Re: [radext] AD review http://tools.ietf.org/html/draft-ietf-radext-dtls-09
Benoit Claise <bclaise@cisco.com> Wed, 16 April 2014 16:52 UTC
Return-Path: <bclaise@cisco.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 828FB1A0240 for <radext@ietfa.amsl.com>; Wed, 16 Apr 2014 09:52:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.773
X-Spam-Level:
X-Spam-Status: No, score=-9.773 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.272, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kHTHnSNg3Faw for <radext@ietfa.amsl.com>; Wed, 16 Apr 2014 09:52:20 -0700 (PDT)
Received: from aer-iport-4.cisco.com (aer-iport-4.cisco.com [173.38.203.54]) by ietfa.amsl.com (Postfix) with ESMTP id 010091A01E9 for <radext@ietf.org>; Wed, 16 Apr 2014 09:52:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2350; q=dns/txt; s=iport; t=1397667137; x=1398876737; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=2tDFjv063O4uZAQmES4aZwvOkiJ2UL6AZKXll9RvAow=; b=cfrxJEXVpIhqizpc1lEUs5Gd/jHyn3hYypXMfKqy1hTLltjdVn5Cdane sKBEZUsCL7he1JZwni42Lc4AtB55ym2OZRSVpth2TuEqzNxUsYz+fAa58 vWHfwq0TyHz8yUvfZuHg3e5jULmjWboKjQhyg33gNlC1KM4Tm4MvvRMnJ c=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AisFAAq0TlOQ/khL/2dsb2JhbABZgwY7xAyBIhZ0giUBAQEEOEEQCxgJJQ8CRgYNAQcBAYd4DckXF45iB4Q4AQOYZoE3hR+Lc4MzOw
X-IronPort-AV: E=Sophos;i="4.97,872,1389744000"; d="scan'208";a="14350762"
Received: from ams-core-2.cisco.com ([144.254.72.75]) by aer-iport-4.cisco.com with ESMTP; 16 Apr 2014 16:52:16 +0000
Received: from [10.60.67.86] (ams-bclaise-8915.cisco.com [10.60.67.86]) by ams-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id s3GGqFfs028278; Wed, 16 Apr 2014 16:52:15 GMT
Message-ID: <534EB53F.20204@cisco.com>
Date: Wed, 16 Apr 2014 18:52:15 +0200
From: Benoit Claise <bclaise@cisco.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Alan DeKok <aland@deployingradius.com>
References: <534D42E8.8020501@cisco.com> <534EB3FF.5040507@deployingradius.com>
In-Reply-To: <534EB3FF.5040507@deployingradius.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/radext/4xc4bhT-ys99rFPcrLp2R-u80Kc
Cc: "radext@ietf.org" <radext@ietf.org>
Subject: Re: [radext] AD review http://tools.ietf.org/html/draft-ietf-radext-dtls-09
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Apr 2014 16:52:21 -0000
Hi Alan, Thanks for the quick reply. Please provide a new version and I'll progress the draft. Regards, Benoit > Benoit Claise wrote: >> - In section 5.1: >> >> A RADIUS/DTLS server MUST track ongoing DTLS client session based the >> following 4-tuple: >> >> Does the MUST also apply to the DTLS Data and Last Traffic as well? > The MUST means that the 4 tuple MUST contain the DTLS session > information. The Last Traffic need be there only if it's used. The > implementation-specific DTLS data information is there only if it's > needed by the implementation. > > I'll update the text to make this clearer. > >> - Any reason why this sentence is repeated. Maybe the third one wants to >> stress_ for all DTLS sessions_? > Yes. I'll make that clear. > >> - Section 7 "Implementation experience" should follow RFC 6982 >> "Implementation Status" format. >> Example: >> https://datatracker.ietf.org/doc/draft-ietf-eman-energy-aware-mib/ or >> https://datatracker.ietf.org/doc/draft-ietf-eman-energy-monitoring-mib/ > I'll take a look. > >> - IANA considerations. >> Please make sure to spell out the exact IANA registry. > Done. > >> Editorial: >> - OLD: >> >> This specification does not, however, solve all of the problems >> associated with RADIUS. >> >> NEW: >> This specification does not, however, solve all of the problems >> associated with RADIUS/UDP > Done. > >> - Some misalignement in section 5.1: >> Each 4-tuple points to a unique session entry, which contains the >> following information: > I'll update the text. > >> 10.1 >> <http://tools.ietf.org/html/draft-ietf-radext-dtls-09#section-10.1>. >> Legacy RADIUS Security >> >> protocol. We suggest that RADIUS clients and servers implement >> either this specification, or [RFC6614 <http://tools.ietf.org/html/rfc6614>]. >> >> "protocol" looks lonely there :-) > Fixed. > >> - please extend CSPRNG > Done. > >> - >> When DTLS is used, the fixed IP address model can be relaxed. As >> discussed earlier in Section 2.2.1 <http://tools.ietf.org/html/draft-ietf-radext-dtls-09#section-2.2.1>, client identies should be >> determined from TLS parameters. >> >> identies? > Fixed. > > Alan DeKok. > . >
- [radext] AD review http://tools.ietf.org/html/dra… Benoit Claise
- Re: [radext] AD review http://tools.ietf.org/html… Alan DeKok
- Re: [radext] AD review http://tools.ietf.org/html… Benoit Claise