Re: [radext] #153: Section 2.8 Access-Info
<lionel.morand@orange.com> Wed, 05 June 2013 07:54 UTC
Return-Path: <lionel.morand@orange.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44BEF21F9A56 for <radext@ietfa.amsl.com>; Wed, 5 Jun 2013 00:54:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lTgZ4Xl976pe for <radext@ietfa.amsl.com>; Wed, 5 Jun 2013 00:54:06 -0700 (PDT)
Received: from relais-inet.francetelecom.com (relais-ias92.francetelecom.com [193.251.215.92]) by ietfa.amsl.com (Postfix) with ESMTP id D785821F9A2A for <radext@ietf.org>; Wed, 5 Jun 2013 00:53:59 -0700 (PDT)
Received: from omfedm08.si.francetelecom.fr (unknown [xx.xx.xx.4]) by omfedm14.si.francetelecom.fr (ESMTP service) with ESMTP id 38E5522C588; Wed, 5 Jun 2013 09:53:58 +0200 (CEST)
Received: from Exchangemail-eme1.itn.ftgroup (unknown [10.114.1.186]) by omfedm08.si.francetelecom.fr (ESMTP service) with ESMTP id 1849D238056; Wed, 5 Jun 2013 09:53:58 +0200 (CEST)
Received: from PEXCVZYM13.corporate.adroot.infra.ftgroup ([fe80::cc7e:e40b:42ef:164e]) by PEXCVZYH01.corporate.adroot.infra.ftgroup ([::1]) with mapi id 14.02.0328.009; Wed, 5 Jun 2013 09:53:57 +0200
From: lionel.morand@orange.com
To: "radext@ietf.org" <radext@ietf.org>, "draft-ietf-radext-ieee802ext@tools.ietf.org" <draft-ietf-radext-ieee802ext@tools.ietf.org>, "bernard_aboba@hotmail.com" <bernard_aboba@hotmail.com>
Thread-Topic: [radext] #153: Section 2.8 Access-Info
Thread-Index: AQHOSRufoRQbKm/tMkuHCkJO0q/VoZkm5kzg
Date: Wed, 05 Jun 2013 07:53:56 +0000
Message-ID: <27657_1370418838_51AEEE96_27657_5798_1_6B7134B31289DC4FAF731D844122B36E1FB0BA@PEXCVZYM13.corporate.adroot.infra.ftgroup>
References: <066.e99973544c7878635851fd28a6cf5689@trac.tools.ietf.org>
In-Reply-To: <066.e99973544c7878635851fd28a6cf5689@trac.tools.ietf.org>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.197.38.3]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-PMX-Version: 5.6.1.2065439, Antispam-Engine: 2.7.2.376379, Antispam-Data: 2013.6.5.34520
Subject: Re: [radext] #153: Section 2.8 Access-Info
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/radext>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jun 2013 07:54:10 -0000
I'm not sure to understand this point. As per section 10.1 in 802.1X, the access status indication is consecutive to an authentication procedure in any case. So my assumption is that this status is valid for the duration of the session. If any change is required, you need to restart a session. Except if I have missed something... Regards, Lionel -----Message d'origine----- De : radext-bounces@ietf.org [mailto:radext-bounces@ietf.org] De la part de radext issue tracker Envoyé : dimanche 5 mai 2013 00:52 À : draft-ietf-radext-ieee802ext@tools.ietf.org; bernard_aboba@hotmail.com Cc : radext@ietf.org Objet : [radext] #153: Section 2.8 Access-Info #153: Section 2.8 Access-Info The Access-Info Attribute is utilized by implementations of IEEE-802.1X [IEEE-802.1X] to specify the Access status information field within an Access Information Type Length Value Tuple (TLV) to be sent to the user within MACsec Key Agreement (MKA) or EAPoL- Announcement frames. A single Access-Info Attribute is permitted within a RADIUS Access-Accept, Access-Challenge, Access-Reject or Accounting- Request packet. [BA] The above paragraph seems to imply that the Access-Info Attribute could cause the Access status information to change during and after authentication. It is unclear how supplicants would respond to such a change. For example, the potential response to a change in MKA (which is authenticated) could be quite different from a change in an EAPoL- Announcement frame (which is not). As a result, the desired behavior is unclear. -- -------------------------------------+------------------------------------- Reporter: | Owner: draft-ietf-radext- bernard_aboba@hotmail.com | ieee802ext@tools.ietf.org Type: defect | Status: new Priority: critical | Milestone: milestone1 Component: ieee802ext | Version: 1.0 Severity: In WG Last Call | Keywords: -------------------------------------+------------------------------------- Ticket URL: <http://wiki.tools.ietf.org/wg/radext/trac/ticket/153> radext <http://tools.ietf.org/radext/> _______________________________________________ radext mailing list radext@ietf.org https://www.ietf.org/mailman/listinfo/radext _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, France Telecom - Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, France Telecom - Orange is not liable for messages that have been modified, changed or falsified. Thank you.
- [radext] #153: Section 2.8 Access-Info radext issue tracker
- Re: [radext] #153: Section 2.8 Access-Info Joseph Salowey (jsalowey)
- Re: [radext] #153: Section 2.8 Access-Info lionel.morand
- Re: [radext] #153: Section 2.8 Access-Info Bernard Aboba
- Re: [radext] #153: Section 2.8 Access-Info lionel.morand
- Re: [radext] #153: Section 2.8 Access-Info Bernard Aboba
- Re: [radext] #153: Section 2.8 Access-Info radext issue tracker
- Re: [radext] #153: Section 2.8 Access-Info radext issue tracker
- Re: [radext] #153: Section 2.8 Access-Info Joseph Salowey (jsalowey)
- Re: [radext] #153: Section 2.8 Access-Info radext issue tracker
- Re: [radext] #153: Section 2.8 Access-Info radext issue tracker
- Re: [radext] #153: Section 2.8 Access-Info Bernard Aboba
- Re: [radext] #153: Section 2.8 Access-Info Joseph Salowey (jsalowey)
- Re: [radext] #153: Section 2.8 Access-Info radext issue tracker
- Re: [radext] #153: Section 2.8 Access-Info radext issue tracker
- Re: [radext] #153: Section 2.8 Access-Info radext issue tracker
- Re: [radext] #153: Section 2.8 Access-Info Joseph Salowey (jsalowey)
- Re: [radext] #153: Section 2.8 Access-Info radext issue tracker