Re: [radext] [Emu] EAP Erratum 6154 on RFC 3579:
Bernard Aboba <bernard.aboba@gmail.com> Fri, 01 April 2022 05:17 UTC
Return-Path: <bernard.aboba@gmail.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26B113A1352; Thu, 31 Mar 2022 22:17:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KGQVF0pzzAOM; Thu, 31 Mar 2022 22:17:05 -0700 (PDT)
Received: from mail-ua1-x92d.google.com (mail-ua1-x92d.google.com [IPv6:2607:f8b0:4864:20::92d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CAD953A12FC; Thu, 31 Mar 2022 22:17:04 -0700 (PDT)
Received: by mail-ua1-x92d.google.com with SMTP id a20so710355uaq.11; Thu, 31 Mar 2022 22:17:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=g04wguVqnefZcbRv0o1YS8X2i5J5KeHaR6zu+dM4/Y0=; b=QwLoXXNb9DCnMmzLiRhT32QR1PKm0ERF4zsuot7cXWXf9bmW4wToTgLY+mHiBP4juq xqVxaxoQm87XbOvwwmpEWXq1GJfhLiDFjQMq0CWgxI7BoZPNeRrjiswYDd6+XF5MMGWN zKhgL3rEmwiuEfR5i8NairiCjmd1Z1EGTW2WyPA2dO/9/jjCjqI3V9ScP5Y3mWaCeZ7I +WHHcfKMZwNkG3E+et7HFQN/1Lxg6us2/g9dDibwDukQdN9VoxBZlJhiYwpIn2rqIEPL aGnxqkaH6dytESt9i+gwd9fwjVg/0g8ncodXQLfKcxWIHAnrZHjaFFFLYC6qV8xGmXEO SpuQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=g04wguVqnefZcbRv0o1YS8X2i5J5KeHaR6zu+dM4/Y0=; b=Rp2yKrGW1JsXE5eduuWHUBdtl82A+9z1Rmub2qfDiZqHYKkScnl++0d+uxNdEP3bnF KJViXz5vkebju8vFjtozozkt/HzMaobZwiBQtA6hnV/jtOkQhnwoUB98OATmokTtzzIS Jqv0b5M2ExuMsW8FHHq4LV1ZwINQlcs5BTA03ctbBfqNZo/BFbkDKuSFaajscmS4+BPX Dh1VegjO9aPy4+n4YEQHy2pmlrOofig8lYfi1Blds5EDqM7h9TFt54zSVQS7hun/bbwM s8ya/ZoJ+LPKnUQvmlDeyJwVXj8sft1p/7I+ALRhlyusVeQ+C+oGaPHWlM7el2ty8v8Y GabA==
X-Gm-Message-State: AOAM532aBZ1Ung7pImgqmRvuF2XR9MPMsp8fk2AkOy+Sgjq9EUwV8Gtf lceBIOQ3PR8cRas9Xuv9ElspoAw3M02YP2L5xZBPNH7A
X-Google-Smtp-Source: ABdhPJwB1o5tOwsbC8pL1w3FjTqojmWu/33hLTEAvyuwXtA9ZFI8JNq2METIl0nCbxwAktyd9mJ/QS5iWOHMNK8wqds=
X-Received: by 2002:ab0:2008:0:b0:352:2b3a:6bce with SMTP id v8-20020ab02008000000b003522b3a6bcemr3432716uak.19.1648790223100; Thu, 31 Mar 2022 22:17:03 -0700 (PDT)
MIME-Version: 1.0
References: <fbc6e33a-fa6a-ba2c-0840-700116a6a182@rfc-editor.org> <CAOW+2dvuh2r-qbKM0h-qohTOpCiUy_U58vi22nNiXJs4cOjUBA@mail.gmail.com> <7FEC9E12-846B-4218-8F29-F6839243B8C2@deployingradius.com> <CAOW+2dudRkygc8PPobWgUNZd7n5v6YsJGVJjRZDoM_pwvnxFOg@mail.gmail.com> <35F3907F-9EDD-45D7-B2CB-101FD02FE642@deployingradius.com> <1cab955a-1379-d191-0d44-81d2c355d231@rfc-editor.org> <fcee4ae2-5d48-697c-d92c-1d204652fb41@rfc-editor.org>
In-Reply-To: <fcee4ae2-5d48-697c-d92c-1d204652fb41@rfc-editor.org>
From: Bernard Aboba <bernard.aboba@gmail.com>
Date: Thu, 31 Mar 2022 22:16:53 -0700
Message-ID: <CAOW+2dtUV6uwP8xR2o=c7sLpykLi4j9rARXHJ1HNyr=5cSevHg@mail.gmail.com>
To: "Independent Submissions Editor (Eliot Lear)" <rfc-ise@rfc-editor.org>
Cc: Alan DeKok <aland@deployingradius.com>, radext@ietf.org, EMU WG <emu@ietf.org>, emu-ads@ietf.org
Content-Type: multipart/alternative; boundary="0000000000008e9f5805db90e34b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/It-kb1QQmYXL_ixa3N3AoJKmOcY>
Subject: Re: [radext] [Emu] EAP Erratum 6154 on RFC 3579:
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Apr 2022 05:17:09 -0000
I think the note in eid6259 is now superfluous. Can we remove it? On Thu, Mar 31, 2022 at 10:09 PM Independent Submissions Editor (Eliot Lear) <rfc-ise@rfc-editor.org> wrote: > Corrected URLs below: > > On 01.04.22 06:48, Independent Submissions Editor (Eliot Lear) wrote: > > Ok. > > > > I have edited – but not yet verified – the two errata accordingly. > > Please see: > > > > https://www.rfc-editor.org/errata/eid6154 > > https://www.rfc-editor.org/errata/eid6259 > > > > Are there any further edits that are required? > > > > Eliot (ISE) > > > > On 01.04.22 00:52, Alan DeKok wrote: > >> On Mar 31, 2022, at 4:40 PM, Bernard Aboba <bernard.aboba@gmail.com> > >> wrote: > >>> Alan suggested: > >>> " EAP-Start is indicated by sending an EAP-Message attribute with a > >>> length of 3. The single byte of data SHOULD be set to zero on > >>> transmission and MUST be ignored on receipt. RADIUS clients > >>> MUST NOT > >>> send EAP-Message attributes of length 2, as attributes with no > >>> value > >>> are not permitted in RADIUS. However, for historical reasons > >>> and for > >>> compatibility with existing practice, RADIUS servers MUST accept > >>> EAP-Messages > >>> of length 2, and treat them as EAP-Start. > >>> > >>> Just checking the source I have locally, the server accepts > >>> zero-length EAP-Message (or any other text/string attribute, for > >>> that matter). So that's fine." > >>> > >>> [BA] This suggested errata text looks good. > >> Thanks. > >> > >>> [BA] This text is better. The implicit assumption here is that the > >>> NAS is sending an EAP-Request with a locally implemented EAP type, > >>> without talking to the RADIUS server. Of course, the same thing > >>> could happen if the RADIUS server uses an inappropriate default > >>> type. So perhaps this might work: > >>> > >>> " Where the initial EAP-Request sent by the NAS is for an > >>> authentication Type (4 or greater), the peer MAY respond with a Nak > >>> indicating that it would prefer another authentication method. In > >>> this > >>> case, the NAS should send an Access-Request encapsulating the > >>> received EAP-Response/Nak. This allows a peer to suggest another > >>> EAP method where the NAS is configured to send a default EAP > >>> type (such as MD5-Challenge) which may not be appropriate." > >> That looks good to me, thanks. > >> > >> Alan DeKok. > >> > > > > _______________________________________________ > > Emu mailing list > > Emu@ietf.org > > https://www.ietf.org/mailman/listinfo/emu > > >
- Re: [radext] EAP Erratum 6154 on RFC 3579: Bernard Aboba
- Re: [radext] [Emu] EAP Erratum 6154 on RFC 3579: Alan DeKok
- Re: [radext] [Emu] EAP Erratum 6154 on RFC 3579: Bernard Aboba
- Re: [radext] [Emu] EAP Erratum 6154 on RFC 3579: Alan DeKok
- Re: [radext] [Emu] EAP Erratum 6154 on RFC 3579: Independent Submissions Editor (Eliot Lear)
- Re: [radext] [Emu] EAP Erratum 6154 on RFC 3579: Independent Submissions Editor (Eliot Lear)
- Re: [radext] [Emu] EAP Erratum 6154 on RFC 3579: Bernard Aboba
- Re: [radext] [Emu] EAP Erratum 6154 on RFC 3579: Alan DeKok
- Re: [radext] [Emu] EAP Erratum 6154 on RFC 3579: Independent Submissions Editor (Eliot Lear)
- Re: [radext] [Emu] EAP Erratum 6154 on RFC 3579: Eliot Lear
- Re: [radext] [Emu] EAP Erratum 6154 on RFC 3579: Alan DeKok
- Re: [radext] [Emu] EAP Erratum 6154 on RFC 3579: Oleg Pekar