Re: [radext] Review of draft-ietf-radext-bigger-packets-02.txt
Sam Hartman <hartmans@painless-security.com> Fri, 06 March 2015 19:52 UTC
Return-Path: <hartmans@painless-security.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F387D1A6FF2 for <radext@ietfa.amsl.com>; Fri, 6 Mar 2015 11:52:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XwflBzWEtM5E for <radext@ietfa.amsl.com>; Fri, 6 Mar 2015 11:52:12 -0800 (PST)
Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 659151A1EE8 for <radext@ietf.org>; Fri, 6 Mar 2015 11:52:12 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.painless-security.com (Postfix) with ESMTP id C41E520652; Fri, 6 Mar 2015 14:50:44 -0500 (EST)
Received: from mail.painless-security.com ([127.0.0.1]) by localhost (mail.suchdamage.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F4oKojfPTfSg; Fri, 6 Mar 2015 14:50:44 -0500 (EST)
Received: from carter-zimmerman.suchdamage.org (c-50-177-26-195.hsd1.ma.comcast.net [50.177.26.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS; Fri, 6 Mar 2015 14:50:44 -0500 (EST)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 81EC982834; Fri, 6 Mar 2015 14:51:36 -0500 (EST)
From: Sam Hartman <hartmans@painless-security.com>
To: Alejandro Perez Mendez <alex@um.es>
References: <54EF26A3.6040502@um.es>
Date: Fri, 06 Mar 2015 14:51:36 -0500
In-Reply-To: <54EF26A3.6040502@um.es> (Alejandro Perez Mendez's message of "Thu, 26 Feb 2015 14:58:59 +0100")
Message-ID: <tsld24llx9z.fsf@mit.edu>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/radext/Es02Gmb5jOluA283MBcw396v2HE>
Cc: "radext@ietf.org" <radext@ietf.org>
Subject: Re: [radext] Review of draft-ietf-radext-bigger-packets-02.txt
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Mar 2015 19:52:19 -0000
Hi. I'm about to upload a new version that includes all your fixes except: 2. Abstract and Introduction. I'm not convinced that the reason of having new use cases where more than 4096 bytes are required in RADIUS is motivated only by RFC6614. Other security mechanisms such as IPsec or a trusted network would be enough to motivate use cases such as those described in ABFAB and/or in the aaa-saml draft. In our RADIUS fragmentation draft we mention ABFAB as the motivation. We're not in agreement on this change. >From my standpoint RADIUS made sense for ABFAb because of RADSEC. IPsec is really hard to use for this sort of security and I don't believe in trusted networks:-) I'd appreciate additional comments from the WG on this issue. I appreciate your detailed review and thanks for all the great help. I think I've resolved the other points; several important catches in your comments. --Sam
- [radext] Review of draft-ietf-radext-bigger-packe… Alejandro Perez Mendez
- Re: [radext] Review of draft-ietf-radext-bigger-p… Alan DeKok
- Re: [radext] Review of draft-ietf-radext-bigger-p… Alejandro Perez Mendez
- Re: [radext] Review of draft-ietf-radext-bigger-p… Sam Hartman
- Re: [radext] Review of draft-ietf-radext-bigger-p… Alejandro Perez Mendez
- Re: [radext] Review of draft-ietf-radext-bigger-p… Sam Hartman