[radext] Éric Vyncke's Discuss on draft-ietf-radext-radiusdtls-bis-15: (with DISCUSS and COMMENT)

[Éric Vyncke via Datatracker <noreply@ietf.org>]

Éric Vyncke has entered the following ballot position for
draft-ietf-radext-radiusdtls-bis-15: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ 
for more information about how to handle DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-radext-radiusdtls-bis/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------


# Éric Vyncke INT AD comments for draft-ietf-radext-radiusdtls-bis-15
CC @evyncke

Thank you for the work put into this document.

Please find below some blocking DISCUSS points (super easy to address), some
non-blocking COMMENT points/nits (replies would be appreciated even if only for
my own education).

Special thanks to Valery Smyslov for the shepherd's detailed write-up including
the WG consensus *and* the justification of the intended status.

I hope that this review helps to improve the document,

Regards,

-éric

Note: this ballot comments follow the Markdown syntax of
https://github.com/mnot/ietf-comments/tree/main, i.e., they can be processed by
a tool to create github issues.

## DISCUSS (blocking)

As noted in
https://datatracker.ietf.org/doc/statement-iesg-handling-ballot-positions-20220121/,
a DISCUSS ballot is a request to have a discussion on the points below; I
really think that the document would be improved with a change here, but can be
convinced otherwise.

### Section 3.2

`RadSec clients MUST establish a (D)TLS session immediately upon connecting to
a new server.` why "immediately" ? Does it mean that they should first try with
plain RADIUS ? The subsequent paragraphs give some hints, but a PS must be
crystal clear.

### Section 3.12

What is `server IP` ? Please avoid readers guessing that it is "server IP
address", especially in a PS. Also occuring in other places.


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------


## COMMENTS (non-blocking)

### Section 3

s/Client implementations *SHOULD implement both, but* MUST implement at least
one of RADIUS/TLS or RADIUS/DTLS./Client implementations MUST implement at
least one of RADIUS/TLS or RADIUS/DTLS./ Clearer and avoiding a SHOULD.

### Section 3.1

The legend of table 1 is rather useless ;-) also use it in the text.

### Section 3.3.1 (and others)

A lot of "SHOULD" without any guidance... Why not "MUST" ? See also
https://datatracker.ietf.org/doc/statement-iesg-statement-on-clarifying-the-use-of-bcp-14-key-words/

What is a source IP address as opposed to "IP address" in `For clients
configured by their source IP address` ? Please remove "source".

### Section 3.5

Again a "SHOULD" without guidance to the implementers in `RadSec clients and
servers SHOULD implement session resumption.` ....

### Section 6.4

Unsure whether this section is required. Nice experience return by early
implementers probably, but unsure whether it belongs to a PS.

### Section 6.5.1

s/IP address version (IPv4 or IPv6)/IP *protocol* version (IPv4 or IPv6)/

### Section 9

Please add a URI to the registry, e.g.,
https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml

Also, it seems that the format of the bullet list is broken (at least on my
browser).