[radext] moving forward with draft-ietf-radext-coa-proxy
Benjamin Kaduk <kaduk@mit.edu> Mon, 12 November 2018 23:48 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DAE2130EA2; Mon, 12 Nov 2018 15:48:35 -0800 (PST)
X-Quarantine-ID: <QyoGVD513EMv>
X-Virus-Scanned: amavisd-new at amsl.com
X-Amavis-Alert: BAD HEADER SECTION, Non-encoded 8-bit data (char 9C hex): Received: ...s kaduk@ATHENA.MIT.EDU)\n\t\234by outgoing.mit[...]
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QyoGVD513EMv; Mon, 12 Nov 2018 15:48:33 -0800 (PST)
Received: from dmz-mailsec-scanner-2.mit.edu (dmz-mailsec-scanner-2.mit.edu [18.9.25.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C612F130E46; Mon, 12 Nov 2018 15:48:29 -0800 (PST)
X-AuditID: 1209190d-6cfff7000000358a-d8-5bea114bdb3a
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-2.mit.edu (Symantec Messaging Gateway) with SMTP id C4.46.13706.C411AEB5; Mon, 12 Nov 2018 18:48:28 -0500 (EST)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-3.mit.edu (8.14.7/8.9.2) with ESMTP id wACNmQHg024141; Mon, 12 Nov 2018 18:48:27 -0500
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) �by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id wACNmNZZ006268 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 12 Nov 2018 18:48:25 -0500
Date: Mon, 12 Nov 2018 17:48:23 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: draft-ietf-radext-coa-proxy.all@ietf.org
Cc: radext@ietf.org
Message-ID: <20181112234823.GG99562@kduck.kaduk.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrHIsWRmVeSWpSXmKPExsUixCmqresj+Cra4OkvXovzb/6zW7S8msnm wOSxZMlPpgDGKC6blNSczLLUIn27BK6Mn0uPMRV8Falo65/N3sC4XqCLkZNDQsBE4tjrh2xd jFwcQgJrmCQ+7p7LBOFsZJR4c/QuC4Rzl0li1qrtLCAtLAKqEps23WEHsdkEVCQaui8zg9gi AjoSdxZdBathFhCW2HhqPROILSxgIbHx3WmwOC/QurXf/rBB2IISJ2c+garXkrjx7yVQPQeQ LS2x/B8HSFhUQFlib98h9gmMfLOQdMxC0jELoWMBI/MqRtmU3Crd3MTMnOLUZN3i5MS8vNQi XSO93MwSvdSU0k2M4GCT5N3B+O+u1yFGAQ5GJR7eC/NeRguxJpYVV+YeYpTkYFIS5c18BBTi S8pPqcxILM6ILyrNSS0+xCjBwawkwsvHA5TjTUmsrEotyodJSXOwKInz/hZ5HC0kkJ5Ykpqd mlqQWgSTleHgUJLgfcr/KlpIsCg1PbUiLTOnBCHNxMEJMpwHaPg3kBre4oLE3OLMdIj8KUZF KXHeFyAJAZBERmkeXC8oGUhk7695xSgO9Iow71eQKh5gIoHrfgU0mAlocMnL5yCDSxIRUlIN jIK7Hll+OjXP0uqm4e/eNJP4+zPbXhnMcuaSqT3ZdNPqaXF/uNjFs0ELn1pIvHjpYPv34JEQ RteoX/3Vrxl97j1S3bJry7KaQ+0pa9j31rAZpDJLHzlnOPutlsOl4jIBpekbIvevzFH/0b58 0cNpz1s+e591vPfwW97xj89XMOYL68fMeRZ9cYISS3FGoqEWc1FxIgBuwaIY4QIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/DfnfEmwH5qVZNCRrYxZyQ4-Bs-Q>
Subject: [radext] moving forward with draft-ietf-radext-coa-proxy
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Nov 2018 23:48:35 -0000
Hi all,
Thanks to Alan for submitting a new revision(s) of the draft; I believe that
the -07 contains sufficient changes to resolve the last DISCUSS poinits open
against the document.
I also plan to change the target status to Informational (from Proposed
Standard); it is a little unfortunate to need to do so, but the IESG's
discussions convinced me that this is the sort of thing that the downref
policy was intended to avoid.
There were a few things in the diff between the -05 and -07 that stuck out
to me, though, and might require further changes.
In Section 3.2,
We also update Section 5 of [RFC5580] to permit CoA-Request and
Disconnect-Request packets to contain zero or one instances of the
Operator-Name attribute.
is not reflected in the Updates header and would require WG confirmation
and potentially re-running the IETF LC.
(Also, 5580 is Proposed Standard, so we'd have trouble doing this update
from an Informational document.) It's somewhat unclear to me exactly what
is being Updated, too, so I'd appreciate a bit of explanation (here in the
email thread).
Section 3.3 introduces a new normative requirement:
Some Home Networks will not have permission to send CoA packets to
the Visited Network. The CoA server SHOULD therefore also validate
the NAI contained in the User-Name attribute. If the Home Network is
not permitted to send CoA packets to this Visited Network, then the
CoA server MUST return a NAK packet that contains an Error-Cause
attribute having value 502 ("Request Not Routable").
Can the chairs confirm there is WG consensus for it?
In Section 3.4:
Implementations supporting this attribute MUST be able to handle
between one (1) and thirty-two (32) octets of data.
Implementations creating an Operator-NAS-Identifier MUST NOT
create attributes with more than sixty-four octets of data. A
thirty-two octet string should be more than sufficient for future
uses.
The bump from 20 to 32 octest is fine, but now we have MUST be able to
handle 32 and MUST NOT generate more than 64, which are different numbers.
(In the -05 the numbers were both 20.) Where did the 64 come from?
Section 4.2 introduces a new normative requirement:
The Visited Network MUST also ensure that the CoA packet sent to the
NAS contains one of the following attributes: NAS-IP-Address, NAS-
IPv6-Address, or NAS-Identifier. This step is the inverse of the
removal required above in Section 3.4.
First off, is this "at least one" or "exactly one"?
And the same question of WG consensus applies.
Thanks,
Ben
- [radext] moving forward with draft-ietf-radext-co… Benjamin Kaduk
- Re: [radext] moving forward with draft-ietf-radex… Alan DeKok
- Re: [radext] moving forward with draft-ietf-radex… Benjamin Kaduk