IETF Logo Mail Archive

Re: [radext] Review of draft-ietf-radext-bigger-packets-02.txt

Sam Hartman <hartmans@painless-security.com> Fri, 06 March 2015 19:52 UTC

Return-Path: <hartmans@painless-security.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F387D1A6FF2 for <radext@ietfa.amsl.com>; Fri, 6 Mar 2015 11:52:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XwflBzWEtM5E for <radext@ietfa.amsl.com>; Fri, 6 Mar 2015 11:52:12 -0800 (PST)
Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 659151A1EE8 for <radext@ietf.org>; Fri, 6 Mar 2015 11:52:12 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.painless-security.com (Postfix) with ESMTP id C41E520652; Fri, 6 Mar 2015 14:50:44 -0500 (EST)
Received: from mail.painless-security.com ([127.0.0.1]) by localhost (mail.suchdamage.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F4oKojfPTfSg; Fri, 6 Mar 2015 14:50:44 -0500 (EST)
Received: from carter-zimmerman.suchdamage.org (c-50-177-26-195.hsd1.ma.comcast.net [50.177.26.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS; Fri, 6 Mar 2015 14:50:44 -0500 (EST)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 81EC982834; Fri, 6 Mar 2015 14:51:36 -0500 (EST)
From: Sam Hartman <hartmans@painless-security.com>
To: Alejandro Perez Mendez <alex@um.es>
References: <54EF26A3.6040502@um.es>
Date: Fri, 06 Mar 2015 14:51:36 -0500
In-Reply-To: <54EF26A3.6040502@um.es> (Alejandro Perez Mendez's message of "Thu, 26 Feb 2015 14:58:59 +0100")
Message-ID: <tsld24llx9z.fsf@mit.edu>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/radext/Es02Gmb5jOluA283MBcw396v2HE>
Cc: "radext@ietf.org" <radext@ietf.org>
Subject: Re: [radext] Review of draft-ietf-radext-bigger-packets-02.txt
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Mar 2015 19:52:19 -0000

Hi.
I'm about to upload a new version that includes all your fixes except:

   2. Abstract and Introduction. I'm not convinced that the reason of
   having new use cases where more than 4096 bytes are required in RADIUS
   is motivated only by RFC6614. Other security mechanisms such as IPsec
   or a trusted network would be enough to motivate use cases such as
   those described in ABFAB and/or in the aaa-saml draft. In our RADIUS
   fragmentation draft we mention ABFAB as the motivation.

We're not in agreement on this change.
>From my standpoint RADIUS made sense for ABFAb because of RADSEC.
IPsec is really hard to use for this sort of security and I don't
believe in trusted networks:-)

I'd appreciate additional comments from the WG on this issue.

I appreciate your detailed review and thanks for all the great help.  I
think I've resolved the other points; several important catches in your
comments.

--Sam

v2.23.0 | Report a Bug | By Email