Part of the interest in posting the list is to get input from other > people who've seen additional issues. > > I'm not sure if the WG has opinions on a new document "Issues and fixes > part 2", or even pushing 2866 to Standards track. Both of those ideas have > a "here be dragons" label in my mind. > Something for the list: RADIUS dynauth server that returned NAK when Message-Authenticator was in a dynauth request. It's been a while when that was noticed, but not that many years. The attribute is not required, but these kinds of small variations make it hard to create dynauth messages in multivendor systems. Maybe the list could be added to the WG github for the moment? It could help to avoid it to getting lost. -- Heikki Vatiainen hvn@radiatorsoftware.com
- [radext] Implementation inventions Alan DeKok
- Re: [radext] Implementation inventions Michael Sym
- Re: [radext] Implementation inventions Alan DeKok
- Re: [radext] Implementation inventions Heikki Vatiainen
- Re: [radext] Implementation inventions Alan DeKok
- Re: [radext] Implementation inventions Heikki Vatiainen
- Re: [radext] Implementation inventions Michael Sym
- Re: [radext] Implementation inventions Alexander Clouter
- Re: [radext] Implementation inventions Alan DeKok
- Re: [radext] Implementation inventions Alexander Clouter
- Re: [radext] Implementation inventions Alan DeKok