RE: Last Call: draft-ietf-radext-status-server (Use of Status-Server Packets in the Remote Authentication Dial In User Service (RADIUS) Protocol) to Informational RFC
Bernard Aboba <bernard_aboba@hotmail.com> Tue, 16 March 2010 01:16 UTC
Return-Path: <owner-radiusext@ops.ietf.org>
X-Original-To: ietfarch-radext-archive-IeZ9sae2@core3.amsl.com
Delivered-To: ietfarch-radext-archive-IeZ9sae2@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 589D63A6807 for <ietfarch-radext-archive-IeZ9sae2@core3.amsl.com>; Mon, 15 Mar 2010 18:16:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.787
X-Spam-Level:
X-Spam-Status: No, score=-0.787 tagged_above=-999 required=5 tests=[AWL=-0.293, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, HTML_MESSAGE=0.001, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nf8eJlk3UZ2G for <ietfarch-radext-archive-IeZ9sae2@core3.amsl.com>; Mon, 15 Mar 2010 18:16:37 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id BEF913A6778 for <radext-archive-IeZ9sae2@lists.ietf.org>; Mon, 15 Mar 2010 18:16:36 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.71 (FreeBSD)) (envelope-from <owner-radiusext@ops.ietf.org>) id 1NrLLb-000IIf-TE for radiusext-data0@psg.com; Tue, 16 Mar 2010 01:13:27 +0000
Received: from [65.55.111.78] (helo=blu0-omc2-s3.blu0.hotmail.com) by psg.com with esmtp (Exim 4.71 (FreeBSD)) (envelope-from <bernard_aboba@hotmail.com>) id 1NrLLY-000IIA-U1 for radiusext@ops.ietf.org; Tue, 16 Mar 2010 01:13:25 +0000
Received: from BLU137-W7 ([65.55.111.72]) by blu0-omc2-s3.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 15 Mar 2010 18:13:24 -0700
Message-ID: <BLU137-W77528576E419A476C15AB932D0@phx.gbl>
Content-Type: multipart/alternative; boundary="_b857c37d-a77c-42ee-a748-36db7f90be31_"
X-Originating-IP: [166.217.88.176]
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: ietf@ietf.org, ietf-announce@ietf.org
CC: "radiusext@ops.ietf.org" <radiusext@ops.ietf.org>
Subject: RE: Last Call: draft-ietf-radext-status-server (Use of Status-Server Packets in the Remote Authentication Dial In User Service (RADIUS) Protocol) to Informational RFC
Date: Mon, 15 Mar 2010 18:13:24 -0700
Importance: Normal
In-Reply-To: <20100315194232.AC7A93A69BE@core3.amsl.com>
References: <20100315194232.AC7A93A69BE@core3.amsl.com>
MIME-Version: 1.0
X-OriginalArrivalTime: 16 Mar 2010 01:13:24.0286 (UTC) FILETIME=[E02835E0:01CAC4A5]
Sender: owner-radiusext@ops.ietf.org
Precedence: bulk
List-ID: <radiusext.ops.ietf.org>
An editorial comment on Section 2. Section 2 Status-Server packets are sent by a RADIUS client to a RADIUS server in order to test the status of that server. A Message-Authenticator attribute MUST be included so as to provide per-packet authentication and integrity protection. A single Status-Server packet MUST be included within a UDP datagram. RADIUS proxies MUST NOT forward Status-Server packets. Since a Status-Server packet MUST NOT be forwarded by a RADIUS proxy or server, the destination of a Status-Server packet is set to the IP address of the server which is being tested. As a result, the client is provided with an indication of the status of that server only, since no RADIUS proxies are on the path between the RADIUS client and server. Since servers respond to a Status-Server packet without examining the User-Name attribute, the response to a Status-Server packet cannot be used to infer any information about the reachability of specific realms. A RADIUS server or proxy implementing this specification SHOULD respond to a Status-Server packet with an Access-Accept (authentication port) or Accounting-Message (accounting port). An Access-Challenge response is NOT RECOMMENDED. An Access-Reject response MAY be used. The list of attributes that are permitted in Status-Server and Access-Accept packets responding to Status-Server packets are provided in the Section 6. [BA] These three paragraphs are a bit disjoint. Recommend changing it to the following: Status-Server packets are sent by a RADIUS client to a RADIUS server in order to test the status of that server. The destination of a Status-Server packet is set to the IP address of the server that is being tested. A single Status-Server packet MUST be included within a UDP datagram. A Message-Authenticator attribute MUST be included so as to provide per-packet authentication and integrity protection. RADIUS proxies or servers MUST NOT forward Status-Server packets. A RADIUS server or proxy implementing this specification SHOULD respond to a Status-Server packet with an Access-Accept (authentication port) or Accounting-Response (accounting port). An Access-Challenge response is NOT RECOMMENDED. An Access-Reject response MAY be used. The list of attributes that are permitted in Status-Server and Access-Accept packets responding to Status-Server packets are provided in the Section 6. Since a Status-Server packet MUST NOT be forwarded by a RADIUS proxy or server, the client is provided with an indication of the status of that server only, since no RADIUS proxies are on the path between the RADIUS client and server. Since servers respond to a Status-Server packet without examining the User-Name attribute, the response to a Status-Server packet cannot be used to infer any information about the reachability of specific realms. > To: ietf-announce@ietf.org > From: iesg-secretary@ietf.org > CC: radiusext@ops.ietf.org > Subject: Last Call: draft-ietf-radext-status-server (Use of Status-Server Packets in the Remote Authentication Dial In User Service (RADIUS) Protocol) to Informational RFC > Date: Mon, 15 Mar 2010 12:42:32 -0700 > > The IESG has received a request from the RADIUS EXTensions WG (radext) to > consider the following document: > > - 'Use of Status-Server Packets in the Remote Authentication Dial In User > Service (RADIUS) Protocol ' > <draft-ietf-radext-status-server-06.txt> as an Informational RFC > > The IESG plans to make a decision in the next few weeks, and solicits > final comments on this action. Please send substantive comments to the > ietf@ietf.org mailing lists by 2010-03-29. Exceptionally, > comments may be sent to iesg@ietf.org instead. In either case, please > retain the beginning of the Subject line to allow automated sorting. > > The file can be obtained via > http://www.ietf.org/internet-drafts/draft-ietf-radext-status-server-06.txt > > > IESG discussion can be tracked via > https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=17334&rfc_flag=0 > > > -- > to unsubscribe send a message to radiusext-request@ops.ietf.org with > the word 'unsubscribe' in a single line as the message text body. > archive: <http://psg.com/lists/radiusext/>