[radext] #99: AD Review of RADIUS Crypto-Agility Requirements
"radext issue tracker" <trac+radext@zinfandel.tools.ietf.org> Wed, 01 June 2011 00:10 UTC
Return-Path: <owner-radiusext@ops.ietf.org>
X-Original-To: ietfarch-radext-archive-IeZ9sae2@ietfa.amsl.com
Delivered-To: ietfarch-radext-archive-IeZ9sae2@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0714E0908 for <ietfarch-radext-archive-IeZ9sae2@ietfa.amsl.com>; Tue, 31 May 2011 17:10:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.6
X-Spam-Level:
X-Spam-Status: No, score=-102.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MDFGiABfp7LB for <ietfarch-radext-archive-IeZ9sae2@ietfa.amsl.com>; Tue, 31 May 2011 17:10:29 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by ietfa.amsl.com (Postfix) with ESMTP id ECAC7E08C9 for <radext-archive-IeZ9sae2@lists.ietf.org>; Tue, 31 May 2011 17:10:21 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.76 (FreeBSD)) (envelope-from <owner-radiusext@ops.ietf.org>) id 1QRYwP-0003ZG-Jb for radiusext-data0@psg.com; Wed, 01 Jun 2011 00:05:44 +0000
Received: from zinfandel.tools.ietf.org ([2001:1890:1112:1::2a]) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76 (FreeBSD)) (envelope-from <trac+radext@trac.tools.ietf.org>) id 1QRYwF-0003Z3-R2 for radiusext@ops.ietf.org; Wed, 01 Jun 2011 00:05:32 +0000
Received: from localhost ([::1] helo=zinfandel.tools.ietf.org) by zinfandel.tools.ietf.org with esmtp (Exim 4.75) (envelope-from <trac+radext@trac.tools.ietf.org>) id 1QRYwA-0005HN-Nb; Tue, 31 May 2011 17:05:26 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: radext issue tracker <trac+radext@zinfandel.tools.ietf.org>
X-Trac-Version: 0.11.7
Cc: radiusext@ops.ietf.org
Auto-Submitted: auto-generated
X-Mailer: Trac 0.11.7, by Edgewall Software
To: dromasca@avaya.com
X-Trac-Project: radext
Date: Wed, 01 Jun 2011 00:05:26 -0000
Reply-To: radiusext@ops.ietf.org
X-URL: http://tools.ietf.org/radext/
Subject: [radext] #99: AD Review of RADIUS Crypto-Agility Requirements
X-Trac-Ticket-URL: https://wiki.tools.ietf.org/wg/radext/trac/ticket/99
Message-ID: <059.188ec2e19b4809635aafabbaffc6355c@trac.tools.ietf.org>
X-Trac-Ticket-ID: 99
X-SA-Exim-Connect-IP: ::1
X-SA-Exim-Rcpt-To: dromasca@avaya.com, radiusext@ops.ietf.org
X-SA-Exim-Mail-From: trac+radext@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on zinfandel.tools.ietf.org); SAEximRunCond expanded to false
Sender: owner-radiusext@ops.ietf.org
Precedence: bulk
List-ID: <radiusext.ops.ietf.org>
#99: AD Review of RADIUS Crypto-Agility Requirements
Hi,
This is the AD review of
draft-ietf-radext-crypto-agility-requirements-06.txt. The document is in
good shape. Because of the relative broad applicability and security
impact of the document, I will send it to IETF Last Call, although as a
WG document targetting Informational status this would not have been
mandatory. I have a number of comments and questions which I request to
be taken into consideration together with the other IETF LC comments.
The technical comments are marked T and the Editorial comments are
marked E.
T1. I am a little concerned by the fact that the second paragraph of
section 1.2 speaks in terms of 'compliance', 'unconditional compliance'
and 'conditional compliance' with 'this specification' which is actually
an Informational document. Is this really needed? We tend to avoid such
strict language in IETF documents.
T2. In section 4.2 I see the following:
Guidance on acceptable algorithms can be found in [NIST-SP800-131A];
it is RECOMMENDED that mandatory-to-implement cryptographic
algorithms be chosen from among those classified as "Acceptable" with
no known deprecation date.
I acknowledge that the NIST document is rather new, but such documents
have a timely nature by definition and may change faster than we want
this RFC to change. I would suggest to include at least a note saying
that if [NIST-SP800-131A] its successors need to be taken as reference.
Or, if we do not want to assume the risk of a blank check we should
observe that this recommendation is valid at the time of the publication
of this document.
T3. Also in section 4.2 I see the following:
In addition to the goals referred to above, [RFC4962] Section 2
describes additional security requirements, which translate into the
following requirements for RADIUS crypto-agility solutions:
It may be my understanding but I could not find in section 2 of
[RFC4962] the requirements that translate into 'strong, fresh, session
key' and 'Limit key scope'. Can you explain me what I am missing?
E1. Idnits complains:
== You're using the IETF Trust Provisions' Section 6.b License Notice
from
12 Sep 2009 rather than the newer Notice from 28 Dec 2009. (See
http://trustee.ietf.org/license-info/)
E2. I am wondering what the scope of section 1.3 is. Maybe it's my
English, but why is the section named 'The Charge'? Do you mean 'Scope'?
It looks to me that dropping this section or making it (or a shorter
version) part of Section 1.4 as background information would be better.
E3. Page 5, second paragraph s/can selected/can be selected/
Thanks and Regards,
Dan
--
-----------------------------------+----------------------------------------
Reporter: dromasca@… | Owner:
Type: defect | Status: new
Priority: major | Milestone: milestone1
Component: Crypto-Agility | Version: 1.0
Severity: Submitted WG Document | Keywords:
-----------------------------------+----------------------------------------
Ticket URL: <https://wiki.tools.ietf.org/wg/radext/trac/ticket/99>
radext <http://tools.ietf.org/radext/>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data0@psg.com
Delivery-date: Tue, 31 May 2011 17:48:48 +0000
Message-ID: <BLU152-w48D59FC933D6C1610C74C0937A0@phx.gbl>
Content-Type: multipart/alternative; boundary="_55761cc7-1773-4e04-b789-710905b549e7_"
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: "dromasca@avaya.com" <dromasca@avaya.com>, "radiusext@ops.ietf.org" <radiusext@ops.ietf.org>
Subject: RE: AD review of draft-ietf-radext-crypto-agility-requirements-06.txt
Date: Tue, 31 May 2011 10:47:52 -0700
MIME-Version: 1.0
--_55761cc7-1773-4e04-b789-710905b549e7_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
> T1. I am a little concerned by the fact that the second paragraph of
> section 1.2 speaks in terms of 'compliance'=2C 'unconditional compliance'
> and 'conditional compliance' with 'this specification' which is actually
> an Informational document. Is this really needed? We tend to avoid such
> strict language in IETF documents.=20
[BA] This language appears to be boilerplate in AAA requirements RFCs and B=
CPs (see RFC 2989 Section 1.1=2C RFC 4962 Section 1.1=2C etc.)
=20
> T3. Also in section 4.2 I see the following:=20
>=20
> In addition to the goals referred to above=2C [RFC4962] Section 2
> describes additional security requirements=2C which translate into the
> following requirements for RADIUS crypto-agility solutions:
>=20
> It may be my understanding but I could not find in section 2 of
> [RFC4962] the requirements that translate into 'strong=2C fresh=2C sessio=
n
> key' and 'Limit key scope'. Can you explain me what I am missing?=20
[BA] Looks like a typo -- should this refer to Section 3?
=
--_55761cc7-1773-4e04-b789-710905b549e7_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<style><!--
.hmmessage P
{
margin:0px=3B
padding:0px
}
body.hmmessage
{
font-size: 10pt=3B
font-family:Tahoma
}
--></style>
</head>
<body class=3D'hmmessage'>
<br>>=3B T1. I am a little concerned by the fact that the second paragrap=
h of<br>>=3B section 1.2 speaks in terms of 'compliance'=2C 'unconditiona=
l compliance'<br>>=3B and 'conditional compliance' with 'this specificati=
on' which is actually<br>>=3B an Informational document. Is this really n=
eeded? We tend to avoid such<br>>=3B strict language in IETF documents. <=
br><br>[BA] This language appears to be boilerplate in AAA requirements RFC=
s and BCPs (see RFC 2989 Section 1.1=2C RFC 4962 Section 1.1=2C etc.)<br>&n=
bsp=3B<br>>=3B T3. Also in section 4.2 I see the following: <br>>=3B <b=
r>>=3B In addition to the goals referred to above=2C [RFC4962] Section=
2<br>>=3B describes additional security requirements=2C which transla=
te into the<br>>=3B following requirements for RADIUS crypto-agility s=
olutions:<br>>=3B <br>>=3B It may be my understanding but I could not f=
ind in section 2 of<br>>=3B [RFC4962] the requirements that translate int=
o 'strong=2C fresh=2C session<br>>=3B key' and 'Limit key scope'. Can you=
explain me what I am missing? <br><br>[BA] Looks like a typo -- should thi=
s refer to Section 3?<br><br><br> </body>
</html>=
--_55761cc7-1773-4e04-b789-710905b549e7_--
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data0@psg.com
Delivery-date: Tue, 31 May 2011 15:15:55 +0000
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: Last Call: <draft-ietf-radext-crypto-agility-requirements-06.txt> (Crypto-Agility Requirements for Remote Dial-In User Service (RADIUS)) to Informational RFC
CC: <radiusext@ops.ietf.org>
Reply-To: ietf@ietf.org
Message-ID: <20110531151518.28181.55204.idtracker@ietfa.amsl.com>
Date: Tue, 31 May 2011 08:15:18 -0700
The IESG has received a request from the RADIUS EXTensions WG (radext) to
consider the following document:
- 'Crypto-Agility Requirements for Remote Dial-In User Service (RADIUS)'
<draft-ietf-radext-crypto-agility-requirements-06.txt> as an
Informational RFC
The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2011-06-14. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.
Abstract
This memo describes the requirements for a crypto-agility solution
for Remote Authentication Dial-In User Service (RADIUS).
The file can be obtained via
http://datatracker.ietf.org/doc/draft-ietf-radext-crypto-agility-requirements/
IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-ietf-radext-crypto-agility-requirements/
No IPR declarations have been submitted directly on this I-D.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data0@psg.com
Delivery-date: Tue, 31 May 2011 14:23:49 +0000
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: AD review of draft-ietf-radext-crypto-agility-requirements-06.txt
Date: Tue, 31 May 2011 16:20:59 +0200
Message-ID: <EDC652A26FB23C4EB6384A4584434A04032BCE1C@307622ANEX5.global.avaya.com>
Thread-Topic: AD review of draft-ietf-radext-crypto-agility-requirements-06.txt
Thread-Index: AcwfnfbiXoVuHvf9SGKKcyufKR9JBQ==
From: "Romascanu, Dan (Dan)" <dromasca@avaya.com>
To: "radext mailing list" <radiusext@ops.ietf.org>
Hi,=20
This is the AD review of
draft-ietf-radext-crypto-agility-requirements-06.txt. The document is in
good shape. Because of the relative broad applicability and security
impact of the document, I will send it to IETF Last Call, although as a
WG document targetting Informational status this would not have been
mandatory. I have a number of comments and questions which I request to
be taken into consideration together with the other IETF LC comments.=20
The technical comments are marked T and the Editorial comments are
marked E.=20
T1. I am a little concerned by the fact that the second paragraph of
section 1.2 speaks in terms of 'compliance', 'unconditional compliance'
and 'conditional compliance' with 'this specification' which is actually
an Informational document. Is this really needed? We tend to avoid such
strict language in IETF documents.=20
T2. In section 4.2 I see the following:
Guidance on acceptable algorithms can be found in [NIST-SP800-131A];
it is RECOMMENDED that mandatory-to-implement cryptographic
algorithms be chosen from among those classified as "Acceptable" with
no known deprecation date.=20
I acknowledge that the NIST document is rather new, but such documents
have a timely nature by definition and may change faster than we want
this RFC to change. I would suggest to include at least a note saying
that if [NIST-SP800-131A] its successors need to be taken as reference.
Or, if we do not want to assume the risk of a blank check we should
observe that this recommendation is valid at the time of the publication
of this document.=20
T3. Also in section 4.2 I see the following:=20
In addition to the goals referred to above, [RFC4962] Section 2
describes additional security requirements, which translate into the
following requirements for RADIUS crypto-agility solutions:
It may be my understanding but I could not find in section 2 of
[RFC4962] the requirements that translate into 'strong, fresh, session
key' and 'Limit key scope'. Can you explain me what I am missing?=20
E1. Idnits complains:=20
=3D=3D You're using the IETF Trust Provisions' Section 6.b License =
Notice
from
12 Sep 2009 rather than the newer Notice from 28 Dec 2009. (See
http://trustee.ietf.org/license-info/)
E2. I am wondering what the scope of section 1.3 is. Maybe it's my
English, but why is the section named 'The Charge'? Do you mean 'Scope'?
It looks to me that dropping this section or making it (or a shorter
version) part of Section 1.4 as background information would be better.=20
E3. Page 5, second paragraph s/can selected/can be selected/
Thanks and Regards,
Dan=20
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data0@psg.com
Delivery-date: Mon, 23 May 2011 09:00:27 +0000
Message-ID: <4DDA21F4.1060108@deployingradius.com>
Date: Mon, 23 May 2011 10:59:32 +0200
From: Alan DeKok <aland@deployingradius.com>
User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228)
MIME-Version: 1.0
To: Alper Yegin <alper.yegin@yegin.org>
CC: 'Stefan Winter' <stefan.winter@restena.lu>, "'Sanchez, Mauricio \(HP Networking\)'" <mauricio.sanchez@hp.com>, radiusext@ops.ietf.org
Subject: Re: Final call for consensus poll for IANA #409959 NAS-Port-Type value request
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Alper Yegin wrote:
> Historically, the NAS-port-type is associated with the L1/L2 port over
> which the “access” service is provided. But with the new use of RADIUS,
> this view is no longer applicable.
I'm not sure how the second sentence follows from the first.
> Again, consider a Mobile IP Home
> Agent node implementing RADIUS client for AAAing the MN’s registration
> requests. The L1/L2 port that receives the MN registration request has
> no significance, and it can be one of many types. Here, our thinking is,
> the “logical” port is the “Mobile IP Home Agent”, and that has nothing
> to do with the L1/L2 port.
Then how do we refer to the L1/L2 port? Or is it even relevant?
RFC 2865 says:
An Access-Request SHOULD contain a NAS-Port or NAS-Port-Type
attribute or both unless the type of access being requested does
not involve a port or the NAS does not distinguish among its
ports.
So if the service being offered (Mobile IP) does not involve a port,
then the *standard* RADIUS solution is to not use NAS-Port-Type.
Instead, something else can be used. Possibly Service-Type, or maybe
another attribute.
This has been done for ~15 years with administrative logins. The
administative login request contains "Service-Type = Administrative",
and often *no* NAS-Port-Type.
Alan DeKok.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data0@psg.com
Delivery-date: Mon, 23 May 2011 00:55:59 +0000
From: "Alper Yegin" <alper.yegin@yegin.org>
To: "'Alper Yegin'" <alper.yegin@yegin.org>, "'Stefan Winter'" <stefan.winter@restena.lu>, "'Sanchez, Mauricio \(HP Networking\)'" <mauricio.sanchez@hp.com>
Cc: <radiusext@ops.ietf.org>
Subject: RE: Final call for consensus poll for IANA #409959 NAS-Port-Type value request
Date: Mon, 23 May 2011 03:54:26 +0300
Message-ID: <001201cc18e3$faf75de0$f0e619a0$@yegin@yegin.org>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0013_01CC18FD.204495E0"
Thread-Index: AcwVK+qQQhIZi151TGKm8fHGMqZxgQAJg9gQAORO2dA=
Content-Language: en-us
This is a multipart message in MIME format.
------=_NextPart_000_0013_01CC18FD.204495E0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
> Given that all these values are to be registered as a block, and the
majority of the proposed values have a big question mark for me, I can't
help but say No.
I think we need to get these question marks discussed before saying no.
Historically, the NAS-port-type is associated with the L1/L2 port over which
the "access" service is provided. But with the new use of RADIUS, this view
is no longer applicable. Again, consider a Mobile IP Home Agent node
implementing RADIUS client for AAAing the MN's registration requests. The
L1/L2 port that receives the MN registration request has no significance,
and it can be one of many types. Here, our thinking is, the "logical" port
is the "Mobile IP Home Agent", and that has nothing to do with the L1/L2
port.
What do people think?
Alper
From: Alper Yegin [mailto:alper.yegin@yegin.org]
Sent: Wednesday, May 18, 2011 2:58 PM
To: 'Stefan Winter'; 'Sanchez, Mauricio (HP Networking)'
Cc: 'radiusext@ops.ietf.org'
Subject: RE: Final call for consensus poll for IANA #409959 NAS-Port-Type
value request
Hello,
I see the choice of terminology is causing trouble. The terminology is
coming from WMF, and it may not very well align with the ones used in IETF.
TBD for WIMAX-HA-LMA: WiMAX HA and or LMA function.
For example, this one above is for defining the interface between the Mobile
IP HA and the AAA server for AAAing Mobile IP service. With that
explanation, does it still not qualify for a NAS-port-type?
Alper
From: owner-radiusext@ops.ietf.org [mailto:owner-radiusext@ops.ietf.org] On
Behalf Of Stefan Winter
Sent: Wednesday, May 18, 2011 10:17 AM
To: Sanchez, Mauricio (HP Networking)
Cc: 'radiusext@ops.ietf.org'
Subject: Re: Final call for consensus poll for IANA #409959 NAS-Port-Type
value request
Hello,
At this time we find ourselves with a mixed result between the in room
sentiment at IETF 80 (which was negative to allocation) and the subsequent
consensus poll (which was neutral/positive to allocation). As such, a
final consensus poll is warranted to establish rough consensus in either
direction.
Please respond to this email by May 24, 2011 with either a 'yes'
(indicating allocation should occur) or a 'no' (indicating allocation should
be denied). Please respond regardless of whether you commented at IETF 80
or to the below consensus poll.
In summary: against allocation.
In detail: My reservations against doing the WiFi Interworking are the same
as in the meeting (i.e. why is "WiMAX Wifi" different from normal WiFi,
which has a NAS-Port-Type already), but I don't care too much.
For the other types, my feeling is much stronger against allocation. As per
Avi's mail, there are
- voice service
- DHCP service
- location based service
The word "service" in these is a brightly blinking indicator that this is
not about a port type, but a service type. So allocating a NAS-*Port*-Type
here just doesn't seem to fit semantically.
There is also "WiMAX Pre-Release 8 ..." stuff. This would at best be a
temporary thing; when Release 8 is out, this NAS-Port-Type would just be a
burnt integer. I don't think that's right.
Leave alone that there are values which are a "function" - what would that
have to do with NAS-Port-Type?
Given that all these values are to be registered as a block, and the
majority of the proposed values have a big question mark for me, I can't
help but say No.
Greetings,
Stefan Winter
Nas-Port-Type values as follows:
TBD for WIMAX-3GPP-PRIF: WiMAX Pre-Release 8 IWK Function
TBD for WIMAX-WIFI-IWK: WiMAX WIFI Interworking
TBD for WIMAX-SFF: Signaling Forwarding Function for LTE/3GPP2.
TBD for WIMAX-HA-LMA: WiMAX HA and or LMA function.
TBD for WIMAX-DHCP : WIMAX DCHP service
TBD for WIMAX- LBS : WiMAX location based service
TBD for WIMAX-WVS : WiMAX voice service
------=_NextPart_000_0013_01CC18FD.204495E0
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:x=3D"urn:schemas-microsoft-com:office:excel" =
xmlns:p=3D"urn:schemas-microsoft-com:office:powerpoint" =
xmlns:a=3D"urn:schemas-microsoft-com:office:access" =
xmlns:dt=3D"uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" =
xmlns:s=3D"uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" =
xmlns:rs=3D"urn:schemas-microsoft-com:rowset" xmlns:z=3D"#RowsetSchema" =
xmlns:b=3D"urn:schemas-microsoft-com:office:publisher" =
xmlns:ss=3D"urn:schemas-microsoft-com:office:spreadsheet" =
xmlns:c=3D"urn:schemas-microsoft-com:office:component:spreadsheet" =
xmlns:odc=3D"urn:schemas-microsoft-com:office:odc" =
xmlns:oa=3D"urn:schemas-microsoft-com:office:activation" =
xmlns:html=3D"http://www.w3.org/TR/REC-html40" =
xmlns:q=3D"http://schemas.xmlsoap.org/soap/envelope/" =
xmlns:rtc=3D"http://microsoft.com/officenet/conferencing" =
xmlns:D=3D"DAV:" xmlns:Repl=3D"http://schemas.microsoft.com/repl/" =
xmlns:mt=3D"http://schemas.microsoft.com/sharepoint/soap/meetings/" =
xmlns:x2=3D"http://schemas.microsoft.com/office/excel/2003/xml" =
xmlns:ppda=3D"http://www.passport.com/NameSpace.xsd" =
xmlns:ois=3D"http://schemas.microsoft.com/sharepoint/soap/ois/" =
xmlns:dir=3D"http://schemas.microsoft.com/sharepoint/soap/directory/" =
xmlns:ds=3D"http://www.w3.org/2000/09/xmldsig#" =
xmlns:dsp=3D"http://schemas.microsoft.com/sharepoint/dsp" =
xmlns:udc=3D"http://schemas.microsoft.com/data/udc" =
xmlns:xsd=3D"http://www.w3.org/2001/XMLSchema" =
xmlns:sub=3D"http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/"=
xmlns:ec=3D"http://www.w3.org/2001/04/xmlenc#" =
xmlns:sp=3D"http://schemas.microsoft.com/sharepoint/" =
xmlns:sps=3D"http://schemas.microsoft.com/sharepoint/soap/" =
xmlns:xsi=3D"http://www.w3.org/2001/XMLSchema-instance" =
xmlns:udcs=3D"http://schemas.microsoft.com/data/udc/soap" =
xmlns:udcxf=3D"http://schemas.microsoft.com/data/udc/xmlfile" =
xmlns:udcp2p=3D"http://schemas.microsoft.com/data/udc/parttopart" =
xmlns:wf=3D"http://schemas.microsoft.com/sharepoint/soap/workflow/" =
xmlns:dsss=3D"http://schemas.microsoft.com/office/2006/digsig-setup" =
xmlns:dssi=3D"http://schemas.microsoft.com/office/2006/digsig" =
xmlns:mdssi=3D"http://schemas.openxmlformats.org/package/2006/digital-sig=
nature" =
xmlns:mver=3D"http://schemas.openxmlformats.org/markup-compatibility/2006=
" xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns:mrels=3D"http://schemas.openxmlformats.org/package/2006/relationshi=
ps" xmlns:spwp=3D"http://microsoft.com/sharepoint/webpartpages" =
xmlns:ex12t=3D"http://schemas.microsoft.com/exchange/services/2006/types"=
=
xmlns:ex12m=3D"http://schemas.microsoft.com/exchange/services/2006/messag=
es" =
xmlns:pptsl=3D"http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/=
" =
xmlns:spsl=3D"http://microsoft.com/webservices/SharePointPortalServer/Pub=
lishedLinksService" xmlns:Z=3D"urn:schemas-microsoft-com:" =
xmlns:st=3D"" xmlns=3D"http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor=3Dwhite lang=3DEN-US link=3Dblue vlink=3Dpurple>
<div class=3DSection1>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>> </span>Given that all these values are to be =
registered as
a block, and the majority of the proposed values have a big question =
mark for
me, I can't help but say No.<br>
<br>
<span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497=
D'><o:p></o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>I think we need to get these question marks discussed =
before
saying no.<o:p></o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Historically, the NAS-port-type is associated with the =
L1/L2
port over which the “access” service is provided. But with =
the new
use of RADIUS, this view is no longer applicable. Again, consider a =
Mobile IP
Home Agent node implementing RADIUS client for AAAing the MN’s
registration requests. The L1/L2 port that receives the MN registration =
request
has no significance, and it can be one of many types. Here, our thinking =
is,
the “logical” port is the “Mobile IP Home =
Agent”, and
that has nothing to do with the L1/L2 port.<o:p></o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>What do people think?<o:p></o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Alper<o:p></o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style=3D'border:none;border-left:solid blue 1.5pt;padding:0in 0in =
0in 4.0pt'>
<div>
<div style=3D'border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt =
0in 0in 0in'>
<p class=3DMsoNormal><b><span =
style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif";
color:windowtext'>From:</span></b><span =
style=3D'font-size:10.0pt;font-family:
"Tahoma","sans-serif";color:windowtext'> Alper Yegin
[mailto:alper.yegin@yegin.org] <br>
<b>Sent:</b> Wednesday, May 18, 2011 2:58 PM<br>
<b>To:</b> 'Stefan Winter'; 'Sanchez, Mauricio (HP Networking)'<br>
<b>Cc:</b> 'radiusext@ops.ietf.org'<br>
<b>Subject:</b> RE: Final call for consensus poll for IANA #409959
NAS-Port-Type value request<o:p></o:p></span></p>
</div>
</div>
<p class=3DMsoNormal><o:p> </o:p></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Hello,<o:p></o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>I see the choice of terminology is causing trouble. The
terminology is coming from WMF, and it may not very well align with the =
ones
used in IETF.<o:p></o:p></span></p>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;margin-bottom:12.0pt'>TBD for
WIMAX-HA-LMA: WiMAX HA and or =
LMA function.<o:p></o:p></p>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>For
example, this one above is for defining the interface between the Mobile =
IP HA
and the AAA server for AAAing Mobile IP service. With that explanation, =
does it
still not qualify for a NAS-port-type?<o:p></o:p></p>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Alper<o:p></=
o:p></p>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><o:p> <=
/o:p></p>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><o:p> <=
/o:p></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style=3D'border:none;border-left:solid blue 1.5pt;padding:0in 0in =
0in 4.0pt'>
<div>
<div style=3D'border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt =
0in 0in 0in'>
<p class=3DMsoNormal><b><span =
style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif";
color:windowtext'>From:</span></b><span =
style=3D'font-size:10.0pt;font-family:
"Tahoma","sans-serif";color:windowtext'> owner-radiusext@ops.ietf.org =
[mailto:owner-radiusext@ops.ietf.org]
<b>On Behalf Of </b>Stefan Winter<br>
<b>Sent:</b> Wednesday, May 18, 2011 10:17 AM<br>
<b>To:</b> Sanchez, Mauricio (HP Networking)<br>
<b>Cc:</b> 'radiusext@ops.ietf.org'<br>
<b>Subject:</b> Re: Final call for consensus poll for IANA #409959
NAS-Port-Type value request<o:p></o:p></span></p>
</div>
</div>
<p class=3DMsoNormal><o:p> </o:p></p>
<p class=3DMsoNormal>Hello,<br>
<o:p></o:p></p>
<div>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style=3D'color:#1F497D'>At this time we find ourselves with a mixed =
result
between the in room sentiment at IETF 80 (which was negative to =
allocation) and
the subsequent consensus poll (which was neutral/positive to
allocation). As such, a final consensus poll is warranted to
establish rough consensus in either direction. =
</span><o:p></o:p></p>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style=3D'color:#1F497D'> </span><o:p></o:p></p>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style=3D'color:#1F497D'>Please respond to this email by May 24, 2011 =
with either
a ‘yes’ (indicating allocation should occur) or a
‘no’ (indicating allocation should be denied). Please =
respond
regardless of whether you commented at IETF 80 or to the below consensus
poll. </span><o:p></o:p></p>
</div>
<p class=3DMsoNormal style=3D'margin-bottom:12.0pt'><br>
In summary: against allocation.<br>
<br>
In detail: My reservations against doing the WiFi Interworking are the =
same as
in the meeting (i.e. why is "WiMAX Wifi" different from normal =
WiFi,
which has a NAS-Port-Type already), but I don't care too much.<br>
<br>
For the other types, my feeling is much stronger against allocation. As =
per
Avi's mail, there are<br>
<br>
- voice service<br>
- DHCP service<br>
- location based service<br>
<br>
The word "service" in these is a brightly blinking indicator =
that
this is not about a port type, but a service type. So allocating a
NAS-*Port*-Type here just doesn't seem to fit semantically.<br>
<br>
There is also "WiMAX Pre-Release 8 ..." stuff. This would at =
best be
a temporary thing; when Release 8 is out, this NAS-Port-Type would just =
be a
burnt integer. I don't think that's right. <br>
<br>
Leave alone that there are values which are a "function" - =
what would
that have to do with NAS-Port-Type? <br>
<br>
Given that all these values are to be registered as a block, and the =
majority
of the proposed values have a big question mark for me, I can't help but =
say
No.<br>
<br>
Greetings,<br>
<br>
Stefan Winter<br>
<br>
<o:p></o:p></p>
<div>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Nas-Port-Typ=
e
values as follows:<br>
TBD for WIMAX-3GPP-PRIF: WiMAX Pre-Release 8 IWK Function<br>
TBD for WIMAX-WIFI-IWK: WiMAX WIFI Interworking<br>
TBD for WIMAX-SFF: Signaling Forwarding Function for =
LTE/3GPP2.<br>
TBD for WIMAX-HA-LMA: WiMAX HA and or =
LMA function.<br>
TBD for WIMAX-DHCP : WIMAX DCHP service<o:p></o:p></p>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>TBD
for WIMAX- LBS : WiMAX location based service<br>
TBD for WIMAX-WVS : WiMAX voice service<o:p></o:p></p>
<p class=3DMsoNormal><o:p> </o:p></p>
</div>
<p class=3DMsoNormal><o:p> </o:p></p>
</div>
</div>
</div>
</body>
</html>
------=_NextPart_000_0013_01CC18FD.204495E0--
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data0@psg.com
Delivery-date: Sat, 21 May 2011 21:31:19 +0000
Message-ID: <BLU152-w23012C91BBD64CAD05BE8793700@phx.gbl>
Content-Type: multipart/alternative; boundary="_3e21d07d-89e5-4607-add6-affec974e9de_"
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: "radiusext@ops.ietf.org" <radiusext@ops.ietf.org>
Subject: Re: Final call for consensus poll for IANA #409959 NAS-Port-Type value request
Date: Sat, 21 May 2011 14:29:54 -0700
MIME-Version: 1.0
--_3e21d07d-89e5-4607-add6-affec974e9de_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
I agree with Alan and Stefan: against allocation.=20
Alan DeKok said:
> In summary: against allocation.
I agree.
Stefan Winter said=3B
"In summary: against allocation.
=20
In detail: My reservations against doing the WiFi Interworking are
the same as in the meeting (i.e. why is "WiMAX Wifi" different from
normal WiFi=2C which has a NAS-Port-Type already)=2C but I don't care
too much.
=20
For the other types=2C my feeling is much stronger against allocation.
As per Avi's mail=2C there are
=20
- voice service
- DHCP service
- location based service
=20
The word "service" in these is a brightly blinking indicator that
this is not about a port type=2C but a service type. So allocating a
NAS-*Port*-Type here just doesn't seem to fit semantically.
=20
There is also "WiMAX Pre-Release 8 ..." stuff. This would at best be
a temporary thing=3B when Release 8 is out=2C this NAS-Port-Type would
just be a burnt integer. I don't think that's right.=20
=20
Leave alone that there are values which are a "function" - what
would that have to do with NAS-Port-Type?=20
=20
Given that all these values are to be registered as a block=2C and the
majority of the proposed values have a big question mark for me=2C I
can't help but say No.
=20
Greetings=2C
=20
Stefan Winter"
=20
=
--_3e21d07d-89e5-4607-add6-affec974e9de_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<style><!--
.hmmessage P
{
margin:0px=3B
padding:0px
}
body.hmmessage
{
font-size: 10pt=3B
font-family:Tahoma
}
--></style>
</head>
<body class=3D'hmmessage'>
I agree with Alan and Stefan: =3B against allocation. <br><br>Alan DeKo=
k said:<br><br>>=3B In summary: against allocation.
<br><br>I agree.<br><br>Stefan Winter said=3B<br><br><font style=3D"" color=
=3D"#000000">"In summary: against allocation.<br>
<br>
In detail: My reservations against doing the WiFi Interworking are
the same as in the meeting (i.e. why is "WiMAX Wifi" different from
normal WiFi=2C which has a NAS-Port-Type already)=2C but I don't care
too much.<br>
<br>
For the other types=2C my feeling is much stronger against allocation.
As per Avi's mail=2C there are<br>
<br>
- voice service<br>
- DHCP service<br>
- location based service<br>
<br>
The word "service" in these is a brightly blinking indicator that
this is not about a port type=2C but a service type. So allocating a
NAS-*Port*-Type here just doesn't seem to fit semantically.<br>
<br>
There is also "WiMAX Pre-Release 8 ..." stuff. This would at best be
a temporary thing=3B when Release 8 is out=2C this NAS-Port-Type would
just be a burnt integer. I don't think that's right. <br>
<br>
Leave alone that there are values which are a "function" - what
would that have to do with NAS-Port-Type? <br>
<br>
Given that all these values are to be registered as a block=2C and the
majority of the proposed values have a big question mark for me=2C I
can't help but say No.<br>
<br>
Greetings=2C<br>
<br>
Stefan Winter"<br>
</font><br> </body>
</html>=
--_3e21d07d-89e5-4607-add6-affec974e9de_--
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data0@psg.com
Delivery-date: Wed, 18 May 2011 11:58:54 +0000
From: "Alper Yegin" <alper.yegin@yegin.org>
To: "'Stefan Winter'" <stefan.winter@restena.lu>, "'Sanchez, Mauricio \(HP Networking\)'" <mauricio.sanchez@hp.com>
Cc: <radiusext@ops.ietf.org>
Subject: RE: Final call for consensus poll for IANA #409959 NAS-Port-Type value request
Date: Wed, 18 May 2011 14:57:50 +0300
Message-ID: <002c01cc1552$d42f6840$7c8e38c0$@yegin@yegin.org>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_002D_01CC156B.F97CA040"
Thread-Index: AcwVK+qQQhIZi151TGKm8fHGMqZxgQAJg9gQ
Content-Language: en-us
This is a multipart message in MIME format.
------=_NextPart_000_002D_01CC156B.F97CA040
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Hello,
I see the choice of terminology is causing trouble. The terminology is
coming from WMF, and it may not very well align with the ones used in IETF.
TBD for WIMAX-HA-LMA: WiMAX HA and or LMA function.
For example, this one above is for defining the interface between the Mobile
IP HA and the AAA server for AAAing Mobile IP service. With that
explanation, does it still not qualify for a NAS-port-type?
Alper
From: owner-radiusext@ops.ietf.org [mailto:owner-radiusext@ops.ietf.org] On
Behalf Of Stefan Winter
Sent: Wednesday, May 18, 2011 10:17 AM
To: Sanchez, Mauricio (HP Networking)
Cc: 'radiusext@ops.ietf.org'
Subject: Re: Final call for consensus poll for IANA #409959 NAS-Port-Type
value request
Hello,
At this time we find ourselves with a mixed result between the in room
sentiment at IETF 80 (which was negative to allocation) and the subsequent
consensus poll (which was neutral/positive to allocation). As such, a
final consensus poll is warranted to establish rough consensus in either
direction.
Please respond to this email by May 24, 2011 with either a 'yes'
(indicating allocation should occur) or a 'no' (indicating allocation should
be denied). Please respond regardless of whether you commented at IETF 80
or to the below consensus poll.
In summary: against allocation.
In detail: My reservations against doing the WiFi Interworking are the same
as in the meeting (i.e. why is "WiMAX Wifi" different from normal WiFi,
which has a NAS-Port-Type already), but I don't care too much.
For the other types, my feeling is much stronger against allocation. As per
Avi's mail, there are
- voice service
- DHCP service
- location based service
The word "service" in these is a brightly blinking indicator that this is
not about a port type, but a service type. So allocating a NAS-*Port*-Type
here just doesn't seem to fit semantically.
There is also "WiMAX Pre-Release 8 ..." stuff. This would at best be a
temporary thing; when Release 8 is out, this NAS-Port-Type would just be a
burnt integer. I don't think that's right.
Leave alone that there are values which are a "function" - what would that
have to do with NAS-Port-Type?
Given that all these values are to be registered as a block, and the
majority of the proposed values have a big question mark for me, I can't
help but say No.
Greetings,
Stefan Winter
Nas-Port-Type values as follows:
TBD for WIMAX-3GPP-PRIF: WiMAX Pre-Release 8 IWK Function
TBD for WIMAX-WIFI-IWK: WiMAX WIFI Interworking
TBD for WIMAX-SFF: Signaling Forwarding Function for LTE/3GPP2.
TBD for WIMAX-HA-LMA: WiMAX HA and or LMA function.
TBD for WIMAX-DHCP : WIMAX DCHP service
TBD for WIMAX- LBS : WiMAX location based service
TBD for WIMAX-WVS : WiMAX voice service
------=_NextPart_000_002D_01CC156B.F97CA040
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:x=3D"urn:schemas-microsoft-com:office:excel" =
xmlns:p=3D"urn:schemas-microsoft-com:office:powerpoint" =
xmlns:a=3D"urn:schemas-microsoft-com:office:access" =
xmlns:dt=3D"uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" =
xmlns:s=3D"uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" =
xmlns:rs=3D"urn:schemas-microsoft-com:rowset" xmlns:z=3D"#RowsetSchema" =
xmlns:b=3D"urn:schemas-microsoft-com:office:publisher" =
xmlns:ss=3D"urn:schemas-microsoft-com:office:spreadsheet" =
xmlns:c=3D"urn:schemas-microsoft-com:office:component:spreadsheet" =
xmlns:odc=3D"urn:schemas-microsoft-com:office:odc" =
xmlns:oa=3D"urn:schemas-microsoft-com:office:activation" =
xmlns:html=3D"http://www.w3.org/TR/REC-html40" =
xmlns:q=3D"http://schemas.xmlsoap.org/soap/envelope/" =
xmlns:rtc=3D"http://microsoft.com/officenet/conferencing" =
xmlns:D=3D"DAV:" xmlns:Repl=3D"http://schemas.microsoft.com/repl/" =
xmlns:mt=3D"http://schemas.microsoft.com/sharepoint/soap/meetings/" =
xmlns:x2=3D"http://schemas.microsoft.com/office/excel/2003/xml" =
xmlns:ppda=3D"http://www.passport.com/NameSpace.xsd" =
xmlns:ois=3D"http://schemas.microsoft.com/sharepoint/soap/ois/" =
xmlns:dir=3D"http://schemas.microsoft.com/sharepoint/soap/directory/" =
xmlns:ds=3D"http://www.w3.org/2000/09/xmldsig#" =
xmlns:dsp=3D"http://schemas.microsoft.com/sharepoint/dsp" =
xmlns:udc=3D"http://schemas.microsoft.com/data/udc" =
xmlns:xsd=3D"http://www.w3.org/2001/XMLSchema" =
xmlns:sub=3D"http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/"=
xmlns:ec=3D"http://www.w3.org/2001/04/xmlenc#" =
xmlns:sp=3D"http://schemas.microsoft.com/sharepoint/" =
xmlns:sps=3D"http://schemas.microsoft.com/sharepoint/soap/" =
xmlns:xsi=3D"http://www.w3.org/2001/XMLSchema-instance" =
xmlns:udcs=3D"http://schemas.microsoft.com/data/udc/soap" =
xmlns:udcxf=3D"http://schemas.microsoft.com/data/udc/xmlfile" =
xmlns:udcp2p=3D"http://schemas.microsoft.com/data/udc/parttopart" =
xmlns:wf=3D"http://schemas.microsoft.com/sharepoint/soap/workflow/" =
xmlns:dsss=3D"http://schemas.microsoft.com/office/2006/digsig-setup" =
xmlns:dssi=3D"http://schemas.microsoft.com/office/2006/digsig" =
xmlns:mdssi=3D"http://schemas.openxmlformats.org/package/2006/digital-sig=
nature" =
xmlns:mver=3D"http://schemas.openxmlformats.org/markup-compatibility/2006=
" xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns:mrels=3D"http://schemas.openxmlformats.org/package/2006/relationshi=
ps" xmlns:spwp=3D"http://microsoft.com/sharepoint/webpartpages" =
xmlns:ex12t=3D"http://schemas.microsoft.com/exchange/services/2006/types"=
=
xmlns:ex12m=3D"http://schemas.microsoft.com/exchange/services/2006/messag=
es" =
xmlns:pptsl=3D"http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/=
" =
xmlns:spsl=3D"http://microsoft.com/webservices/SharePointPortalServer/Pub=
lishedLinksService" xmlns:Z=3D"urn:schemas-microsoft-com:" =
xmlns:st=3D"" xmlns=3D"http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor=3Dwhite lang=3DEN-US link=3Dblue vlink=3Dpurple>
<div class=3DSection1>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Hello,<o:p></o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>I see the choice of terminology is causing trouble. The
terminology is coming from WMF, and it may not very well align with the =
ones
used in IETF.<o:p></o:p></span></p>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>TBD
for WIMAX-HA-LMA: WiMAX HA and or =
LMA function.<br>
<br>
<o:p></o:p></p>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>For
example, this one above is for defining the interface between the Mobile =
IP HA
and the AAA server for AAAing Mobile IP service. With that explanation, =
does it
still not qualify for a NAS-port-type?<o:p></o:p></p>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Alper<o:p></=
o:p></p>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><o:p> <=
/o:p></p>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><o:p> <=
/o:p></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style=3D'border:none;border-left:solid blue 1.5pt;padding:0in 0in =
0in 4.0pt'>
<div>
<div style=3D'border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt =
0in 0in 0in'>
<p class=3DMsoNormal><b><span =
style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif";
color:windowtext'>From:</span></b><span =
style=3D'font-size:10.0pt;font-family:
"Tahoma","sans-serif";color:windowtext'> owner-radiusext@ops.ietf.org
[mailto:owner-radiusext@ops.ietf.org] <b>On Behalf Of </b>Stefan =
Winter<br>
<b>Sent:</b> Wednesday, May 18, 2011 10:17 AM<br>
<b>To:</b> Sanchez, Mauricio (HP Networking)<br>
<b>Cc:</b> 'radiusext@ops.ietf.org'<br>
<b>Subject:</b> Re: Final call for consensus poll for IANA #409959
NAS-Port-Type value request<o:p></o:p></span></p>
</div>
</div>
<p class=3DMsoNormal><o:p> </o:p></p>
<p class=3DMsoNormal>Hello,<br>
<o:p></o:p></p>
<div>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style=3D'color:#1F497D'>At this time we find ourselves with a mixed =
result
between the in room sentiment at IETF 80 (which was negative to =
allocation) and
the subsequent consensus poll (which was neutral/positive to
allocation). As such, a final consensus poll is warranted to
establish rough consensus in either direction. =
</span><o:p></o:p></p>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style=3D'color:#1F497D'> </span><o:p></o:p></p>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style=3D'color:#1F497D'>Please respond to this email by May 24, 2011 =
with either
a ‘yes’ (indicating allocation should occur) or a
‘no’ (indicating allocation should be denied). Please =
respond
regardless of whether you commented at IETF 80 or to the below consensus
poll. </span><o:p></o:p></p>
</div>
<p class=3DMsoNormal><br>
In summary: against allocation.<br>
<br>
In detail: My reservations against doing the WiFi Interworking are the =
same as
in the meeting (i.e. why is "WiMAX Wifi" different from normal =
WiFi,
which has a NAS-Port-Type already), but I don't care too much.<br>
<br>
For the other types, my feeling is much stronger against allocation. As =
per
Avi's mail, there are<br>
<br>
- voice service<br>
- DHCP service<br>
- location based service<br>
<br>
The word "service" in these is a brightly blinking indicator =
that
this is not about a port type, but a service type. So allocating a
NAS-*Port*-Type here just doesn't seem to fit semantically.<br>
<br>
There is also "WiMAX Pre-Release 8 ..." stuff. This would at =
best be
a temporary thing; when Release 8 is out, this NAS-Port-Type would just =
be a
burnt integer. I don't think that's right. <br>
<br>
Leave alone that there are values which are a "function" - =
what would
that have to do with NAS-Port-Type? <br>
<br>
Given that all these values are to be registered as a block, and the =
majority
of the proposed values have a big question mark for me, I can't help but =
say
No.<br>
<br>
Greetings,<br>
<br>
Stefan Winter<br>
<br>
<br>
<o:p></o:p></p>
<div>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Nas-Port-Typ=
e
values as follows:<br>
TBD for WIMAX-3GPP-PRIF: WiMAX Pre-Release 8 IWK Function<br>
TBD for WIMAX-WIFI-IWK: WiMAX WIFI Interworking<br>
TBD for WIMAX-SFF: Signaling Forwarding Function for =
LTE/3GPP2.<br>
TBD for WIMAX-HA-LMA: WiMAX HA and or =
LMA function.<br>
TBD for WIMAX-DHCP : WIMAX DCHP service<o:p></o:p></p>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>TBD
for WIMAX- LBS : WiMAX location based service<br>
TBD for WIMAX-WVS : WiMAX voice service<o:p></o:p></p>
<p class=3DMsoNormal><o:p> </o:p></p>
</div>
<p class=3DMsoNormal><o:p> </o:p></p>
</div>
</div>
</body>
</html>
------=_NextPart_000_002D_01CC156B.F97CA040--
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data0@psg.com
Delivery-date: Wed, 18 May 2011 10:57:59 +0000
Message-ID: <4DD3A5F4.7020809@deployingradius.com>
Date: Wed, 18 May 2011 12:56:52 +0200
From: Alan DeKok <aland@deployingradius.com>
User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228)
MIME-Version: 1.0
To: Stefan Winter <stefan.winter@restena.lu>
CC: "Sanchez, Mauricio (HP Networking)" <mauricio.sanchez@hp.com>, "'radiusext@ops.ietf.org'" <radiusext@ops.ietf.org>
Subject: Re: Final call for consensus poll for IANA #409959 NAS-Port-Type value request
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Stefan Winter wrote:
> In summary: against allocation.
I agree.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data0@psg.com
Delivery-date: Wed, 18 May 2011 07:17:40 +0000
Message-ID: <4DD37259.9010005@restena.lu>
Date: Wed, 18 May 2011 09:16:41 +0200
From: Stefan Winter <stefan.winter@restena.lu>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; de; rv:1.9.2.17) Gecko/20110414 Lightning/1.0b2 Thunderbird/3.1.10
MIME-Version: 1.0
To: "Sanchez, Mauricio (HP Networking)" <mauricio.sanchez@hp.com>
CC: "'radiusext@ops.ietf.org'" <radiusext@ops.ietf.org>
Subject: Re: Final call for consensus poll for IANA #409959 NAS-Port-Type value request
Content-Type: multipart/alternative; boundary="------------060000060907050905000106"
This is a multi-part message in MIME format.
--------------060000060907050905000106
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Hello,
>
> At this time we find ourselves with a mixed result between the in room
> sentiment at IETF 80 (which was negative to allocation) and the
> subsequent consensus poll (which was neutral/positive to
> allocation). As such, a final consensus poll is warranted to
> establish rough consensus in either direction.
>
>
>
> Please respond to this email by May 24, 2011 with either a 'yes'
> (indicating allocation should occur) or a 'no' (indicating allocation
> should be denied). Please respond regardless of whether you commented
> at IETF 80 or to the below consensus poll.
>
In summary: against allocation.
In detail: My reservations against doing the WiFi Interworking are the
same as in the meeting (i.e. why is "WiMAX Wifi" different from normal
WiFi, which has a NAS-Port-Type already), but I don't care too much.
For the other types, my feeling is much stronger against allocation. As
per Avi's mail, there are
- voice service
- DHCP service
- location based service
The word "service" in these is a brightly blinking indicator that this
is not about a port type, but a service type. So allocating a
NAS-*Port*-Type here just doesn't seem to fit semantically.
There is also "WiMAX Pre-Release 8 ..." stuff. This would at best be a
temporary thing; when Release 8 is out, this NAS-Port-Type would just be
a burnt integer. I don't think that's right.
Leave alone that there are values which are a "function" - what would
that have to do with NAS-Port-Type?
Given that all these values are to be registered as a block, and the
majority of the proposed values have a big question mark for me, I can't
help but say No.
Greetings,
Stefan Winter
> Nas-Port-Type values as follows:
> TBD for WIMAX-3GPP-PRIF: WiMAX Pre-Release 8 IWK Function
> TBD for WIMAX-WIFI-IWK: WiMAX WIFI Interworking
> TBD for WIMAX-SFF: Signaling Forwarding Function for LTE/3GPP2.
> TBD for WIMAX-HA-LMA: WiMAX HA and or LMA function.
> TBD for WIMAX-DHCP : WIMAX DCHP service
>
> TBD for WIMAX- LBS : WiMAX location based service
> TBD for WIMAX-WVS : WiMAX voice service
>
>
--------------060000060907050905000106
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Hello,<br>
<o:p> </o:p>
<blockquote
cite="mid:9BC2F7926B33FE4AB10D69891D58FC1C5C72F204E4@GVW0671EXC.americas.hpqcorp.net"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">At
this time we find ourselves with a mixed result between the
in room sentiment at IETF 80 (which was negative to
allocation) and the subsequent consensus poll (which was
neutral/positive to allocation). As such, a final
consensus poll is warranted to establish rough consensus in
either direction. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">Please
respond to this email by May 24, 2011 with either a ‘yes’
(indicating allocation should occur) or a ‘no’ (indicating
allocation should be denied). Please respond regardless of
whether you commented at IETF 80 or to the below consensus
poll. </span><br>
</p>
</div>
</blockquote>
<br>
In summary: against allocation.<br>
<br>
In detail: My reservations against doing the WiFi Interworking are
the same as in the meeting (i.e. why is "WiMAX Wifi" different from
normal WiFi, which has a NAS-Port-Type already), but I don't care
too much.<br>
<br>
For the other types, my feeling is much stronger against allocation.
As per Avi's mail, there are<br>
<br>
- voice service<br>
- DHCP service<br>
- location based service<br>
<br>
The word "service" in these is a brightly blinking indicator that
this is not about a port type, but a service type. So allocating a
NAS-*Port*-Type here just doesn't seem to fit semantically.<br>
<br>
There is also "WiMAX Pre-Release 8 ..." stuff. This would at best be
a temporary thing; when Release 8 is out, this NAS-Port-Type would
just be a burnt integer. I don't think that's right. <br>
<br>
Leave alone that there are values which are a "function" - what
would that have to do with NAS-Port-Type? <br>
<br>
Given that all these values are to be registered as a block, and the
majority of the proposed values have a big question mark for me, I
can't help but say No.<br>
<br>
Greetings,<br>
<br>
Stefan Winter<br>
<br>
<blockquote
cite="mid:9BC2F7926B33FE4AB10D69891D58FC1C5C72F204E4@GVW0671EXC.americas.hpqcorp.net"
type="cite">
<div class="WordSection1">
<p class="MsoNormal">Nas-Port-Type values as follows:<br>
TBD for WIMAX-3GPP-PRIF: WiMAX Pre-Release 8 IWK Function<br>
TBD for WIMAX-WIFI-IWK: WiMAX WIFI Interworking<br>
TBD for WIMAX-SFF: Signaling Forwarding Function for
LTE/3GPP2.<br>
TBD for WIMAX-HA-LMA: WiMAX HA and or LMA function.<br>
TBD for WIMAX-DHCP : WIMAX DCHP service<o:p></o:p></p>
<p class="MsoNormal">TBD for WIMAX- LBS : WiMAX location based
service<br>
TBD for WIMAX-WVS : WiMAX voice service<o:p></o:p></p>
<br>
</div>
</blockquote>
<br>
</body>
</html>
--------------060000060907050905000106--
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data0@psg.com
Delivery-date: Tue, 17 May 2011 16:19:31 +0000
From: "Sanchez, Mauricio (HP Networking)" <mauricio.sanchez@hp.com>
To: "'radiusext@ops.ietf.org'" <radiusext@ops.ietf.org>
Date: Tue, 17 May 2011 16:17:08 +0000
Subject: RE: Final call for consensus poll for IANA #409959 NAS-Port-Type value request
Thread-Topic: Final call for consensus poll for IANA #409959 NAS-Port-Type value request
Thread-Index: AcwUoY87yOeEstuvSo6vISljQJ5ggQADC95g
Message-ID: <9BC2F7926B33FE4AB10D69891D58FC1C5C72F204E4@GVW0671EXC.americas.hpqcorp.net>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: multipart/mixed; boundary="_004_9BC2F7926B33FE4AB10D69891D58FC1C5C72F204E4GVW0671EXCame_"
MIME-Version: 1.0
--_004_9BC2F7926B33FE4AB10D69891D58FC1C5C72F204E4GVW0671EXCame_
Content-Type: multipart/alternative;
boundary="_000_9BC2F7926B33FE4AB10D69891D58FC1C5C72F204E4GVW0671EXCame_"
--_000_9BC2F7926B33FE4AB10D69891D58FC1C5C72F204E4GVW0671EXCame_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Adding email from Avi describing expected usage of this new attributes.
From: owner-radiusext@ops.ietf.org [mailto:owner-radiusext@ops.ietf.org] On=
Behalf Of Sanchez, Mauricio (HP Networking)
Sent: Tuesday, May 17, 2011 7:53 AM
To: 'radiusext@ops.ietf.org'
Subject: Final call for consensus poll for IANA #409959 NAS-Port-Type value=
request
At this time we find ourselves with a mixed result between the in room sent=
iment at IETF 80 (which was negative to allocation) and the subsequent cons=
ensus poll (which was neutral/positive to allocation). As such, a final c=
onsensus poll is warranted to establish rough consensus in either direction=
.
Please respond to this email by May 24, 2011 with either a 'yes' (indicati=
ng allocation should occur) or a 'no' (indicating allocation should be deni=
ed). Please respond regardless of whether you commented at IETF 80 or to t=
he below consensus poll.
Thanks,
Mauricio
From: owner-radiusext@ops.ietf.org [mailto:owner-radiusext@ops.ietf.org] On=
Behalf Of Sanchez, Mauricio (HP Networking)
Sent: Friday, April 08, 2011 11:31 AM
To: 'radiusext@ops.ietf.org'
Subject: Consensus poll for IANA #409959 NAS-Port-Type value request
During IETF 80 one of the agenda topics discussed was whether to approve a =
request received by IANA for allocation of additional NAS-port-type values =
relating to Wimax as described below
Type of Assignment :
Nas-Port-Type values as follows:
TBD for WIMAX-3GPP-PRIF: WiMAX Pre-Release 8 IWK Function
TBD for WIMAX-WIFI-IWK: WiMAX WIFI Interworking
TBD for WIMAX-SFF: Signaling Forwarding Function for LTE/3GPP2.
TBD for WIMAX-HA-LMA: WiMAX HA and or LMA function.
TBD for WIMAX-DHCP : WIMAX DCHP service
TBD for WIMAX- LBS : WiMAX location based service
TBD for WIMAX-WVS : WiMAX voice service
The snippet of meeting notes relating to this topic are show below:
---- <meeting note snippet begin>---------------------------
Request for registration for NAS-port-type. Under 3575, falls under expert=
review. This request is for NAS-port-type relating to WiMax
- Stefan comments that there's already type for WiFi so not sure why anothe=
r one is needed, just one.
- Klaas comments that agrees with Stefan's comments.
- Nancy comments that looking at the current assignment is that there is on=
ly 1 allocation per mode.
- Bernard takes the general comment of only allocating one as the response =
to take back to the request. Given consensus here, will verify that opinio=
n in the reflector.
---- <meeting note snippet end>---------------------------
The sentiment in the room was clearly against approving this IANA request a=
nd at this time we would like to confirm this on the mailing list.
Please respond to this email and state whether you are in favor or against =
approving this IANA request.
Thanks,
MS
--_000_9BC2F7926B33FE4AB10D69891D58FC1C5C72F204E4GVW0671EXCame_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV=3D"Content-Type" CONTENT=
=3D"text/html; charset=3Dus-ascii"><meta name=3DGenerator content=3D"Micros=
oft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]--></head><body lang=3DEN-US link=3Dblue vli=
nk=3Dpurple><div class=3DWordSection1><p class=3DMsoNormal><span style=3D'c=
olor:#1F497D'>Adding email from Avi describing expected usage of this new a=
ttributes. <o:p></o:p></span></p><p class=3DMsoNormal><span style=3D'=
color:#1F497D'><o:p> </o:p></span></p><div><div style=3D'border:none;b=
order-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=3DMsoNorm=
al><b><span style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Fr=
om:</span></b><span style=3D'font-size:10.0pt;font-family:"Tahoma","sans-se=
rif"'> owner-radiusext@ops.ietf.org [mailto:owner-radiusext@ops.ietf.org] <=
b>On Behalf Of </b>Sanchez, Mauricio (HP Networking)<br><b>Sent:</b> Tuesda=
y, May 17, 2011 7:53 AM<br><b>To:</b> 'radiusext@ops.ietf.org'<br><b>Subjec=
t:</b> Final call for consensus poll for IANA #409959 NAS-Port-Type value r=
equest <o:p></o:p></span></p></div></div><p class=3DMsoNormal><o:p> </=
o:p></p><p class=3DMsoNormal><span style=3D'color:#1F497D'>At this time we =
find ourselves with a mixed result between the in room sentiment at IETF 80=
(which was negative to allocation) and the subsequent consensus poll (whic=
h was neutral/positive to allocation). As such, a final consens=
us poll is warranted to establish rough consensus in either direction. &nbs=
p;<o:p></o:p></span></p><p class=3DMsoNormal><span style=3D'color:#1F497D'>=
<o:p> </o:p></span></p><p class=3DMsoNormal><span style=3D'color:#1F49=
7D'>Please respond to this email by May 24, 2011 with either a ‘yes&#=
8217; (indicating allocation should occur) or a ‘no’ (ind=
icating allocation should be denied). Please respond regardless of wh=
ether you commented at IETF 80 or to the below consensus poll. <o:p><=
/o:p></span></p><p class=3DMsoNormal><span style=3D'color:#1F497D'><o:p>&nb=
sp;</o:p></span></p><p class=3DMsoNormal><span style=3D'color:#1F497D'>Than=
ks,<o:p></o:p></span></p><p class=3DMsoNormal><span style=3D'color:#1F497D'=
>Mauricio <o:p></o:p></span></p><p class=3DMsoNormal><span style=3D'color:#=
1F497D'><o:p> </o:p></span></p><p class=3DMsoNormal><span style=3D'col=
or:#1F497D'><o:p> </o:p></span></p><div><div style=3D'border:none;bord=
er-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=3DMsoNormal>=
<b><span style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:=
</span></b><span style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif=
"'> owner-radiusext@ops.ietf.org [mailto:owner-radiusext@ops.ietf.org] <b>O=
n Behalf Of </b>Sanchez, Mauricio (HP Networking)<br><b>Sent:</b> Friday, A=
pril 08, 2011 11:31 AM<br><b>To:</b> 'radiusext@ops.ietf.org'<br><b>Subject=
:</b> Consensus poll for IANA #409959 NAS-Port-Type value request<o:p></o:p=
></span></p></div></div><p class=3DMsoNormal><o:p> </o:p></p><p class=
=3DMsoNormal>During IETF 80 one of the agenda topics discussed was whether =
to approve a request received by IANA for allocation of additional NAS-port=
-type values relating to Wimax as described below <o:p></o:p></p><p class=
=3DMsoNormal><o:p> </o:p></p><p class=3DMsoNormal>Type of Assignment :=
<br>Nas-Port-Type values as follows:<br>TBD for WIMAX-3GPP-PRIF:  =
;WiMAX Pre-Release 8 IWK Function<br>TBD for WIMAX-WIFI-IWK: WiMAX &n=
bsp; WIFI Interworking<br>TBD for WIMAX-SFF: Signaling Forwarding Func=
tion for LTE/3GPP2.<br>TBD for WIMAX-HA-LMA: WiMAX HA and =
or LMA function.<br>TBD for WIMAX-DHCP : WIMAX DCHP servic=
e<o:p></o:p></p><p class=3DMsoNormal>TBD for WIMAX- LBS : WiMAX =
location based service<br>TBD for WIMAX-WVS : WiMAX voice servic=
e<o:p></o:p></p><p class=3DMsoNormal><o:p> </o:p></p><p class=3DMsoNor=
mal>The snippet of meeting notes relating to this topic are show below:<o:p=
></o:p></p><p class=3DMsoNormal><o:p> </o:p></p><p class=3DMsoNormal>-=
--- <meeting note snippet begin>---------------------------<o:p></o:p=
></p><p class=3DMsoNormal><o:p> </o:p></p><p class=3DMsoNormal>Request=
for registration for NAS-port-type. Under 3575, falls under expert r=
eview. This request is for NAS-port-type relating to WiMax<o:p></o:p>=
</p><p class=3DMsoNormal>- Stefan comments that there’s already type =
for WiFi so not sure why another one is needed, just one.<o:p></o:p></p><p =
class=3DMsoNormal>- Klaas comments that agrees with Stefan’s comments=
.<o:p></o:p></p><p class=3DMsoNormal>- Nancy comments that looking at the c=
urrent assignment is that there is only 1 allocation per mode.<o:p></o:p></=
p><p class=3DMsoNormal>- Bernard takes the general comment of only allocati=
ng one as the response to take back to the request. Given consensus h=
ere, will verify that opinion in the reflector.<o:p></o:p></p><p class=3DMs=
oNormal><o:p> </o:p></p><p class=3DMsoNormal>---- <meeting note sni=
ppet end>---------------------------<o:p></o:p></p><p class=3DMsoNormal>=
<o:p> </o:p></p><p class=3DMsoNormal>The sentiment in the room was cle=
arly against approving this IANA request and at this time we would like to =
confirm this on the mailing list. <o:p></o:p></p><p class=3DMsoNormal=
><o:p> </o:p></p><p class=3DMsoNormal>Please respond to this email and=
state whether you are in favor or against approving this IANA request.&nbs=
p; <o:p></o:p></p><p class=3DMsoNormal><o:p> </o:p></p><p class=3DMsoN=
ormal>Thanks,<o:p></o:p></p><p class=3DMsoNormal>MS <o:p></o:p></p><p class=
=3DMsoNormal><o:p> </o:p></p></div></body></html>=
--_000_9BC2F7926B33FE4AB10D69891D58FC1C5C72F204E4GVW0671EXCame_--
--_004_9BC2F7926B33FE4AB10D69891D58FC1C5C72F204E4GVW0671EXCame_
Content-Type: message/rfc822
Received: from mail200.messagelabs.com (mail200.messagelabs.com
[216.82.254.195]) by mx.perfora.net (node=mxus0) with ESMTP (Nemesis) id
0MRnhx-1PWinr3eK9-00T7qC for alper.yegin@yegin.org; Tue, 15 Mar 2011 13:39:39
-0400
Received: (qmail 27728 invoked from network); 15 Mar 2011 17:39:37 -0000
Received: from mail.bridgewatersystems.com (HELO
webmail.bridgewatersystems.com) (72.35.6.119) by
server-5.tower-200.messagelabs.com with RC4-SHA encrypted SMTP; 15 Mar 2011
17:39:37 -0000
Received: from m679t05.fpmis.bridgewatersys.com ([10.52.81.148]) by
m679t01.fpmis.bridgewatersys.com ([10.52.81.144]) with mapi; Tue, 15 Mar 2011
13:39:36 -0400
From: Avi Lior <avi@bridgewatersystems.com>
To: "bernard_aboba@hotmail.com" <bernard_aboba@hotmail.com>
CC: "radiusext@ops.ietf.org" <radiusext@ops.ietf.org>, Alper Yegin
<alper.yegin@yegin.org>
Date: Tue, 15 Mar 2011 17:39:35 +0000
Subject: [IANA #409959] Genreral Request for Assignements
Thread-Topic: [IANA #409959] Genreral Request for Assignements
Thread-Index: AcvjN/PfETWqJsnhRbCJ3Q5584NJVA==
Message-ID: <C9A51C97.11D20%avi@bridgewatersystems.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [72.35.6.119]
x-msg-ref: server-5.tower-200.messagelabs.com!1300210776!92153259!1
x-env-sender: avi@bridgewatersystems.com
x-viruschecked: Checked
x-starscan-version: 6.2.9; banners=-,-,-
Content-Type: multipart/alternative;
boundary="_000_C9A51C9711D20avibridgewatersystemscom_"
MIME-Version: 1.0
--_000_C9A51C9711D20avibridgewatersystemscom_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Hi Bernard,
Thank you for the review of the NAS-Port-Type IANA request for assignment. =
In a previous email you were seeking answers to the following questions:
Bernard wrote:
Can someone answer the following questions?
1. What is different between WiMAX WiFi and normal IEEE 802.11? We already=
have a number of IEEE 802.11 NAS-Port-types allocated and have proposed ad=
ditional data for this.
2. Why do DHCP and a location service need NAS-Port-Type values?
3. Why should we just allocate a generic WiMAX NAS-Port and let additional =
data be included in a WiMAX Forum VSA?
The general answer to your question is as follows:
For a given session, the WIMAX AAA Server interacts with many different WiM=
AX network elements and also non-WiMAX network elements. The approach take=
n by WiMAX is to have an explicit indication from the NAS as to the context=
of the RADIUS access-request. The NAS-Port-Type is viewed as the attribut=
e to provide that information.
WRT 1) the WiMAX AAA needs to be able to differentiate between a normal WiF=
i Access and a WiMAX NAS which is an a WiFI-WiMAX IWK NAS which has additio=
nal behaviours over and above the "normal" wifi AP. T
WRT 2) Again, WiMAX AAA needs to differentiate between the request from bot=
h these entities because the AAA behaviour is different when request comes =
from a DHCP server vs., a Location Based Server.
WRT 3) WiMAX would just be inventing our own NAS-Port-Type attribute. We =
thought the idea is that we reuse attributes when we can. Since there doesn=
't seem to be a lack of number space associated with NAS-Port-Type there do=
esn't seem to be a reason to invent our own attribute.
-- Avi Lior
--Bridgewater Systems
--_000_C9A51C9711D20avibridgewatersystemscom_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-fami=
ly: Calibri, sans-serif; ">
<div>
<div>
<div> Hi Bernard,</div>
<div><br>
</div>
<div>Thank you for the review of the NAS-Port-Type IANA request for assignm=
ent. In a previous email you were seeking answers to the following qu=
estions:</div>
<div><span class=3D"Apple-style-span" style=3D"font-family: Times; font-siz=
e: medium; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-=
spacing: 2px; ">
<p class=3D"MsoNormal" style=3D"margin-bottom: 12pt; "><span style=3D"font-=
size: 10pt; font-family: Tahoma, sans-serif; ">Bernard wrote:</span></p>
<p class=3D"MsoNormal" style=3D"margin-bottom: 12pt; "><span style=3D"font-=
size: 10pt; font-family: Tahoma, sans-serif; ">Can someone answer the follo=
wing questions?<o:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"margin-bottom: 12pt; "><span style=3D"font-=
size: 10pt; font-family: Tahoma, sans-serif; ">1. What is different between=
WiMAX WiFi and normal IEEE 802.11? We already have a number of IEEE =
802.11 NAS-Port-types allocated and have proposed
additional data for this.<o:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"margin-bottom: 12pt; "><span style=3D"font-=
size: 10pt; font-family: Tahoma, sans-serif; ">2. Why do DHCP and a locatio=
n service need NAS-Port-Type values? <o:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"margin-bottom: 12pt; "><span style=3D"font-=
size: 10pt; font-family: Tahoma, sans-serif; ">3. Why should we just alloca=
te a generic WiMAX NAS-Port and let additional data be included in a WiMAX =
Forum VSA?</span></p>
<p class=3D"MsoNormal" style=3D"margin-bottom: 12pt; "><span style=3D"font-=
size: 10pt; font-family: Tahoma, sans-serif; ">The general answer to your q=
uestion is as follows:</span></p>
<p class=3D"MsoNormal" style=3D"margin-bottom: 12pt; "><font class=3D"Apple=
-style-span" face=3D"Tahoma,sans-serif" size=3D"3"><span class=3D"Apple-sty=
le-span" style=3D"font-size: 13px;">For a given session, the WIMAX AAA Serv=
er interacts with many different WiMAX network
elements and also non-WiMAX network elements. The approach taken by =
WiMAX is to have an explicit indication from the NAS as to the context of t=
he RADIUS access-request. The NAS-Port-Type is viewed as the attribut=
e to provide that information.</span></font></p>
<p class=3D"MsoNormal" style=3D"margin-bottom: 12pt; "><font class=3D"Apple=
-style-span" face=3D"Tahoma,sans-serif" size=3D"3"><span class=3D"Apple-sty=
le-span" style=3D"font-size: 13px;">WRT 1) the WiMAX AAA needs to be able t=
o differentiate between a normal WiFi Access and
a WiMAX NAS which is an a WiFI-WiMAX IWK NAS which has additional behaviou=
rs over and above the "normal" wifi AP. T</span></font></p>
<p class=3D"MsoNormal" style=3D"margin-bottom: 12pt; "><font class=3D"Apple=
-style-span" face=3D"Tahoma,sans-serif" size=3D"3"><span class=3D"Apple-sty=
le-span" style=3D"font-size: 13px;"><br>
</span></font></p>
<p class=3D"MsoNormal" style=3D"margin-bottom: 12pt; "><font class=3D"Apple=
-style-span" face=3D"Tahoma,sans-serif" size=3D"3"><span class=3D"Apple-sty=
le-span" style=3D"font-size: 13px;">WRT 2) Again, WiMAX AAA needs to differ=
entiate between the request from both these entities
because the AAA behaviour is different when request comes from a DHC=
P server vs., a Location Based Server.</span></font></p>
<p class=3D"MsoNormal" style=3D"margin-bottom: 12pt; "><font class=3D"Apple=
-style-span" face=3D"Tahoma,sans-serif" size=3D"3"><span class=3D"Apple-sty=
le-span" style=3D"font-size: 13px;">WRT 3) WiMAX would just be invent=
ing our own NAS-Port-Type attribute. We thought the
idea is that we reuse attributes when we can. Since there doesn't seem to =
be a lack of number space associated with NAS-Port-Type there doesn't seem =
to be a reason to invent our own attribute.</span></font></p>
<p class=3D"MsoNormal" style=3D"margin-bottom: 12pt; "><font class=3D"Apple=
-style-span" face=3D"Tahoma,sans-serif" size=3D"3"><span class=3D"Apple-sty=
le-span" style=3D"font-size: 13px;"><br>
</span></font></p>
</span></div>
<div>
<div>
<div>-- Avi Lior</div>
<div>--Bridgewater Systems</div>
<div><br>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
--_000_C9A51C9711D20avibridgewatersystemscom_--
--_004_9BC2F7926B33FE4AB10D69891D58FC1C5C72F204E4GVW0671EXCame_--
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data0@psg.com
Delivery-date: Tue, 17 May 2011 14:54:37 +0000
From: "Sanchez, Mauricio (HP Networking)" <mauricio.sanchez@hp.com>
To: "'radiusext@ops.ietf.org'" <radiusext@ops.ietf.org>
Date: Tue, 17 May 2011 14:52:50 +0000
Subject: Final call for consensus poll for IANA #409959 NAS-Port-Type value request
Thread-Topic: Final call for consensus poll for IANA #409959 NAS-Port-Type value request
Thread-Index: AcwUoY87yOeEstuvSo6vISljQJ5ggQ==
Message-ID: <9BC2F7926B33FE4AB10D69891D58FC1C5C72F203A9@GVW0671EXC.americas.hpqcorp.net>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_9BC2F7926B33FE4AB10D69891D58FC1C5C72F203A9GVW0671EXCame_"
MIME-Version: 1.0
--_000_9BC2F7926B33FE4AB10D69891D58FC1C5C72F203A9GVW0671EXCame_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
At this time we find ourselves with a mixed result between the in room sent=
iment at IETF 80 (which was negative to allocation) and the subsequent cons=
ensus poll (which was neutral/positive to allocation). As such, a final c=
onsensus poll is warranted to establish rough consensus in either direction=
.
Please respond to this email by May 24, 2011 with either a 'yes' (indicati=
ng allocation should occur) or a 'no' (indicating allocation should be deni=
ed). Please respond regardless of whether you commented at IETF 80 or to t=
he below consensus poll.
Thanks,
Mauricio
From: owner-radiusext@ops.ietf.org [mailto:owner-radiusext@ops.ietf.org] On=
Behalf Of Sanchez, Mauricio (HP Networking)
Sent: Friday, April 08, 2011 11:31 AM
To: 'radiusext@ops.ietf.org'
Subject: Consensus poll for IANA #409959 NAS-Port-Type value request
During IETF 80 one of the agenda topics discussed was whether to approve a =
request received by IANA for allocation of additional NAS-port-type values =
relating to Wimax as described below
Type of Assignment :
Nas-Port-Type values as follows:
TBD for WIMAX-3GPP-PRIF: WiMAX Pre-Release 8 IWK Function
TBD for WIMAX-WIFI-IWK: WiMAX WIFI Interworking
TBD for WIMAX-SFF: Signaling Forwarding Function for LTE/3GPP2.
TBD for WIMAX-HA-LMA: WiMAX HA and or LMA function.
TBD for WIMAX-DHCP : WIMAX DCHP service
TBD for WIMAX- LBS : WiMAX location based service
TBD for WIMAX-WVS : WiMAX voice service
The snippet of meeting notes relating to this topic are show below:
---- <meeting note snippet begin>---------------------------
Request for registration for NAS-port-type. Under 3575, falls under expert=
review. This request is for NAS-port-type relating to WiMax
- Stefan comments that there's already type for WiFi so not sure why anothe=
r one is needed, just one.
- Klaas comments that agrees with Stefan's comments.
- Nancy comments that looking at the current assignment is that there is on=
ly 1 allocation per mode.
- Bernard takes the general comment of only allocating one as the response =
to take back to the request. Given consensus here, will verify that opinio=
n in the reflector.
---- <meeting note snippet end>---------------------------
The sentiment in the room was clearly against approving this IANA request a=
nd at this time we would like to confirm this on the mailing list.
Please respond to this email and state whether you are in favor or against =
approving this IANA request.
Thanks,
MS
--_000_9BC2F7926B33FE4AB10D69891D58FC1C5C72F203A9GVW0671EXCame_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV=3D"Content-Type" CONTENT=
=3D"text/html; charset=3Dus-ascii"><meta name=3DGenerator content=3D"Micros=
oft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]--></head><body lang=3DEN-US link=3Dblue vli=
nk=3Dpurple><div class=3DWordSection1><p class=3DMsoNormal><span style=3D'c=
olor:#1F497D'>At this time we find ourselves with a mixed result between th=
e in room sentiment at IETF 80 (which was negative to allocation) and the s=
ubsequent consensus poll (which was neutral/positive to allocation). &=
nbsp; As such, a final consensus poll is warranted to establish rough conse=
nsus in either direction. <o:p></o:p></span></p><p class=3DMsoNormal>=
<span style=3D'color:#1F497D'><o:p> </o:p></span></p><p class=3DMsoNor=
mal><span style=3D'color:#1F497D'>Please respond to this email by May 24, 2=
011 with either a ‘yes’ (indicating allocation should occ=
ur) or a ‘no’ (indicating allocation should be denied). P=
lease respond regardless of whether you commented at IETF 80 or to the belo=
w consensus poll. <o:p></o:p></span></p><p class=3DMsoNormal><span st=
yle=3D'color:#1F497D'><o:p> </o:p></span></p><p class=3DMsoNormal><spa=
n style=3D'color:#1F497D'>Thanks,<o:p></o:p></span></p><p class=3DMsoNormal=
><span style=3D'color:#1F497D'>Mauricio <o:p></o:p></span></p><p class=3DMs=
oNormal><span style=3D'color:#1F497D'><o:p> </o:p></span></p><p class=
=3DMsoNormal><span style=3D'color:#1F497D'><o:p> </o:p></span></p><div=
><div style=3D'border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in=
0in 0in'><p class=3DMsoNormal><b><span style=3D'font-size:10.0pt;font-fami=
ly:"Tahoma","sans-serif"'>From:</span></b><span style=3D'font-size:10.0pt;f=
ont-family:"Tahoma","sans-serif"'> owner-radiusext@ops.ietf.org [mailto:own=
er-radiusext@ops.ietf.org] <b>On Behalf Of </b>Sanchez, Mauricio (HP Networ=
king)<br><b>Sent:</b> Friday, April 08, 2011 11:31 AM<br><b>To:</b> 'radius=
ext@ops.ietf.org'<br><b>Subject:</b> Consensus poll for IANA #409959 NAS-Po=
rt-Type value request<o:p></o:p></span></p></div></div><p class=3DMsoNormal=
><o:p> </o:p></p><p class=3DMsoNormal>During IETF 80 one of the agenda=
topics discussed was whether to approve a request received by IANA for all=
ocation of additional NAS-port-type values relating to Wimax as described b=
elow <o:p></o:p></p><p class=3DMsoNormal><o:p> </o:p></p><p class=3DMs=
oNormal>Type of Assignment :<br>Nas-Port-Type values as follows:<br>TBD for=
WIMAX-3GPP-PRIF: WiMAX Pre-Release 8 IWK Function<br>TBD for WI=
MAX-WIFI-IWK: WiMAX WIFI Interworking<br>TBD for WIMAX-SF=
F: Signaling Forwarding Function for LTE/3GPP2.<br>TBD for WIMAX=
-HA-LMA: WiMAX HA and or LMA function.<br>TBD for WI=
MAX-DHCP : WIMAX DCHP service<o:p></o:p></p><p class=3DMsoNormal>TBD for WI=
MAX- LBS : WiMAX location based service<br>TBD for WIMAX-WVS : W=
iMAX voice service<o:p></o:p></p><p class=3DMsoNormal><o:p> =
;</o:p></p><p class=3DMsoNormal>The snippet of meeting notes relating to th=
is topic are show below:<o:p></o:p></p><p class=3DMsoNormal><o:p> </o:=
p></p><p class=3DMsoNormal>---- <meeting note snippet begin>---------=
------------------<o:p></o:p></p><p class=3DMsoNormal><o:p> </o:p></p>=
<p class=3DMsoNormal>Request for registration for NAS-port-type. Unde=
r 3575, falls under expert review. This request is for NAS-port-type =
relating to WiMax<o:p></o:p></p><p class=3DMsoNormal>- Stefan comments that=
there’s already type for WiFi so not sure why another one is needed,=
just one.<o:p></o:p></p><p class=3DMsoNormal>- Klaas comments that agrees =
with Stefan’s comments.<o:p></o:p></p><p class=3DMsoNormal>- Nancy co=
mments that looking at the current assignment is that there is only 1 alloc=
ation per mode.<o:p></o:p></p><p class=3DMsoNormal>- Bernard takes the gene=
ral comment of only allocating one as the response to take back to the requ=
est. Given consensus here, will verify that opinion in the reflector.=
<o:p></o:p></p><p class=3DMsoNormal><o:p> </o:p></p><p class=3DMsoNorm=
al>---- <meeting note snippet end>---------------------------<o:p></o=
:p></p><p class=3DMsoNormal><o:p> </o:p></p><p class=3DMsoNormal>The s=
entiment in the room was clearly against approving this IANA request and at=
this time we would like to confirm this on the mailing list. <o:p></=
o:p></p><p class=3DMsoNormal><o:p> </o:p></p><p class=3DMsoNormal>Plea=
se respond to this email and state whether you are in favor or against appr=
oving this IANA request. <o:p></o:p></p><p class=3DMsoNormal><o:p>&nb=
sp;</o:p></p><p class=3DMsoNormal>Thanks,<o:p></o:p></p><p class=3DMsoNorma=
l>MS <o:p></o:p></p><p class=3DMsoNormal><o:p> </o:p></p></div></body>=
</html>=
--_000_9BC2F7926B33FE4AB10D69891D58FC1C5C72F203A9GVW0671EXCame_--
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data0@psg.com
Delivery-date: Tue, 17 May 2011 10:13:10 +0000
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: New RADEXT WG co-chair
Date: Tue, 17 May 2011 12:11:55 +0200
Message-ID: <EDC652A26FB23C4EB6384A4584434A04031E561F@307622ANEX5.global.avaya.com>
Thread-Topic: New RADEXT WG co-chair
Thread-Index: AcwUetmKGAQZH7CCSd2mi/Vk8zq0Yg==
From: "Romascanu, Dan (Dan)" <dromasca@avaya.com>
To: "radext mailing list" <radiusext@ops.ietf.org>
Hi,=20
Please Jouni Korhonen as the new co-chair of the RADEXT WG, replacing
Bernard Aboba.=20
Thanks again to Bernard for the exceptional service. I hope that his new
responsibilities will allow him enough time to remain a valuable
contributor.=20
Congratulations to Jouni. The nomination takes effect immediately. I
expect Jouni, Mauricio and Bernard to work a fast and smooth transition.
Thanks and Regards,
Dan=20
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data0@psg.com
Delivery-date: Fri, 13 May 2011 18:03:40 +0000
Message-ID: <blu152-w31708E042847350AE3F7C993880@phx.gbl>
Content-Type: multipart/alternative; boundary="_d1ef83fb-64f3-489d-a84b-a71d825d94e1_"
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: Stefan Winter <stefan.winter@restena.lu>, "radiusext@ops.ietf.org" <radiusext@ops.ietf.org>
CC: <trac+radext@zinfandel.tools.ietf.org>
Subject: RE: [radext] #93: Compliance with Crypto-Agility Requirements
Date: Fri, 13 May 2011 11:02:44 -0700
MIME-Version: 1.0
--_d1ef83fb-64f3-489d-a84b-a71d825d94e1_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
This material might be appropriate for inclusion in an Appendix so that it =
wouldn't clutter the main text.=20
Interesting point with respect to TLS_RSA_WITH_3DES_EDE_CBC_SHA. Since lat=
er TLS RFCs provide recommendations on implementations of algorithms that w=
ould be "Acceptable" with
no known deprecation date=2C would it make sense for the document to incorp=
orate that guidance (even though it only requires earlier versions of TLS)=
?=20
> Date: Fri=2C 13 May 2011 15:51:13 +0200
> From: stefan.winter@restena.lu
> To: radiusext@ops.ietf.org
> CC: trac+radext@zinfandel.tools.ietf.org=3B bernard_aboba@hotmail.com
> Subject: Re: [radext] #93: Compliance with Crypto-Agility Requirements
>=20
> Dear radext issue tracker=2C all=2C
>=20
> below is a discussion of all the requirements. It is somewhat verbose=3B =
I
> wonder if it should go into the document in its entirety or if a
> condensed "I believe it's allright" statement would be enough.
>=20
> Note that I'm not sure whether TLS_RSA_WITH_3DES_EDE_CBC_SHA is a
> two-key or a three-key 3DES algorithm. This condition would be the only
> one that could downgrade the proposal from "unconditionally compliant"
> to "conditionally compliant". Note also that there's a proposed
> mitigation for that in the text below.
>=20
> Here goes:
>=20
> The Requirements
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>=20
> 4.2: Security Services
>=20
> MUST support the negotiation of cryptographic algorithms for per-packet
> integrity/authentication protection.
> -> Check=2C TLS allows negotiation of cipher suites and thus cryptographi=
c
> algorithms.
>=20
> MUST support per-packet replay protection for all RADIUS message types.
> -> Check=2C TLS allows for replay protection.
>=20
> MUST specify mandatory-to-implement cryptographic algorithms for each
> defined mechanism.
> -> Check=2C see section 2.3.2
>=20
> MUST avoid security compromise=2C even in
> situations where the existing cryptographic algorithms utilized by
> RADIUS implementations are shown to be weak enough to provide little
> or no security
> -> Check=2C the RADIUS shared secret is of no cryptographic significance
>=20
> RECOMMENDED that mandatory-to-implement cryptographic
> algorithms be chosen from among those classified as "Acceptable" with
> no known deprecation date.
> -> UNKNOWN:
> The mandatory-to-implement alogrithm is TLS_RSA_WITH_3DES_EDE_CBC_SHA=2C
> is a three-key Triple DES Encryption and Decryption algorithm ** IS THIS
> TRUE??? **=2C
> which is classified as "Acceptable" without deprecation date in the
> document in question.
> Can be mitigated=3B TLS 1.2 makes TLS_RSA_WITH_AES_128_CBC_SHA
> mandatory-to-implement=2C
> which fulfills the NIST "Acceptable" in any case. Could raise TLS
> requirements to strictly 1.2 and above.
>=20
> RECOMMENDED that solutions provide support for confidentiality
> -> Check=2C encryption of entire RADIUS packets is supported.
>=20
> MUST support the negotiation of cryptographic algorithms for encryption.
> -> Check=2C TLS allows negotiation of cipher suites and thus cryptographi=
c
> algorithms.
>=20
> REQUIRED to generate fresh session keys for use between the RADIUS
> client and server
> -> Check=2C TLS session keys fulfill requirement.
>=20
> RECOMMENDED to support Perfect Forward Secrecy (PFS) with respect to
> session keys
> negotiated between the RADIUS client and server.
> -> Check=2C TLS supports PFS when negotiating appropriate ciphers.
>=20
> RECOMMENDED that a RADIUS crypto-agility solution
> support X.509 certificates for authentication between the NAS and
> RADIUS server.
> -> Check.
>=20
> SHOULD also support pre-shared key credentials.
> -> Check.
>=20
> 4.3: Backwards Compatibility
>=20
> MUST demonstrate backward compatibility with existing RADIUS
> implementations.
> -> Check=2C there are multiple implementations which support RADIUS and
> RADIUS/TLS=2C
> and can act as a translator between the two
>=20
> After legacy mechanisms have been compromised=2C secure algorithms MUST b=
e
> used=2C
> so that backward compatibility is no longer possible.
> -> Check=2C RADIUS clients always need to manually configured (IP and
> shared secret needed)=2C
> and can thus be de-configured after the compromise.
>=20
> 4.4: Interoperability and Change Control
>=20
> MUST indicate a willingness to cede change control to the IETF.
> -> Check=2C change control is at IETF.
>=20
> MUST be interoperable between independent implementations based purely
> on the
> information provided in the specification.
> -> Check=2C at least one implementation was created according to draft
> specs only.
>=20
> 4.5: Scope of Work
>=20
> Crypto-agility solutions MUST apply to all RADIUS packet types
> -> Check=2C crypto-agility is achieved on transport layer=2C and agnostic=
to
> RADIUS content.
>=20
> message data exchanged with Diameter SHOULD NOT be affected.
> -> Check=2C the solution is Diameter-agnostic.
>=20
> MUST discuss any inherent assumptions about=2C or limitations on=2C
> client/server operations or deployment
>=20
> -> Believed to be a check=2C as I don't think I have unarticulated
> assumptions in my head=2C
> hence nothing to be discussed.
>=20
> SHOULD provide recommendations for transition of deployments from legacy
> RADIUS to
> crypto-agile RADIUS.
> -> Check=2C see Security Considerations.
>=20
> Issues regarding cipher-suite negotiation=2C
> legacy interoperability and the potential for bidding down attacks=2C
> SHOULD be among these discussions.
> -> Check=2C see Security Considerations.
>=20
> 4.6: Applicability of Automated Key Management Requirements
>=20
> As a result=2C support for Automated Key Management is RECOMMENDED within=
a
> RADIUS crypto-agility solution.
> -> Check=3B TLS supports PFS and thus supports AKM.
>=20
> automated key management is REQUIRED for RADIUS crypto-agility
> solutions that use cryptographic modes of operation that require
> frequent key changes.
> -> Check.
>=20
>=20
>=20
> Am 29.04.2011 18:48=2C schrieb radext issue tracker:
> > #93: Compliance with Crypto-Agility Requirements
> >
> > The Crypto-Agility Requirements document now in WG last call (see
> > http://tools.ietf.org/html/draft-ietf-radext-crypto-agility-requiremen=
ts )
> > includes the following in Section 1.4:
> >
> > In the initial phase=2C crypto-agility solutions adopted by the wor=
king
> > group will be published on the Experimental Track. Experimental
> > Track documents should contain a description of experimental
> > deployments and implementations in progress=2C as well as an evalua=
tion
> > of the proposal against the requirements described in this document=
.
> >
> >
> > The RADSEC document currently does not include this information.
> >
>=20
>=20
> --=20
> Stefan WINTER
> Ingenieur de Recherche
> Fondation RESTENA - R=E9seau T=E9l=E9informatique de l'Education National=
e et de la Recherche
> 6=2C rue Richard Coudenhove-Kalergi
> L-1359 Luxembourg
>=20
> Tel: +352 424409 1
> Fax: +352 422473
>=20
>=20
=
--_d1ef83fb-64f3-489d-a84b-a71d825d94e1_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<style><!--
.hmmessage P
{
margin:0px=3B
padding:0px
}
body.hmmessage
{
font-size: 10pt=3B
font-family:Tahoma
}
--></style>
</head>
<body class=3D'hmmessage'>
This material might be appropriate for inclusion in an Appendix so that it =
wouldn't clutter the main text. <br><br>Interesting point with respect to T=
LS_RSA_WITH_3DES_EDE_CBC_SHA. =3B Since later TLS RFCs provide recommen=
dations on implementations of algorithms that would be "Acceptable" with<br=
>no known deprecation date=2C would it make sense for the document to incor=
porate that guidance (even though it only requires earlier versions of =
=3B TLS)? <br><br>>=3B Date: Fri=2C 13 May 2011 15:51:13 +0200<br>>=3B =
From: stefan.winter@restena.lu<br>>=3B To: radiusext@ops.ietf.org<br>>=
=3B CC: trac+radext@zinfandel.tools.ietf.org=3B bernard_aboba@hotmail.com<b=
r>>=3B Subject: Re: [radext] #93: Compliance with Crypto-Agility Requirem=
ents<br>>=3B <br>>=3B Dear radext issue tracker=2C all=2C<br>>=3B <br=
>>=3B below is a discussion of all the requirements. It is somewhat verbo=
se=3B I<br>>=3B wonder if it should go into the document in its entirety =
or if a<br>>=3B condensed "I believe it's allright" statement would be en=
ough.<br>>=3B <br>>=3B Note that I'm not sure whether TLS_RSA_WITH_3DES=
_EDE_CBC_SHA is a<br>>=3B two-key or a three-key 3DES algorithm. This con=
dition would be the only<br>>=3B one that could downgrade the proposal fr=
om "unconditionally compliant"<br>>=3B to "conditionally compliant". Note=
also that there's a proposed<br>>=3B mitigation for that in the text bel=
ow.<br>>=3B <br>>=3B Here goes:<br>>=3B <br>>=3B The Requirements<b=
r>>=3B =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<br>>=3B <br>>=
=3B 4.2: Security Services<br>>=3B <br>>=3B MUST support the negotiatio=
n of cryptographic algorithms for per-packet<br>>=3B integrity/authentica=
tion protection.<br>>=3B ->=3B Check=2C TLS allows negotiation of ciphe=
r suites and thus cryptographic<br>>=3B algorithms.<br>>=3B <br>>=3B =
MUST support per-packet replay protection for all RADIUS message types.<br>=
>=3B ->=3B Check=2C TLS allows for replay protection.<br>>=3B <br>>=
=3B MUST specify mandatory-to-implement cryptographic algorithms for each<b=
r>>=3B defined mechanism.<br>>=3B ->=3B Check=2C see section 2.3.2<br=
>>=3B <br>>=3B MUST avoid security compromise=2C even in<br>>=3B s=
ituations where the existing cryptographic algorithms utilized by<br>>=3B=
RADIUS implementations are shown to be weak enough to provide little<br=
>>=3B or no security<br>>=3B ->=3B Check=2C the RADIUS shared secr=
et is of no cryptographic significance<br>>=3B <br>>=3B RECOMMENDED tha=
t mandatory-to-implement cryptographic<br>>=3B algorithms be chosen fr=
om among those classified as "Acceptable" with<br>>=3B no known deprec=
ation date.<br>>=3B ->=3B UNKNOWN:<br>>=3B The mandatory-to-implement=
alogrithm is TLS_RSA_WITH_3DES_EDE_CBC_SHA=2C<br>>=3B is a three-key Tri=
ple DES Encryption and Decryption algorithm ** IS THIS<br>>=3B TRUE??? **=
=2C<br>>=3B which is classified as "Acceptable" without deprecation date =
in the<br>>=3B document in question.<br>>=3B Can be mitigated=3B TLS 1.=
2 makes TLS_RSA_WITH_AES_128_CBC_SHA<br>>=3B mandatory-to-implement=2C<br=
>>=3B which fulfills the NIST "Acceptable" in any case. Could raise TLS<b=
r>>=3B requirements to strictly 1.2 and above.<br>>=3B <br>>=3B RECOM=
MENDED that solutions provide support for confidentiality<br>>=3B ->=3B=
Check=2C encryption of entire RADIUS packets is supported.<br>>=3B <br>&=
gt=3B MUST support the negotiation of cryptographic algorithms for encrypti=
on.<br>>=3B ->=3B Check=2C TLS allows negotiation of cipher suites and =
thus cryptographic<br>>=3B algorithms.<br>>=3B <br>>=3B REQUIRED to g=
enerate fresh session keys for use between the RADIUS<br>>=3B client and =
server<br>>=3B ->=3B Check=2C TLS session keys fulfill requirement.<br>=
>=3B <br>>=3B RECOMMENDED to support Perfect Forward Secrecy (PFS) with=
respect to<br>>=3B session keys<br>>=3B negotiated between the RADIUS =
client and server.<br>>=3B ->=3B Check=2C TLS supports PFS when negotia=
ting appropriate ciphers.<br>>=3B <br>>=3B RECOMMENDED that a RADIUS cr=
ypto-agility solution<br>>=3B support X.509 certificates for authent=
ication between the NAS and<br>>=3B RADIUS server.<br>>=3B ->=3B=
Check.<br>>=3B <br>>=3B SHOULD also support pre-shared key credentials=
.<br>>=3B ->=3B Check.<br>>=3B <br>>=3B 4.3: Backwards Compatibilit=
y<br>>=3B <br>>=3B MUST demonstrate backward compatibility with existin=
g RADIUS<br>>=3B implementations.<br>>=3B ->=3B Check=2C there are mu=
ltiple implementations which support RADIUS and<br>>=3B RADIUS/TLS=2C<br>=
>=3B and can act as a translator between the two<br>>=3B <br>>=3B =
After legacy mechanisms have been compromised=2C secure algorithms MUST be<=
br>>=3B used=2C<br>>=3B so that backward compatibility is no longer pos=
sible.<br>>=3B ->=3B Check=2C RADIUS clients always need to manually co=
nfigured (IP and<br>>=3B shared secret needed)=2C<br>>=3B and can thus =
be de-configured after the compromise.<br>>=3B <br>>=3B 4.4: Interopera=
bility and Change Control<br>>=3B <br>>=3B MUST indicate a willingness =
to cede change control to the IETF.<br>>=3B ->=3B Check=2C change contr=
ol is at IETF.<br>>=3B <br>>=3B MUST be interoperable between independe=
nt implementations based purely<br>>=3B on the<br>>=3B information prov=
ided in the specification.<br>>=3B ->=3B Check=2C at least one implemen=
tation was created according to draft<br>>=3B specs only.<br>>=3B <br>&=
gt=3B 4.5: Scope of Work<br>>=3B <br>>=3B Crypto-agility solutions MUST=
apply to all RADIUS packet types<br>>=3B ->=3B Check=2C crypto-agility=
is achieved on transport layer=2C and agnostic to<br>>=3B RADIUS content=
.<br>>=3B <br>>=3B message data exchanged with Diameter SHOULD NOT be a=
ffected.<br>>=3B ->=3B Check=2C the solution is Diameter-agnostic.<br>&=
gt=3B <br>>=3B MUST discuss any inherent assumptions about=2C or limitati=
ons on=2C<br>>=3B client/server operations or deployment<br>>=3B <br>&g=
t=3B ->=3B Believed to be a check=2C as I don't think I have unarticulate=
d<br>>=3B assumptions in my head=2C<br>>=3B hence nothing to be disc=
ussed.<br>>=3B <br>>=3B SHOULD provide recommendations for transition o=
f deployments from legacy<br>>=3B RADIUS to<br>>=3B crypto-agile RAD=
IUS.<br>>=3B ->=3B Check=2C see Security Considerations.<br>>=3B <br>=
>=3B Issues regarding cipher-suite negotiation=2C<br>>=3B legacy int=
eroperability and the potential for bidding down attacks=2C<br>>=3B SH=
OULD be among these discussions.<br>>=3B ->=3B Check=2C see Security Co=
nsiderations.<br>>=3B <br>>=3B 4.6: Applicability of Automated Key Mana=
gement Requirements<br>>=3B <br>>=3B As a result=2C support for Automat=
ed Key Management is RECOMMENDED within a<br>>=3B RADIUS crypto-agilit=
y solution.<br>>=3B ->=3B Check=3B TLS supports PFS and thus supports A=
KM.<br>>=3B <br>>=3B automated key management is REQUIRED for RADIUS cr=
ypto-agility<br>>=3B solutions that use cryptographic modes of operati=
on that require<br>>=3B frequent key changes.<br>>=3B ->=3B Check.=
<br>>=3B <br>>=3B <br>>=3B <br>>=3B Am 29.04.2011 18:48=2C schrieb =
radext issue tracker:<br>>=3B >=3B #93: Compliance with Crypto-Agility =
Requirements<br>>=3B >=3B<br>>=3B >=3B The Crypto-Agility Requirem=
ents document now in WG last call (see<br>>=3B >=3B http://tools.ietf.=
org/html/draft-ietf-radext-crypto-agility-requirements )<br>>=3B >=3B =
includes the following in Section 1.4:<br>>=3B >=3B<br>>=3B >=3B =
In the initial phase=2C crypto-agility solutions adopted by the working<b=
r>>=3B >=3B group will be published on the Experimental Track. Exp=
erimental<br>>=3B >=3B Track documents should contain a description=
of experimental<br>>=3B >=3B deployments and implementations in pr=
ogress=2C as well as an evaluation<br>>=3B >=3B of the proposal aga=
inst the requirements described in this document.<br>>=3B >=3B<br>>=
=3B >=3B<br>>=3B >=3B The RADSEC document currently does not include=
this information.<br>>=3B >=3B<br>>=3B <br>>=3B <br>>=3B -- <br>=
>=3B Stefan WINTER<br>>=3B Ingenieur de Recherche<br>>=3B Fondation R=
ESTENA - R=E9seau T=E9l=E9informatique de l'Education Nationale et de la Re=
cherche<br>>=3B 6=2C rue Richard Coudenhove-Kalergi<br>>=3B L-1359 Luxe=
mbourg<br>>=3B <br>>=3B Tel: +352 424409 1<br>>=3B Fax: +352 422473<b=
r>>=3B <br>>=3B <br> </body>
</html>=
--_d1ef83fb-64f3-489d-a84b-a71d825d94e1_--
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data0@psg.com
Delivery-date: Fri, 13 May 2011 13:51:56 +0000
Message-ID: <4DCD3751.8050807@restena.lu>
Date: Fri, 13 May 2011 15:51:13 +0200
From: Stefan Winter <stefan.winter@restena.lu>
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.9.2.17) Gecko/20110414 Lightning/1.0b2 Thunderbird/3.1.10
MIME-Version: 1.0
To: radiusext@ops.ietf.org
CC: radext issue tracker <trac+radext@zinfandel.tools.ietf.org>, bernard_aboba@hotmail.com
Subject: Re: [radext] #93: Compliance with Crypto-Agility Requirements
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigF05D2C03D61F3FB2081A5336"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigF05D2C03D61F3FB2081A5336
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Dear radext issue tracker, all,
below is a discussion of all the requirements. It is somewhat verbose; I
wonder if it should go into the document in its entirety or if a
condensed "I believe it's allright" statement would be enough.
Note that I'm not sure whether TLS_RSA_WITH_3DES_EDE_CBC_SHA is a
two-key or a three-key 3DES algorithm. This condition would be the only
one that could downgrade the proposal from "unconditionally compliant"
to "conditionally compliant". Note also that there's a proposed
mitigation for that in the text below.
Here goes:
The Requirements
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
4.2: Security Services
MUST support the negotiation of cryptographic algorithms for per-packet
integrity/authentication protection.
-> Check, TLS allows negotiation of cipher suites and thus cryptographic
algorithms.
MUST support per-packet replay protection for all RADIUS message types.
-> Check, TLS allows for replay protection.
MUST specify mandatory-to-implement cryptographic algorithms for each
defined mechanism.
-> Check, see section 2.3.2
MUST avoid security compromise, even in
situations where the existing cryptographic algorithms utilized by
RADIUS implementations are shown to be weak enough to provide little
or no security
-> Check, the RADIUS shared secret is of no cryptographic significance
RECOMMENDED that mandatory-to-implement cryptographic
algorithms be chosen from among those classified as "Acceptable" with
no known deprecation date.
-> UNKNOWN:
The mandatory-to-implement alogrithm is TLS_RSA_WITH_3DES_EDE_CBC_SHA,
is a three-key Triple DES Encryption and Decryption algorithm ** IS THIS
TRUE??? **,
which is classified as "Acceptable" without deprecation date in the
document in question.
Can be mitigated; TLS 1.2 makes TLS_RSA_WITH_AES_128_CBC_SHA
mandatory-to-implement,
which fulfills the NIST "Acceptable" in any case. Could raise TLS
requirements to strictly 1.2 and above.
RECOMMENDED that solutions provide support for confidentiality
-> Check, encryption of entire RADIUS packets is supported.
MUST support the negotiation of cryptographic algorithms for encryption.
-> Check, TLS allows negotiation of cipher suites and thus cryptographic
algorithms.
REQUIRED to generate fresh session keys for use between the RADIUS
client and server
-> Check, TLS session keys fulfill requirement.
RECOMMENDED to support Perfect Forward Secrecy (PFS) with respect to
session keys
negotiated between the RADIUS client and server.
-> Check, TLS supports PFS when negotiating appropriate ciphers.
RECOMMENDED that a RADIUS crypto-agility solution
support X.509 certificates for authentication between the NAS and
RADIUS server.
-> Check.
SHOULD also support pre-shared key credentials.
-> Check.
4.3: Backwards Compatibility
MUST demonstrate backward compatibility with existing RADIUS
implementations.
-> Check, there are multiple implementations which support RADIUS and
RADIUS/TLS,
and can act as a translator between the two
After legacy mechanisms have been compromised, secure algorithms MUST be
used,
so that backward compatibility is no longer possible.
-> Check, RADIUS clients always need to manually configured (IP and
shared secret needed),
and can thus be de-configured after the compromise.
4.4: Interoperability and Change Control
MUST indicate a willingness to cede change control to the IETF.
-> Check, change control is at IETF.
MUST be interoperable between independent implementations based purely
on the
information provided in the specification.
-> Check, at least one implementation was created according to draft
specs only.
4.5: Scope of Work
Crypto-agility solutions MUST apply to all RADIUS packet types
-> Check, crypto-agility is achieved on transport layer, and agnostic to
RADIUS content.
message data exchanged with Diameter SHOULD NOT be affected.
-> Check, the solution is Diameter-agnostic.
MUST discuss any inherent assumptions about, or limitations on,
client/server operations or deployment
-> Believed to be a check, as I don't think I have unarticulated
assumptions in my head,
hence nothing to be discussed.
SHOULD provide recommendations for transition of deployments from legacy
RADIUS to
crypto-agile RADIUS.
-> Check, see Security Considerations.
Issues regarding cipher-suite negotiation,
legacy interoperability and the potential for bidding down attacks,
SHOULD be among these discussions.
-> Check, see Security Considerations.
4.6: Applicability of Automated Key Management Requirements
As a result, support for Automated Key Management is RECOMMENDED within a=
RADIUS crypto-agility solution.
-> Check; TLS supports PFS and thus supports AKM.
automated key management is REQUIRED for RADIUS crypto-agility
solutions that use cryptographic modes of operation that require
frequent key changes.
-> Check.
Am 29.04.2011 18:48, schrieb radext issue tracker:
> #93: Compliance with Crypto-Agility Requirements
>
> The Crypto-Agility Requirements document now in WG last call (see
> http://tools.ietf.org/html/draft-ietf-radext-crypto-agility-requiremen=
ts )
> includes the following in Section 1.4:
>
> In the initial phase, crypto-agility solutions adopted by the worki=
ng
> group will be published on the Experimental Track. Experimental
> Track documents should contain a description of experimental
> deployments and implementations in progress, as well as an evaluati=
on
> of the proposal against the requirements described in this document=
=2E
>
>
> The RADSEC document currently does not include this information.
>
--=20
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - R=C3=A9seau T=C3=A9l=C3=A9informatique de l'Education=
Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
--------------enigF05D2C03D61F3FB2081A5336
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk3NN1UACgkQ+jm90f8eFWbEKQCfWiVJ3EvLU8XX0rrpoWmcUBO9
+j8AmwSvpyDJgN4swCfFep/uNT6Psl18
=KtSJ
-----END PGP SIGNATURE-----
--------------enigF05D2C03D61F3FB2081A5336--
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data0@psg.com
Delivery-date: Fri, 13 May 2011 12:42:24 +0000
Message-ID: <4DCD26E5.3040402@restena.lu>
Date: Fri, 13 May 2011 14:41:09 +0200
From: Stefan Winter <stefan.winter@restena.lu>
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.9.2.17) Gecko/20110414 Lightning/1.0b2 Thunderbird/3.1.10
MIME-Version: 1.0
To: Jacni Qin <jacniq@gmail.com>
CC: radiusext@ops.ietf.org
Subject: Re: Some comments on draft-winter-radext-fancyaccounting-00
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigB5179FEB34EBA2BE276A1569"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigB5179FEB34EBA2BE276A1569
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Hi,
> Jacni>: While we opened the door in this way for additional IANA
> activities. I have a fear that everytime we will need to request a
> value for -id,
> then give the recommended definition of -name accordingly, and vise
> versa? ;-)
I understand your concerns. Another option to do this properly would be
to use RFC5777 - it allows traffic filter, QoS, or even time-of-day
definitions. That should cover a lot of use cases.
The obvious drawback (is it a serious one?) is that it pulls in Diameter
attribute format, which might mean it's not very easy to implement in a
RADIUS server.
I wonder what people think of this...
> I don't see an issue with that unless one would want to have differ=
ent
> session Id's for different traffic groups in the same accounting
> ticket
> - but I have a hard time thinking of a reason for that; after all a=
ll
> the counted Octets and Packets belong to the same user session,
> and can
> thus share the same session id.
>
>
> Jacni>: For example, two clasess v4 and v6, over single access service,=
> there may be cases that the dynamic QoS or bandwidth policy changes
> (class-specific)
> are requested by users,say, through portal, then initiate/executed by
> the server side, the
> -id is needed.
I'm not sure I understand what you mean. Let me construct an example.
Did you mean
- User logs in over single PPPoE session, gets dual stack connectivity
- NAS has Accounting ID 0xf00ba, and two accounting classes, one for v4
and one for v6
- mid-session, IPv6 gets new QoS parameters (DSCP -> higher) and needs
to be billed separately from that moment on
If that's the use case, I still don't see why the accounting ID would
need to be different from the initially allocated one. It's still the
same session, and thus the same session ID.
An accounting packet could start with two accounting blocks:
IPv4 - DSCP 0
IPv6 - DSCP 0
and when the change happened, adds the third block for traffic class
IPv6 - DSCP x
The block "IPv6 - DSCP 0" will stop incrementing at that point, because
all subsequent traffic will be DSCP x. But it can still be there, and
accurate billing can be produced from it - so no reason why a
Acct-packet-global accounting ID would be insufficient.
Or maybe I got your use case wrong :-)
Stefan
>
>
> Cheers,
> Jacni
>
>
> Greetings,
>
> Stefan Winter
>
> --
> Stefan WINTER
> Ingenieur de Recherche
> Fondation RESTENA - R=E9seau T=E9l=E9informatique de l'Education
> Nationale et de la Recherche
> 6, rue Richard Coudenhove-Kalergi
> L-1359 Luxembourg
>
> Tel: +352 424409 1
> Fax: +352 422473
>
>
>
--=20
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - R=E9seau T=E9l=E9informatique de l'Education National=
e et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
--------------enigB5179FEB34EBA2BE276A1569
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk3NJukACgkQ+jm90f8eFWY0EQCfVyrT2osnmuVH/8VVOMCPnOOe
EvwAmgNhqRkqMobfBlt4QcR7ZMXqe7nu
=echz
-----END PGP SIGNATURE-----
--------------enigB5179FEB34EBA2BE276A1569--
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data0@psg.com
Delivery-date: Wed, 11 May 2011 20:53:13 +0000
Message-ID: <BLU152-w4D5FC2B4EB63E5811B32C93860@phx.gbl>
Content-Type: multipart/alternative; boundary="_31550d55-4766-4d62-814b-0ba6132bf3ff_"
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: "radiusext@ops.ietf.org" <radiusext@ops.ietf.org>
Subject: Wrapping up draft-ietf-radext-ipv6-access
Date: Wed, 11 May 2011 13:52:11 -0700
MIME-Version: 1.0
--_31550d55-4766-4d62-814b-0ba6132bf3ff_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
TRAC shows that there are three open issues on this document (#61=2C 69 and=
71):
http://trac.tools.ietf.org/wg/radext/trac/report/1
>From previous discussion=2C it would appear some of these issues may either=
be closed or have open proposals on the table.=20
Can the authors update the issue list in TRAC and provide us with an update=
on the status of this document?=20
As soon as the WG last call issues are closed=2C this document can be sent =
to the IESG for publication.=20
=
--_31550d55-4766-4d62-814b-0ba6132bf3ff_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<style><!--
.hmmessage P
{
margin:0px=3B
padding:0px
}
body.hmmessage
{
font-size: 10pt=3B
font-family:Tahoma
}
--></style>
</head>
<body class=3D'hmmessage'>
TRAC shows that there are three open issues on this document (#61=2C 69 and=
71):<br>http://trac.tools.ietf.org/wg/radext/trac/report/1<br><br>From pre=
vious discussion=2C it would appear some of these issues may either be clos=
ed or have open proposals on the table. <br><br>Can the authors update the =
issue list in TRAC and provide us with an update on the status of this docu=
ment? <br><br>As soon as the WG last call issues are closed=2C this documen=
t can be sent to the IESG for publication. <br> </body>
</html>=
--_31550d55-4766-4d62-814b-0ba6132bf3ff_--
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data0@psg.com
Delivery-date: Thu, 05 May 2011 17:20:36 +0000
Message-ID: <BLU152-w24645FDF28BF58CA95D4EE93800@phx.gbl>
Content-Type: multipart/alternative; boundary="_4aa060ff-223f-4e64-9437-411e29fd51f5_"
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: "radiusext@ops.ietf.org" <radiusext@ops.ietf.org>
Subject: Conclusion of RADEXT WG last call on "TLS Encryption for RADIUS"
Date: Thu, 5 May 2011 10:20:15 -0700
MIME-Version: 1.0
--_4aa060ff-223f-4e64-9437-411e29fd51f5_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
RADEXT WG last call has concluded on "TLS Encryption for RADIUS". =20
1 issue was filed (#93)=2C which remains open.=20
=
--_4aa060ff-223f-4e64-9437-411e29fd51f5_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<style><!--
.hmmessage P
{
margin:0px=3B
padding:0px
}
body.hmmessage
{
font-size: 10pt=3B
font-family:Tahoma
}
--></style>
</head>
<body class=3D'hmmessage'>
RADEXT WG last call has concluded on "TLS Encryption for RADIUS". =3B <=
br><br>1 issue was filed (#93)=2C which remains open. <br> </bod=
y>
</html>=
--_4aa060ff-223f-4e64-9437-411e29fd51f5_--
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data0@psg.com
Delivery-date: Thu, 05 May 2011 17:19:46 +0000
Message-ID: <BLU152-w5429A08EE6702BDB9C47B493800@phx.gbl>
Content-Type: multipart/alternative; boundary="_78dcf820-8c87-43e3-a169-a2317c7335da_"
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: "radiusext@ops.ietf.org" <radiusext@ops.ietf.org>
Subject: Conclusion of RADEXT WG last call on "Crypto-Agility Requirements for RADIUS"
Date: Thu, 5 May 2011 10:17:52 -0700
MIME-Version: 1.0
--_78dcf820-8c87-43e3-a169-a2317c7335da_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
RADEXT WG last call has concluded on "Crypto-Agility Requirements for RADIU=
S".=20
4 issues were submitted (#95-98)=2C all of which were resolved in -06. =20
=
--_78dcf820-8c87-43e3-a169-a2317c7335da_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<style><!--
.hmmessage P
{
margin:0px=3B
padding:0px
}
body.hmmessage
{
font-size: 10pt=3B
font-family:Tahoma
}
--></style>
</head>
<body class=3D'hmmessage'>
RADEXT WG last call has concluded on "Crypto-Agility Requirements for RADIU=
S". <br><br>4 issues were submitted (#95-98)=2C all of which were resolved =
in -06. =3B <br> </body>
</html>=
--_78dcf820-8c87-43e3-a169-a2317c7335da_--
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data0@psg.com
Delivery-date: Mon, 02 May 2011 05:51:09 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: "radext issue tracker" <trac+radext@zinfandel.tools.ietf.org>
Cc: radiusext@ops.ietf.org
Auto-Submitted: auto-generated
To: bernard_aboba@hotmail.com
Date: Mon, 02 May 2011 05:50:57 -0000
Reply-To: radiusext@ops.ietf.org
Subject: Re: [radext] #98: Section 4.2
Message-ID: <075.109f8e73177d3380dfb80b99b7e8bd56@trac.tools.ietf.org>
#98: Section 4.2
Changes (by bernard_aboba@…):
* status: new => closed
* resolution: => fixed
--
---------------------------------------+------------------------------------
Reporter: bernard_aboba@… | Owner:
Type: defect | Status: closed
Priority: major | Milestone: milestone1
Component: Crypto-Agility | Version: 1.0
Severity: In WG Last Call | Resolution: fixed
Keywords: |
---------------------------------------+------------------------------------
Ticket URL: <https://wiki.tools.ietf.org/wg/radext/trac/ticket/98#comment:1>
radext <http://tools.ietf.org/radext/>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data0@psg.com
Delivery-date: Mon, 02 May 2011 05:50:20 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: "radext issue tracker" <trac+radext@zinfandel.tools.ietf.org>
Cc: radiusext@ops.ietf.org
Auto-Submitted: auto-generated
To: bernard_aboba@hotmail.com
Date: Mon, 02 May 2011 05:50:07 -0000
Reply-To: radiusext@ops.ietf.org
Subject: Re: [radext] #95: Section 4.2
Message-ID: <075.f8ad16dd397dae7e6258e6bddc2d58c2@trac.tools.ietf.org>
#95: Section 4.2
Changes (by bernard_aboba@…):
* status: new => closed
* resolution: => fixed
--
---------------------------------------+------------------------------------
Reporter: bernard_aboba@… | Owner:
Type: defect | Status: closed
Priority: major | Milestone: milestone1
Component: Crypto-Agility | Version: 1.0
Severity: In WG Last Call | Resolution: fixed
Keywords: |
---------------------------------------+------------------------------------
Ticket URL: <http://trac.tools.ietf.org/wg/radext/trac/ticket/95#comment:1>
radext <http://tools.ietf.org/radext/>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data0@psg.com
Delivery-date: Mon, 02 May 2011 05:49:37 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: "radext issue tracker" <trac+radext@zinfandel.tools.ietf.org>
Cc: radiusext@ops.ietf.org
Auto-Submitted: auto-generated
To: bernard_aboba@hotmail.com
Date: Mon, 02 May 2011 05:49:26 -0000
Reply-To: radiusext@ops.ietf.org
Subject: Re: [radext] #96: Informative and Normative references
Message-ID: <075.dfa2ee14eaff66ba7c070445ec6b65ba@trac.tools.ietf.org>
#96: Informative and Normative references
Changes (by bernard_aboba@…):
* status: new => closed
* resolution: => fixed
--
---------------------------------------+------------------------------------
Reporter: bernard_aboba@… | Owner:
Type: defect | Status: closed
Priority: minor | Milestone: milestone1
Component: Crypto-Agility | Version: 1.0
Severity: In WG Last Call | Resolution: fixed
Keywords: |
---------------------------------------+------------------------------------
Ticket URL: <http://trac.tools.ietf.org/wg/radext/trac/ticket/96#comment:1>
radext <http://tools.ietf.org/radext/>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data0@psg.com
Delivery-date: Mon, 02 May 2011 05:49:32 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: "radext issue tracker" <trac+radext@zinfandel.tools.ietf.org>
Cc: radiusext@ops.ietf.org
Auto-Submitted: auto-generated
To: bernard_aboba@hotmail.com
Date: Mon, 02 May 2011 05:48:49 -0000
Reply-To: radiusext@ops.ietf.org
Subject: Re: [radext] #97: Section 1.4
Message-ID: <075.827ea2b3291549a22da107fd8b0a9e6e@trac.tools.ietf.org>
#97: Section 1.4
Changes (by bernard_aboba@…):
* status: new => closed
* resolution: => fixed
--
---------------------------------------+------------------------------------
Reporter: bernard_aboba@… | Owner:
Type: defect | Status: closed
Priority: minor | Milestone: milestone1
Component: Crypto-Agility | Version: 1.0
Severity: In WG Last Call | Resolution: fixed
Keywords: |
---------------------------------------+------------------------------------
Ticket URL: <http://rsync.tools.ietf.org/wg/radext/trac/ticket/97#comment:1>
radext <http://tools.ietf.org/radext/>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data0@psg.com
Delivery-date: Mon, 02 May 2011 04:16:28 +0000
MIME-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
From: Internet-Drafts@ietf.org
To: i-d-announce@ietf.org
Cc: radiusext@ops.ietf.org
Subject: I-D Action:draft-ietf-radext-crypto-agility-requirements-06.txt
Message-ID: <20110502041501.6417.10379.idtracker@ietfa.amsl.com>
Date: Sun, 01 May 2011 21:15:01 -0700
--NextPart
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the RADIUS EXTensions Working Group of the IETF.
Title : Crypto-Agility Requirements for Remote Dial-In User Service (RADIUS)
Author(s) : D. Nelson
Filename : draft-ietf-radext-crypto-agility-requirements-06.txt
Pages : 12
Date : 2011-05-01
This memo describes the requirements for a crypto-agility solution
for Remote Authentication Dial-In User Service (RADIUS).
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-radext-crypto-agility-requirements-06.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
--NextPart
Content-Type: Message/External-body;
name="draft-ietf-radext-crypto-agility-requirements-06.txt";
site="ftp.ietf.org"; access-type="anon-ftp";
directory="internet-drafts"
Content-Type: text/plain
Content-ID: <2011-05-01211000.I-D@ietf.org>
--NextPart--
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data0@psg.com
Delivery-date: Sun, 01 May 2011 20:07:16 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: "radext issue tracker" <trac+radext@zinfandel.tools.ietf.org>
Cc: radiusext@ops.ietf.org
Auto-Submitted: auto-generated
To: bernard_aboba@hotmail.com
Date: Sun, 01 May 2011 20:07:05 -0000
Reply-To: radiusext@ops.ietf.org
Subject: [radext] #98: Section 4.2
Message-ID: <066.f30538a1ea8ad5a6beb3c5c079e07544@trac.tools.ietf.org>
#98: Section 4.2
Section 4.2 includes the following:
Prevent the Domino effect
In order to prevent the domino effect, RADIUS crypto-agility
solutions MUST enable each RADIUS client and server pair to
authenticate utilizing unique credentials.
[BA] This seems like a meaningless requirement. Recommend it be deleted.
--
---------------------------------------+------------------------------------
Reporter: bernard_aboba@… | Owner:
Type: defect | Status: new
Priority: major | Milestone: milestone1
Component: Crypto-Agility | Version: 1.0
Severity: In WG Last Call | Keywords:
---------------------------------------+------------------------------------
Ticket URL: <http://trac.tools.ietf.org/wg/radext/trac/ticket/98>
radext <http://tools.ietf.org/radext/>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data0@psg.com
Delivery-date: Sun, 01 May 2011 20:05:31 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: "radext issue tracker" <trac+radext@zinfandel.tools.ietf.org>
Cc: radiusext@ops.ietf.org
Auto-Submitted: auto-generated
To: bernard_aboba@hotmail.com
Date: Sun, 01 May 2011 20:05:08 -0000
Reply-To: radiusext@ops.ietf.org
Subject: [radext] #97: Section 1.4
Message-ID: <066.8595e994028cb93060db482c96d5ec64@trac.tools.ietf.org>
#97: Section 1.4
Section 1.4 is unclear as to the process for publication of experimental
vs. standards track documents.
Proposed change is as follows:
1.4. Publication Process
RADIUS [RFC2865] is a widely deployed protocol that has attained
Draft Standard status based on multiple independent interoperable
implementations. Therefore it is desirable that a high level of
interoperability be maintained for crypto-agility solutions.
To ensure that crypto-agility solutions published on the standards
track are well specified and interoperable, the RADEXT WG has adopted
a two phase process for standards-track publication of crypto-agility
solutions.
In the initial phase, crypto-agility solutions adopted by the working
group will be published as Experimental. These documents should
contain a description of the implementations and experimental
deployments in progress, as well as an evaluation of the proposal
against the requirements described in this document.
The working group will then select proposals to advance on the
standards track. Criteria to be used include evaluation of the
proposal against the requirements, summary of the experimental
deployment experience and evidence of multiple interoperable
implementations.
--
---------------------------------------+------------------------------------
Reporter: bernard_aboba@… | Owner:
Type: defect | Status: new
Priority: minor | Milestone: milestone1
Component: Crypto-Agility | Version: 1.0
Severity: In WG Last Call | Keywords:
---------------------------------------+------------------------------------
Ticket URL: <http://trac.tools.ietf.org/wg/radext/trac/ticket/97>
radext <http://tools.ietf.org/radext/>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data0@psg.com
Delivery-date: Sun, 01 May 2011 19:54:34 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: "radext issue tracker" <trac+radext@zinfandel.tools.ietf.org>
Cc: radiusext@ops.ietf.org
Auto-Submitted: auto-generated
To: bernard_aboba@hotmail.com
Date: Sun, 01 May 2011 19:54:16 -0000
Reply-To: radiusext@ops.ietf.org
Subject: [radext] #96: Informative and Normative references
Message-ID: <066.32fddc3a61aea4b8db33d0689a68de4d@trac.tools.ietf.org>
#96: Informative and Normative references
Currently all references in the document are Informative. Recommended
change is to separate normative and informative references within Section
8 as follows:
8. References
8.1. Normative References
[NIST-SP800-131A]
Barker, E. and A. Roginsky, "Transitions: Recommendation for
Transitioning the Use of Cryptographic Algorithms and Key
Lengths", NIST SP-800-131A, January 2011.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote
Authentication Dial In User Service (RADIUS)", RFC 2865, June
2000.
[RFC4107] Bellovin, S. and R. Housley, "Guidelines for Cryptographic Key
Management", BCP 107, RFC 4107, June 2005.
[RFC4962] Housley, R. and B. Aboba, "Guidance for Authentication,
Authorization, and Accounting (AAA) Key Management", BCP 132,
RFC 4962, July 2007.
[RFC6151] Turner, S. and L. Chen, "Updated Security Considerations for
the MD5 Message-Digest and the HMAC-MD5 Algorithms", RFC 6151,
March 2011.
[RFC6158] DeKok, A., "RADIUS Design Guidelines", BCP 158, RFC 6158,
March 2011.
8.2. Informative References
[RADYN] Winter, S. and M. McCauley, "NAI-based Dynamic Peer Discovery
for RADIUS over TLS and DTLS", Internet draft (work in
progress), draft-ietf-radext-dynamic-discovery-02, March 2010.
[RFC2548] Zorn, G., "Microsoft Vendor-specific RADIUS Attributes", RFC
2548, March 1999.
[RFC2868] Zorn, G., Leifer, D., Rubens, A., Shriver, J., Holdrege, M.
and I. Goyret, "RADIUS Attributes for Tunnel Protocol
Support", RFC 2868, June 2000.
[RFC3162] Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6", RFC
3162, August 2001.
[RFC3579] Aboba, B. and P. Calhoun, "RADIUS (Remote Authentication Dial
In User Service) Support For Extensible Authentication
Protocol (EAP)", RFC 3579, September 2003.
[RFC5997] DeKok, A., "Use of Status-Server Packets in the Remote
Authentication Dialin User Service (RADIUS) Protocol", RFC
5997, August 2010.
--
---------------------------------------+------------------------------------
Reporter: bernard_aboba@… | Owner:
Type: defect | Status: new
Priority: minor | Milestone: milestone1
Component: Crypto-Agility | Version: 1.0
Severity: In WG Last Call | Keywords:
---------------------------------------+------------------------------------
Ticket URL: <http://rsync.tools.ietf.org/wg/radext/trac/ticket/96>
radext <http://tools.ietf.org/radext/>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data0@psg.com
Delivery-date: Sun, 01 May 2011 19:48:01 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: "radext issue tracker" <trac+radext@zinfandel.tools.ietf.org>
Cc: radiusext@ops.ietf.org
Auto-Submitted: auto-generated
To: bernard_aboba@hotmail.com
Date: Sun, 01 May 2011 19:47:06 -0000
Reply-To: radiusext@ops.ietf.org
Subject: [radext] #95: Section 4.2
Message-ID: <066.da6c1034246b29354f5146b95f877897@trac.tools.ietf.org>
#95: Section 4.2
Section 4.2 is not clear what kind of public key credentials are to be
supported (e.g. X.509 certificates, public keys without certs, etc.).
Also, it is not clear whether dynamic discovery is a normative requirement
or whether another discovery mechanism could be used (such as manual
configuration).
Proposed change:
Limit key scope
In order to enable a NAS and RADIUS server to exchange confidential
information such as keying material without disclosure to third
parties, it is RECOMMENDED that a RADIUS crypto-agility solution
support X.509 certificates for authentication between the NAS and
RADIUS server. Manual configuration as well as automated discovery
mechanisms such as NAI-based Dynamic Peer Discovery [RADYN] can be
used to enable direct NAS-RADIUS server communications. Support
for end-to-end confidentiality of RADIUS attributes is not
required.
For compatibility with existing operations, RADIUS crypto-agility
solutions SHOULD also support pre-shared key credentials. However,
support for direct communications between the NAS and RADIUS server
is not required when pre-shared key credentials are used.
--
---------------------------------------+------------------------------------
Reporter: bernard_aboba@… | Owner:
Type: defect | Status: new
Priority: major | Milestone: milestone1
Component: Crypto-Agility | Version: 1.0
Severity: In WG Last Call | Keywords:
---------------------------------------+------------------------------------
Ticket URL: <http://trac.tools.ietf.org/wg/radext/trac/ticket/95>
radext <http://tools.ietf.org/radext/>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data0@psg.com
Delivery-date: Sun, 01 May 2011 00:36:34 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=RvxJGUmD97Y6UzAhKjzloqi3NRegvGligqEG3xVLeXQ=; b=kkMhg+CBHlDHeN1SmT57piPkVCFt2EzAzwOUt1F/P0TY8mHNbxxJNPVfHtIBpzNRMF N/Q93rkwmB/KTHnw/zum33SOhf91s+voTvISppQsABAFcW5FbmoIjDWVtzTCR9gnId9v PFMxWqc0IBHa+qPlcTVqOFG/Sga+vo+edZ1aM=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=n6S0NcN4a8DIV0jAdcjEmCjIWIn2bfPOs1a8WlRu663mKBE0P0MUDFvKj1LQUuR23z 3WtKsFV5/qme8mZnDM5Y1jSFdQc+fw3roeLE2KczhQptBpi2w3ZpLK0bNNADRRlkQv7m 1Y1UVOD9+yCREOVmRVOhtLMns//GWjmAOyyKs=
MIME-Version: 1.0
Date: Sun, 1 May 2011 08:36:19 +0800
Message-ID: <BANLkTimYvA6+evA9C0t1V0ZeB1D+H05drQ@mail.gmail.com>
Subject: Re: Some comments on draft-winter-radext-fancyaccounting-00
From: Jacni Qin <jacniq@gmail.com>
To: Stefan Winter <stefan.winter@restena.lu>
Cc: radiusext@ops.ietf.org
Content-Type: multipart/alternative; boundary=20cf3071c6fe757aba04a22c187c
--20cf3071c6fe757aba04a22c187c
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
hi,
Sorry for my late reply,
On Wed, Apr 27, 2011 at 5:52 PM, Stefan Winter <stefan.winter@restena.lu>wr=
ote:
> Hi,
>
> > I skimed the draft and got some comments, see below please.
> >
> > * "Section 2.2.1.Acct-Traffic-Class-Id attribute" seems to be
> > redundant, I perfer to only keep the Name attribute which is STRING
> > formatted and defined by BNG (configurable). The traffic classes are
> > specified based on the capability of the BNG. No further IANA
> > activities are needed in the future.
>
> It's true that any value expressed in -Id could also be formulated in a
> string in -Name. However, naming conventions for the string are likely
> to differ, so I would prefer to have controlled vocabulary at least for
> more common use cases - like DSCP classes or IP versions, as in the draft=
.
>
Jacni>: While we opened the door in this way for additional IANA
activities. I have a fear that everytime we will need to request a value fo=
r
-id,
then give the recommended definition of -name accordingly, and vise versa?
;-)
> Another option would be to follow Alan's comment regarding
> NAS-Filter-Rule naming. I'm not much of fan of this, because the first
> examples which came to my mind: IP versions, DSCP values, don't sit
> together in IPFilterRule (which is the basis for NAS-Filter-Rule). Only
> IP versions could be expressed as a filter with NAS-Filter-Rule, but
> DSCP is a Diameter QoSFilterRule - which can't be expressed in
> NAS-Filter-Rule (I'll be happy to be corrected if I'm wrong here).
>
> > * An attribute similar to Type#44 Acct-Session-Id is necessary, since
> > this is widely implemented in practice, for example, as an
> > identification of user for policy changes initiated by AAA server.
> > Name it "Acct-Traffic-Class-Id"? But the value should be a random
> > number assigned by BNG. Some other attributes may also need to be
> > considered.
>
> The example in the draft only shows a fragment of the entire Accounting
> packet. The Accounting packet will be able to contain the
> Acct-Session-Id, and then additionally one or more groups of
> Accounting-Traffic-Group.
>
> I don't see an issue with that unless one would want to have different
> session Id's for different traffic groups in the same accounting ticket
> - but I have a hard time thinking of a reason for that; after all all
> the counted Octets and Packets belong to the same user session, and can
> thus share the same session id.
>
Jacni>: For example, two clasess v4 and v6, over single access service,
there may be cases that the dynamic QoS or bandwidth policy changes
(class-specific)
are requested by users,say, through portal, then initiate/executed by the
server side, the
-id is needed.
Cheers,
Jacni
> Greetings,
>
> Stefan Winter
>
> --
> Stefan WINTER
> Ingenieur de Recherche
> Fondation RESTENA - R=E9seau T=E9l=E9informatique de l'Education National=
e et de
> la Recherche
> 6, rue Richard Coudenhove-Kalergi
> L-1359 Luxembourg
>
> Tel: +352 424409 1
> Fax: +352 422473
>
>
>
--20cf3071c6fe757aba04a22c187c
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<font face=3D"verdana,sans-serif">hi,<br><br>Sorry for my late reply,<br></=
font><br><div class=3D"gmail_quote">On Wed, Apr 27, 2011 at 5:52 PM, Stefan=
Winter <span dir=3D"ltr"><<a href=3D"mailto:stefan.winter@restena.lu" t=
arget=3D"_blank">stefan.winter@restena.lu</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">Hi,<br>
<div><br>
> I skimed the draft and got some comments, see below please.<br>
><br>
> * "Section 2.2.1.Acct-Traffic-Class-Id attribute" seems to b=
e<br>
> redundant, I perfer to only keep the Name attribute which is STRING<br=
>
> formatted and defined by BNG (configurable). The traffic classes are<b=
r>
> specified based on the capability of the BNG. No further IANA<br>
> activities are needed in the future.<br>
<br>
</div>It's true that any value expressed in -Id could also be formulate=
d in a<br>
string in -Name. However, naming conventions for the string are likely<br>
to differ, so I would prefer to have controlled vocabulary at least for<br>
more common use cases - like DSCP classes or IP versions, as in the draft.<=
br></blockquote><div><br><font face=3D"verdana,sans-serif">Jacni>: While=
we opened the door in this way for additional IANA<br>activities. I have a=
fear that everytime we will need to request a value for -id,<br>
then give the recommended definition of -name accordingly, and vise versa? =
;-)<br><br></font></div><blockquote class=3D"gmail_quote" style=3D"margin:0=
pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204, 204, 204);padding-left:1ex"=
>
<br>
Another option would be to follow Alan's comment regarding<br>
NAS-Filter-Rule naming. I'm not much of fan of this, because the first<=
br>
examples which came to my mind: IP versions, DSCP values, don't sit<br>
together in IPFilterRule (which is the basis for NAS-Filter-Rule). Only<br>
IP versions could be expressed as a filter with NAS-Filter-Rule, but<br>
DSCP is a Diameter QoSFilterRule - which can't be expressed in<br>
NAS-Filter-Rule (I'll be happy to be corrected if I'm wrong here).<=
br>
<div><br>
> * An attribute similar to Type#44 Acct-Session-Id is necessary, since<=
br>
> this is widely implemented in practice, for example, as an<br>
> identification of user for policy changes initiated by AAA server.<br>
> Name it "Acct-Traffic-Class-Id"? But the value should be a r=
andom<br>
> number assigned by BNG. Some other attributes may also need to be<br>
> considered.<br>
<br>
</div>The example in the draft only shows a fragment of the entire Accounti=
ng<br>
packet. The Accounting packet will be able to contain the<br>
Acct-Session-Id, and then additionally one or more groups of<br>
Accounting-Traffic-Group.<br>
<br>
I don't see an issue with that unless one would want to have different<=
br>
session Id's for different traffic groups in the same accounting ticket=
<br>
- but I have a hard time thinking of a reason for that; after all all<br>
the counted Octets and Packets belong to the same user session, and can<br>
thus share the same session id.<br></blockquote><div><br><font face=3D"verd=
ana,sans-serif">Jacni>: For example, two clasess v4 and v6, over single =
access service,<br>there may be cases that the dynamic QoS or bandwidth pol=
icy changes (class-specific)<br>
are requested by users,say, through portal, then initiate/executed by the s=
erver side, the<br>-id is needed.<br><br><br>Cheers,<br>Jacni<br>
<br></font></div><blockquote class=3D"gmail_quote" style=3D"margin:0pt 0pt =
0pt 0.8ex;border-left:1px solid rgb(204, 204, 204);padding-left:1ex">
<div><div></div><div><br>
Greetings,<br>
<br>
Stefan Winter<br>
<br>
--<br>
Stefan WINTER<br>
Ingenieur de Recherche<br>
Fondation RESTENA - R=E9seau T=E9l=E9informatique de l'Education Nation=
ale et de la Recherche<br>
6, rue Richard Coudenhove-Kalergi<br>
L-1359 Luxembourg<br>
<br>
Tel: +352 424409 1<br>
Fax: +352 422473<br>
<br>
<br>
</div></div></blockquote></div><br>
--20cf3071c6fe757aba04a22c187c--
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data0@psg.com
Delivery-date: Sun, 01 May 2011 00:33:48 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=85bXQ255NIcUlN3bFdACk7pckMHVhV5aSnEEHeGLUx4=; b=lIfgdPJ+PPZH8PNvpwI9UX065QrIuYGhCnX79ZxodYsCi+WGRij8kJO6SPnBNAx/uO zntC4VFw9asDqZ7wfvedJd4S17j9ON6h/HmflxrpcPMoCWeLd5ZuVwwQGSED/jcyhpDP yNvrFfSnu+VHZy5SVSu+OXnojHS832gO3hLiY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=v8JqbAm795B4BECPoR/79RYOy3ieNlDSN7F5kd9ohPTMRqKq5FW9vM/mCkqrtapK3B 9fHycxlKvyYzQFG7vN2LZgo2rSnkmmdE6w/sx8kR0sjls9JavaMxA9fWaTuVSglNKT2D M/Hi3M1PhtTpCeHYtp+rGa2hpT5HGZ8w+Cf80=
MIME-Version: 1.0
Date: Sun, 1 May 2011 08:32:42 +0800
Message-ID: <BANLkTi=i9ry_1pmhYcPyE84WS+SRzESRjw@mail.gmail.com>
Subject: Re: Some comments on draft-winter-radext-fancyaccounting-00
From: Jacni Qin <jacniq@gmail.com>
To: Alan DeKok <aland@deployingradius.com>
Cc: Stefan Winter <stefan.winter@restena.lu>, radiusext@ops.ietf.org
Content-Type: multipart/alternative; boundary=bcaec501638981b2a504a22c0bdc
--bcaec501638981b2a504a22c0bdc
Content-Type: text/plain; charset=ISO-8859-1
Re-,
Ok, I got your point.
Cheers,
Jacni
On Wed, Apr 27, 2011 at 3:01 PM, Alan DeKok <aland@deployingradius.com>wrote:
> Jacni Qin wrote:
> > * For the Input-* & Output-* attributes (Section 2.2.3 ~ 2.2.6), Shall
> > we "re-use" the type specified in RFC2866, like 245.1.47, etc.
>
> I would strongly recommend not doing that. Re-using the type would
> lead people to conclude that the type space for TLVs is the same as the
> type space for "normal" RADIUS attributes. This is not the case.
>
> Alan DeKok.
>
--bcaec501638981b2a504a22c0bdc
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<font face=3D"verdana,sans-serif">Re-,<br><br>Ok, I got your point.<br><br>=
<br>Cheers,<br>Jacni<br></font><br><div class=3D"gmail_quote">On Wed, Apr 2=
7, 2011 at 3:01 PM, Alan DeKok <span dir=3D"ltr"><<a href=3D"mailto:alan=
d@deployingradius.com" target=3D"_blank">aland@deployingradius.com</a>><=
/span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div>Jacni Qin wrote:<br>
> * For the Input-* & Output-* attributes (Section 2.2.3 ~ 2.2.6), S=
hall<br>
> we "re-use" the type specified in RFC2866, like 245.1.47, et=
c.<br>
<br>
</div> =A0I would strongly recommend not doing that. =A0Re-using the type w=
ould<br>
lead people to conclude that the type space for TLVs is the same as the<br>
type space for "normal" RADIUS attributes. =A0This is not the cas=
e.<br>
<font color=3D"#888888"><br>
=A0Alan DeKok.<br>
</font></blockquote></div><br>
--bcaec501638981b2a504a22c0bdc--
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
- [radext] #99: AD Review of RADIUS Crypto-Agility … radext issue tracker
- Re: [radext] #99: AD Review of RADIUS Crypto-Agil… radext issue tracker