Re: [radext] AD review http://tools.ietf.org/html/draft-ietf-radext-dtls-09

Benoit Claise <bclaise@cisco.com> Wed, 16 April 2014 16:52 UTC

Return-Path: <bclaise@cisco.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 828FB1A0240 for <radext@ietfa.amsl.com>; Wed, 16 Apr 2014 09:52:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.773
X-Spam-Level:
X-Spam-Status: No, score=-9.773 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.272, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kHTHnSNg3Faw for <radext@ietfa.amsl.com>; Wed, 16 Apr 2014 09:52:20 -0700 (PDT)
Received: from aer-iport-4.cisco.com (aer-iport-4.cisco.com [173.38.203.54]) by ietfa.amsl.com (Postfix) with ESMTP id 010091A01E9 for <radext@ietf.org>; Wed, 16 Apr 2014 09:52:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2350; q=dns/txt; s=iport; t=1397667137; x=1398876737; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=2tDFjv063O4uZAQmES4aZwvOkiJ2UL6AZKXll9RvAow=; b=cfrxJEXVpIhqizpc1lEUs5Gd/jHyn3hYypXMfKqy1hTLltjdVn5Cdane sKBEZUsCL7he1JZwni42Lc4AtB55ym2OZRSVpth2TuEqzNxUsYz+fAa58 vWHfwq0TyHz8yUvfZuHg3e5jULmjWboKjQhyg33gNlC1KM4Tm4MvvRMnJ c=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AisFAAq0TlOQ/khL/2dsb2JhbABZgwY7xAyBIhZ0giUBAQEEOEEQCxgJJQ8CRgYNAQcBAYd4DckXF45iB4Q4AQOYZoE3hR+Lc4MzOw
X-IronPort-AV: E=Sophos;i="4.97,872,1389744000"; d="scan'208";a="14350762"
Received: from ams-core-2.cisco.com ([144.254.72.75]) by aer-iport-4.cisco.com with ESMTP; 16 Apr 2014 16:52:16 +0000
Received: from [10.60.67.86] (ams-bclaise-8915.cisco.com [10.60.67.86]) by ams-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id s3GGqFfs028278; Wed, 16 Apr 2014 16:52:15 GMT
Message-ID: <534EB53F.20204@cisco.com>
Date: Wed, 16 Apr 2014 18:52:15 +0200
From: Benoit Claise <bclaise@cisco.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Alan DeKok <aland@deployingradius.com>
References: <534D42E8.8020501@cisco.com> <534EB3FF.5040507@deployingradius.com>
In-Reply-To: <534EB3FF.5040507@deployingradius.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/radext/4xc4bhT-ys99rFPcrLp2R-u80Kc
Cc: "radext@ietf.org" <radext@ietf.org>
Subject: Re: [radext] AD review http://tools.ietf.org/html/draft-ietf-radext-dtls-09
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Apr 2014 16:52:21 -0000

Hi Alan,

Thanks for the quick reply.
Please provide a new version and I'll progress the draft.

Regards, Benoit
> Benoit Claise wrote:
>> - In section 5.1:
>>
>>     A RADIUS/DTLS server MUST track ongoing DTLS client session based the
>>     following 4-tuple:
>>
>> Does the MUST also apply to the DTLS Data and Last Traffic as well?
>    The MUST means that the 4 tuple MUST contain the DTLS session
> information.  The Last Traffic need be there only if it's used.  The
> implementation-specific DTLS data information is there only if it's
> needed by the implementation.
>
>    I'll update the text to make this clearer.
>
>> - Any reason why this sentence is repeated. Maybe the third one wants to
>> stress_ for all DTLS sessions_?
>    Yes.  I'll make that clear.
>
>> - Section 7 "Implementation experience" should follow RFC 6982
>> "Implementation Status" format.
>> Example:
>> https://datatracker.ietf.org/doc/draft-ietf-eman-energy-aware-mib/ or
>> https://datatracker.ietf.org/doc/draft-ietf-eman-energy-monitoring-mib/
>    I'll take a look.
>
>> - IANA considerations.
>> Please make sure to spell out the exact IANA registry.
>    Done.
>
>> Editorial:
>> - OLD:
>>
>>     This specification does not, however, solve all of the problems
>>     associated with RADIUS.
>>
>> NEW:
>>     This specification does not, however, solve all of the problems
>>     associated with RADIUS/UDP
>    Done.
>
>> - Some misalignement in section 5.1:
>>     Each 4-tuple points to a unique session entry, which contains the
>>     following information:
>    I'll update the text.
>
>>        10.1
>>        <http://tools.ietf.org/html/draft-ietf-radext-dtls-09#section-10.1>.
>>        Legacy RADIUS Security
>>
>>     protocol.  We suggest that RADIUS clients and servers implement
>>     either this specification, or [RFC6614 <http://tools.ietf.org/html/rfc6614>].
>>
>> "protocol" looks lonely there :-)
>    Fixed.
>
>> - please extend CSPRNG
>    Done.
>
>> -
>>     When DTLS is used, the fixed IP address model can be relaxed.  As
>>     discussed earlier in Section 2.2.1 <http://tools.ietf.org/html/draft-ietf-radext-dtls-09#section-2.2.1>, client identies should be
>>     determined from TLS parameters.
>>
>> identies?
>    Fixed.
>
>    Alan DeKok.
> .
>