IETF Logo Mail Archive

Re: [radext] New DTLS document

Jouni Korhonen <jouni.nospam@gmail.com> Thu, 02 May 2013 18:50 UTC

Return-Path: <jouni.nospam@gmail.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79AB121F91CF for <radext@ietfa.amsl.com>; Thu, 2 May 2013 11:50:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.419
X-Spam-Level:
X-Spam-Status: No, score=-2.419 tagged_above=-999 required=5 tests=[AWL=-0.060, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, SARE_LWSHORTT=1.24]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sAcnLpLpG1Y7 for <radext@ietfa.amsl.com>; Thu, 2 May 2013 11:50:25 -0700 (PDT)
Received: from mail-ee0-f45.google.com (mail-ee0-f45.google.com [74.125.83.45]) by ietfa.amsl.com (Postfix) with ESMTP id 4DB3E21F8F2C for <radext@ietf.org>; Thu, 2 May 2013 11:49:58 -0700 (PDT)
Received: by mail-ee0-f45.google.com with SMTP id l10so450939eei.32 for <radext@ietf.org>; Thu, 02 May 2013 11:49:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:content-transfer-encoding:message-id:references:to:x-mailer; bh=x74Y2t0avTYsJEeS8yYvDiOWIHtrjRAJqHRtcYureyY=; b=dArXbrTulY8pGKwPlVNhvkt45WTKCeuN+mlOQ0xSAL6rA8YJc8ETi95Qk5oJm6z7PP /Gy5uyX/RKHngSJ7ktTDog3eWOwVQKIOF7xl2T9+OL60Xnu7w/vIp7QiIeh/GgoWWe6D FKOapqGCqzFeSF73x6zVhoeCH8fLfK5ZL3v55GOZFbjtz/ezMhT2rm2PmbNRP/czgWWe xXYjaDMigvYuIFftbJRd5gXv+qoH4Z3FGnCjUDh6KdwjOHoPzswjco4aJVHjIXYmhffO TRHDIOfu4j3H3zWr5zJZ5BLxAqxPEXGVTcDiHa9kgsuLHrBUOCyDZCdaWh5zkooMp/4w UeZg==
X-Received: by 10.14.127.5 with SMTP id c5mr5159752eei.45.1367520597311; Thu, 02 May 2013 11:49:57 -0700 (PDT)
Received: from ?IPv6:2001:1bc8:101:f101:95cd:56f2:ac38:2503? ([2001:1bc8:101:f101:95cd:56f2:ac38:2503]) by mx.google.com with ESMTPSA id bp51sm9481576eeb.5.2013.05.02.11.49.55 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 02 May 2013 11:49:56 -0700 (PDT)
Content-Type: text/plain; charset="iso-8859-1"
Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\))
From: Jouni Korhonen <jouni.nospam@gmail.com>
In-Reply-To: <51828E77.9020303@deployingradius.com>
Date: Thu, 02 May 2013 21:49:53 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <061B9149-3354-4E53-8721-FCD86BF03EF0@gmail.com>
References: <516EA97E.2000005@deployingradius.com> <C47910C2-BCEA-4DC2-A016-C98D67B62DD9@gmail.com> <A95B4818FD85874D8F16607F1AC7C628B4032E@xmb-rcd-x09.cisco.com> <0E1BBA4B-1985-43C3-800A-AF336CABEF30@gmail.com> <517FBD04.1050009@deployingradius.com> <B43B810F-DBF3-4CCD-BFA0-494E10819D2A@gmail.com> <51828E77.9020303@deployingradius.com>
To: Alan DeKok <aland@deployingradius.com>
X-Mailer: Apple Mail (2.1503)
Cc: radext@ietf.org, Jouni Korhonen <jouni.nospam@gmail.com>, "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
Subject: Re: [radext] New DTLS document
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/radext>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 May 2013 18:50:30 -0000

Hi,

On May 2, 2013, at 7:04 PM, Alan DeKok <aland@deployingradius.com> wrote:

> Jouni Korhonen wrote:
>> I would be ok to remove Section 5.1.2 entirely.
> 
>  Which means that the rest of the document needs to be updated, too.
> It talks about accepting UDP and DTLS on the same port.  Section 5.1.2
> is only *justification* for why that works.  The other sections say
> *how* it's supposed to work.
> 
>  i.e. Deleting 5.1.2 means we'd have to delete more than half of
> Section 3, too.

That would be a side effect of this approach. However, most folks
(including me) seems to be okish keeping the current text as well.
So it would be Joe's voice that counts here now.


>> However, if WG wants to keep
>> Section 5.1.2 I would add a note there that it is intended to be a short term 
>> migration solution and can be turned off at some point of time. Implementations
>> and deployments are encouraged to switch to the RADIUS-DTLS port as soon as
>> possible. Would that be OK for the WG?
> 
>  I already added that in the latest rev.  See Section 3:
> 
>   This section describes how clients and servers should transition to
>   DTLS.  There is a fair amount of discussion around this transition,
>   as it is critical to get it correct.  We expect that once
>   implementations have transitioned to RADIUS/DTLS, the text in this
>   section will no longer be relevant.
> 
>  If we're just going to turn off UDP, we don't need any transition
> path.  We just break the network, and let everyone figure out what to do.
> 
>  The whole point of the text in Section 3 is to document how the
> transition path is handled.  Including (if so desired) accepting UDP and
> DTLS on the same port.
> 
>  I can add duplicate text in Section 5.1.2.  But the idea is for people
> to read the *entire* document, and act on it as a whole.

No need to duplicate. A pointer back to Section 3 would definitely 
suffice.

- Jouni


> 
>  Alan DeKok.

v2.23.0 | Report a Bug | By Email