Re: [radext] [internet-drafts@ietf.org] New Version Notification for draft-hartman-radext-bigger-packets-00.txt
Peter Deacon <peterd@iea-software.com> Tue, 22 October 2013 00:30 UTC
Return-Path: <peterd@iea-software.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3785011E875F for <radext@ietfa.amsl.com>; Mon, 21 Oct 2013 17:30:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9x35b27SrD3D for <radext@ietfa.amsl.com>; Mon, 21 Oct 2013 17:30:01 -0700 (PDT)
Received: from aspen.internal.iea-software.com (remote.iea-software.com [70.89.142.196]) by ietfa.amsl.com (Postfix) with ESMTP id 587C711E82CE for <radext@ietf.org>; Mon, 21 Oct 2013 17:29:58 -0700 (PDT)
Received: from SMURF (unverified [10.0.3.195]) by aspen.internal.iea-software.com (Rockliffe SMTPRA 7.0.6) with ESMTP id <B0005904329@aspen.internal.iea-software.com>; Mon, 21 Oct 2013 17:29:57 -0700
Date: Mon, 21 Oct 2013 17:29:35 -0700
From: Peter Deacon <peterd@iea-software.com>
To: Sam Hartman <hartmans@painless-security.com>
In-Reply-To: <tslsivuv1kq.fsf@mit.edu>
Message-ID: <alpine.WNT.2.00.1310211417160.2760@SMURF>
References: <tslsivuv1kq.fsf@mit.edu>
User-Agent: Alpine 2.00 (WNT 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format="flowed"; charset="US-ASCII"
Cc: radext@ietf.org
Subject: Re: [radext] [internet-drafts@ietf.org] New Version Notification for draft-hartman-radext-bigger-packets-00.txt
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/radext>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2013 00:30:06 -0000
On Mon, 21 Oct 2013, Sam Hartman wrote: > I've written a draft that proposes expanding the maximum packet size for > RFC 6613-based transports including RFC 6614. This draft is > intentionally designed to be minimal: no capability negotiation as an > example. > A few details such as the registration of code points are left out, but > I believe the draft is complete enough to evaluate the technical > approach. > My draft is intentionally simpler than Peter's approach (or the part of > it that deals with this) The way my draft is structured one can simply provide a non-default administrative option at each peer enabling large packets. No new command codes or attributes required. > I don't think the complexity of his approach is needed for solving the > part of the problem I would like to see solved. Don't know how much the following matters for your uses - some things to think about. Section 3. With TCP any number of RADIUS requests could be in-flight before RADIUS server even sees a request to react. When a connection is dropped client can't always even be sure what request if any closure was in response let alone why. In response to closure specifically and the "too big" code in general how long should client think bigger-packets is not supported by server? next connection? forever? RFC6613 allows implementation to close TCP connection in response to unknown code. This "MAY" cause a client not supporting bigger-packets to disconnect on receipt of the "too big" code. This unfortunately is a good example why I don't support this language in RFC6613. 2. "Clients MAY silently discard a packet greater than some configured size" How does this work? For example I'm authenticating someone and Access-Accept is too big. Do I assume access-reject? Keep waiting for the response that is not too big? regards, Peter
- [radext] [internet-drafts@ietf.org] New Version N… Sam Hartman
- Re: [radext] [internet-drafts@ietf.org] New Versi… Alan DeKok
- Re: [radext] [internet-drafts@ietf.org] New Versi… Peter Deacon
- Re: [radext] [internet-drafts@ietf.org] New Versi… Alejandro Perez Mendez
- Re: [radext] [internet-drafts@ietf.org] New Versi… Satyanarayana Danda (sdanda)
- Re: [radext] [internet-drafts@ietf.org] New Versi… Sam Hartman
- Re: [radext] [internet-drafts@ietf.org] New Versi… Alan DeKok
- Re: [radext] [internet-drafts@ietf.org] New Versi… Sam Hartman
- Re: [radext] [internet-drafts@ietf.org] New Versi… Alan DeKok