IETF Logo Mail Archive

[radext] Re: New I-D: draft-seralathan-radext-persistent-devid-00

"Premanand Seralathan (pseralat)" <pseralat@cisco.com> Tue, 26 May 2026 03:42 UTC

Return-Path: <pseralat@cisco.com>
X-Original-To: radext@mail2.ietf.org
Delivered-To: radext@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 2D575F4E760A for <radext@mail2.ietf.org>; Mon, 25 May 2026 20:42:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1779766975; bh=EHQdMOLrxrG0P+Mg35O3QCOZH3H4cQ2vy6rKWEsMI78=; h=From:To:CC:Subject:Date:References:In-Reply-To; b=hcwBI+hM0ZmhFUIkqpwzvXYM0mszCJ/O4GWyj1t5eDcEKLdnUHkY15/znMuYNXL/K keLhJ0xT1PJ7QYumBFYUDvNIQeVP04jqZAqTRmcxuBim+yA4fdTSxvVfgcYX071bJ5 WftkpFdVAJUh5AXglRsq019Ogb9O7VPhYaQc6Bds=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -11.885
X-Spam-Level:
X-Spam-Status: No, score=-11.885 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_NONE=0.001, T_SPF_HELO_PERMERROR=0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=cisco.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P2BPz6cimVYD for <radext@mail2.ietf.org>; Mon, 25 May 2026 20:42:50 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 1D829F4E75F5 for <radext@ietf.org>; Mon, 25 May 2026 20:42:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; i=@cisco.com; l=25174; q=dns/txt; s=iport01; t=1779766970; x=1780976570; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=EHQdMOLrxrG0P+Mg35O3QCOZH3H4cQ2vy6rKWEsMI78=; b=JKbwBI/LtCt6Xf/6MeU5IaQJkHEZxkEASuo1z7wavly5ILduHQzG27ZT ncpIYJbzWLEFIkQSRO2465VHgPcE83aFtIyQJk7iP/CHrlVROSs+W092V Vdw65FyHzRvU2RWkj4oQNh7ePfaLgwfVZKjpKvwPSZ3Q8jS6tGkJpH+1U 9CxrfVUYYct2O/2b1IkkVCO1aeMGZ5wWg4hX9/PBOmaZgFmS1Brm1rBIk NxYclGMkPk0Azoo70QPH9JOqnjYsmKkjA/94Me4rCAyFxL1eGjij4FiOi ryhHJ4VBZWtpMSq5AJ6wHmJIf8nF5pcTtUE/imV/meKcPU40ak9tDXt5q Q==;
X-CSE-ConnectionGUID: vp42NpsyROuzEUQt6pwYww==
X-CSE-MsgGUID: yxZeeU7qQB2RualMyqhbpw==
X-IPAS-Result: A0B0AwA9FhVq/4v/Ja1QAQmBLoErgT0xU4EIgSFJhFeDTAOFLIh5A4ETkDeMUYF/DwEBAQ0CRA0EAQGFBgIWjRwCJjQJDgECBAMCAwEBAQEBAQEBAQEBCwEBBQEBAQIBBwWBDhOGTw2GWgEBAQECARIRRBIFCwIBCBgdCgMCAgIvFBECBA4FCBqCYYIdLycDAQIOon4BgT0Ciip6gTKBAYNsQdt+BoFNiFkBKoE1Aw6EBQGEeycbgUlEgRVCgjA4PoJhAgIBgTABFBqDWTqCLwSCDRV6EhuEV4l6UnIiAyYzLAFVExcLBwWBI0MDgQYjSwUtHYEjIR0XFR5YGwcFEiEqbko8GgMDDSEkEVlBOAtGBYFkAoIaTiMvA06BLYFvAwttPTcUGwMEgTUFiWdEGRoPgT8vQQE+JgRDEBRnUjYBAQ4fBQMOL5Zhi2KOX5UXCoQcjB+VcBeqA2eZBY4JlTMCMoUlAgQCBAUCEAEBBoFoPIFZcBWDIlMZD44tFohzySYBeQIBOgIHAgcOAwuTZQEB
IronPort-PHdr: A9a23:NkOz5RZpIIPrZd+hU2x5a1P/LTAchN3EVzX9orI9gL5IN6O78IunZ QrU5O5mixnCWoCIo/5Hiu+Dq6n7QiRA+peOtnkebYZBHwEIk8QYngEsQYaFBET3IeSsbnkSF 8VZX1gj9Ha+WXU=
IronPort-Data: A9a23:PMBks65rgh5RIJvYjIOADAxRtHjGchMFZxGqfqrLsTDasY5as4F+v jQYWGzVbq7ZMTSkLYwnatuz8kgOv8fUm9I3Two6r31mZn8b8sCt6fZ1gavT04J+CuWZESqLO u1HMoGowPgcFyGa/lH2dOC98RGQ7InQLpLkEunIJyttcgFtTSYlmHpLlvUw6mJSqYDR7zil5 5Wo/6UzBHf/g2Qqaj9OtfrawP9SlK2aVA0w7wRWic9j5Dcyp1FNZLoDKKe4KWfPQ4U8NoaSW +bZwbilyXjS9hErB8nNuu6TnpoiG+O60aCm0xK6aoD66vRwjnVaPpUTaJLwXXxqZwChxLid/ jniWauYEm/FNoWU8AgUvoIx/ytWZcWq85efSZSzXFD6I0DuKxPRL/tS4E4eI5VEoMBvGnB00 uEKBQ00ck6bmNOp3+fuIgVsrpxLwMjDJogTvDRkiDreF/tjGcqFSKTR7tge1zA17ixMNa+BP IxCNnw1MUmGOkYeUrsUIMpWcOOAnmLyaTRcoU69rqss6G+Vxwt0uFToGIaKJYfXH54Mzy50o ErX71b0DyxFLeW1kwCY+3aJl/bPlzvkDdd6+LqQs6QCbEeo7nYaBBAGSXO6rOW3zEmkVLpix 1c84CEiq+02sUesVNS4B0f+q3+ftRlaUN1VewEn1DywJmPvy1/xLkAPTyVKb5ots8peeNDg/ gbhcw/BbdC3jICodA==
IronPort-HdrOrdr: A9a23:x0TSba65zURC+vMq/APXwfWCI+orL9Y04lQ7vn2ZFiYlEfBwxv rPoB1E737JYW4qKQ8dcLC7VJVpQRvnhPhICPoqTMaftWjdySSVxe5ZnPHfKlHbaknDH6tmpN hdmstFeZPN5DpB/LvHCWCDer5KrqjkgcWVbKXlvgtQpGpRGthdBnJCe32m+zpNNXF77PQCZf 2hz/sCjQCNPV4QacO2DGQEWe/sm/3n/aiNXTc2QzQcxE2rlz2H1J7WeiL04j4uFx9fy7Yr9m bI1zf++riitP+DzBrd3X/47phdmtfto+EzRfBkjPJ7FhzcziKTIKhxUbyLuz445Mu17kwxrd XKqxA8e+xu9nL4ZAiO0FjQ8jil9Axrx27pyFeej3emi9f+XigGB81Igp8cWgfF6nAnoMp33M twriCkXttsfFb9dRbGlp/1viJR5wyJSL0Z4LcuZklkIM8jgXlq3NQiFQ1uYcw99WnBmfAa+a FVfbLhDbBtABOnRkGcmHVzy9qxWXl2NBKHTk8e/vGx6VFt7SpEJ49y/r1Cop/Gn6hNFqVs9q DKNL9lm6pJSdJTZaVhBP0ZSc/yEWDVRwnQWVjia2gPOZt3c04lkaSHq4kd9aWvYtgF3ZEykJ POXBdRsnMzYVvnDYmL0IdQ+h7ATW2hVXC1o/suq6RRq/n5Xv7mICeDQFchn4+ppOgeGNTSX7 K2NIhNC/HuIGPyEcJC3hH4WZNVNX4COfdl9+oTShaLuIbGO4fqvuvUfLLaI6fsCy8tXiflDn 4KTFHIVYx9B4CQKwnFaTTqKgTQkxbEjOdNObmf+/JW04QEPJBNtA8O4G7JlP1jAQcyxpALQA ==
X-Talos-CUID: 9a23:zlQ3IGr6vj1msO8EbfCLLlbmUd49Lif71GzBGWilG0tUcaHLUUCh57wxxg==
X-Talos-MUID: 9a23:l65TMwZgoMhkMuBTpi/eiTxfa95Ryf6UFUkJtIQfu8OcKnkl
X-IronPort-Anti-Spam-Filtered: true
Received: from rcdn-l-core-02.cisco.com ([173.37.255.139]) by rcdn-iport-8.cisco.com with ESMTP/TLS/TLS_AES_256_GCM_SHA384; 26 May 2026 03:42:42 +0000
Received: from rcdn-opgw-1.cisco.com (rcdn-opgw-1.cisco.com [72.163.7.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by rcdn-l-core-02.cisco.com (Postfix) with ESMTPS id 6933D180007E2 for <radext@ietf.org>; Tue, 26 May 2026 03:42:42 +0000 (GMT)
X-CSE-ConnectionGUID: 1L3JhISBRDGF44H0z6bdjg==
X-CSE-MsgGUID: +MGqC38fQsSGcjRvDTE7Ug==
Authentication-Results: rcdn-opgw-1.cisco.com; dkim=pass (signature verified) header.i=@cisco.com
X-IronPort-AV: E=Sophos;i="6.24,169,1774310400"; d="scan'208,217";a="59077132"
Received: from mail-ds2pr08cu00101.outbound.protection.outlook.com (HELO DS2PR08CU001.outbound.protection.outlook.com) ([40.93.13.73]) by rcdn-opgw-1.cisco.com with ESMTP/TLS/TLS_AES_256_GCM_SHA384; 26 May 2026 03:42:42 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=g8J9YTeHWdyX//PKMzUsLQZFyTTZPigVWULKeU3I5lIraIpCovDZ99JzGvWsbYbZQbO+oNEL3L3NlXe7Dv912KYQtftI0nN2hwiB3L7qIIXsLkiX2c0NV0Shjmkaw7YLeRXKi7csbF+0fnxECtLrIOBixZKKcn8aMQkEkhsiH1RXwbRmGWPjFDiP8qvLxVD54VHWgrg2y+rKBpBdCFkhEwU9myGpb2oxlFMf2IvDAmMWxfzMC1Wn9P+Ew4AUfq/FK3bVmMkS21NPY/9f7omS/s7J0FlC65gneuw7fqRgH3n6m3SeNawEfBKCsndC8WxE6zcHUeATBtYfUHECRXuA1g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=EHQdMOLrxrG0P+Mg35O3QCOZH3H4cQ2vy6rKWEsMI78=; b=XlUETLcKTP6X7DZLelHhyO3+mkNPO54MBts+161TsOMlJW3GaHcVrP7nH5F2+kXhiLPyDdFTH2DhevezRLc4f0/ojUdFCd6Q3i8MTLWn8yCtpI/rNPMV3kYkVXlwqZLHX2P97IwPe/Iux7QxlHitTjzj6jz+Xz7LfTqgXh+2aFvEhAY5WUi6WEc7y5dIWC9HPvFwGkgRntA1h+MRLCyemgDSgoj5K7XX5XHzBVtJqdZLabEJaPIbfUMJwQZXMmQBkeNNfHlHSAdL42amO/6hKOcfpuBhKISDb84TlTSTCcOqYy6g6nfoPTyTkwZG/JLp6dN0mwJA+R4ejMBbZBicIg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
Received: from BYAPR11MB3768.namprd11.prod.outlook.com (2603:10b6:a03:fa::20) by DM4PR11MB8180.namprd11.prod.outlook.com (2603:10b6:8:18d::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.48.20; Tue, 26 May 2026 03:42:39 +0000
Received: from BYAPR11MB3768.namprd11.prod.outlook.com ([fe80::a807:12e:34ac:bdf9]) by BYAPR11MB3768.namprd11.prod.outlook.com ([fe80::a807:12e:34ac:bdf9%6]) with mapi id 15.21.0048.019; Tue, 26 May 2026 03:42:39 +0000
From: "Premanand Seralathan (pseralat)" <pseralat@cisco.com>
To: Alan DeKok <alan.dekok=40inkbridge.io@dmarc.ietf.org>
Thread-Topic: [radext] New I-D: draft-seralathan-radext-persistent-devid-00
Thread-Index: AQHc2NUy8nA4vwgd3UqI5n5zmJHAirYSfBgAgA1TqeU=
Date: Tue, 26 May 2026 03:42:39 +0000
Message-ID: <BYAPR11MB3768995A3F905845409EF032CC0B2@BYAPR11MB3768.namprd11.prod.outlook.com>
References: <BYAPR11MB37689273BC46B447843F3516CC352@BYAPR11MB3768.namprd11.prod.outlook.com> <C035972D-A954-4449-B1AA-194C7954F27B@inkbridge.io>
In-Reply-To: <C035972D-A954-4449-B1AA-194C7954F27B@inkbridge.io>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-reactions: allow
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BYAPR11MB3768:EE_|DM4PR11MB8180:EE_
x-ms-office365-filtering-correlation-id: 6b3d399c-0f60-4736-18d9-08debad8d5c1
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|1800799024|376014|38070700021|8096899003|18002099003|22082099003|56012099003|11063799006|6133799003|4143699003|13003099007;
x-microsoft-antispam-message-info: gRj+IrDa6vs353ehgvBEIG0c1CY0Hd4cD+31j9fs+lNoDJu7qrfUI6r4BREY11GEMCyzjYTx8Duz8Z4LOWjmvXcXoInWSDErx2P5BkDdyC7Ov+LvW5JJSHtz/kvif8yhDpo4492B5jab4eKm6R97xHOCWkdrt9O4BIlG6PUjhr1ooopkFyZIHX5qr0ZpS2Qx304BsczQg3KZXIVHqzl48f0lf1IB8UdWbmUYzCsAAaBRxU/r9wi+i/lhHP9UEnVGccFWSIP8yjFnNuGgmHuoQoKbRNAJL6THVSFLsx60xkyFLAk/bXGbhTAh9P/d5EKTY03T+8O0K6oMvJTxgBAgvnBFqJIWUVERmfwOyL9uRWwKcFetM2OeCk4LAOVeerJWuYph/N0QVCFAV2EuHXBTy2jn+jrQ4rGOOzEFcb9T932bjhjxTbpGROALtwlHd7CYh2+/Ihq5BtpSwYC3hYm+GIUpZ8WffD4hjSC850SUEfwaVXtm8fkUSsqmlFFPvvuZhWQP96Zmnad+u1tN717lgVWOFJtHXQ28i1srXFI00nYr/TWYrKTS7Tpj2J31DgcYbzt+vQzEJx/3CpFCLPeLCTOLDn10Nlf40xzrWANNq01gQZ3H2Mr2tcwz9RslPgrBTO1ohxU2TiFboU+lzasRF24waJET1UCYEMgbSMwToOJPeC4vqRAV7bGDFBQ/g+BIIcoyZAY+wyM9Wa+S3Un7giE46fday85U1D59z933vH7vAAtxzhuYFpF02n1/uy9U
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BYAPR11MB3768.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014)(38070700021)(8096899003)(18002099003)(22082099003)(56012099003)(11063799006)(6133799003)(4143699003)(13003099007);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Eq6rkp4PMOz8tH3aS/jol52ZKTK1oW0lnkccfclT700tvF0sofG7Z2NBqM27t08bNw3NfNcpxtiaiJCAH0lPMKVCSON8pc9E6TL5P4/IT4N4yTv3H/NXETsYL8/06QSaJuLV1dhbcN6Yj1+a5NEXClXoS7XMeDx6c4Gbgfh0NSKHN54QFyLI6C6jnvbppU4wTSJDg6Y5ezXyb0OlWsGh1ssk02MqepM4VjIC2HeOYNxNblrQczmgl0XVt8FgGcddvd6ftz+xLPFDywqwWHgk7H8t4bUSeMcqFC14fc62Cgxmfl0W+T7MIjLPtQPWTtxAVrUXr1832DTX1AT9owjZeabc7SN72Pk6qgSk/pwug8ecekRUKspewgGf76NA/pGkWytRFxk0d/Et3d7Mj0k7L/1AMJqA5bRNALdAX/HaIarRLqrfJl3AHvSSMbjgqymQwXcRKbagw+2+Q9lmkMMhpjaJDk/HWSakhgm2MkT4i6vgEfNjkpXgpC/Mq13L8inCg8diPkcGSI6vS4elqWCm72kBaTXouDYB95iYTLI/tOZs3kkj6R8yBG3uSO66/RSkcj3mldKHTQ5Yl6urfbXC26PofhLGxyrsvSjHh7prUdvH4VFB44ZtFfyW3ZZZXyF6fTPz1pGEJjyvGRRusC58k2vzhoNWMDyUBJIK3r4/my4jWY5rccefFDE82lUT26AFMqhW3uiEFBO77uCZQ8cu7yuJK9dWedB/mPWBP98iheGJFkhgvEelIxGONyH2U5sBV+S4xRyZL9nodKI/BMTHhlBQ3iWUnaBdYkvpljCzQ703ELFlXe3KG2WOMROVbspddnHjR7JkWu/1CbAD0AWivLU+j7+rfTeLWkTSXZOTXPhPMY0xIKt/n/69weKYdDbA3R8OvvYSyKEKexxlAQMjxY+Byl8/jXbhE+4Rk7IP1N7jby+J+wRAjB1i0d3Zi6Zzz7RUUCpWElFy+pY6Ki9h6Xvc1DNM+ToE+/hwd7nB0AOfxMkBk4pqtOv7HR0m7q6ux8HUssChUki0Hi4EVyIq7sXx/9qf61PBol5JrUdsM7y/9nsUKuFn2mIxSHloJ7P6OfE9ISsZQnVhKHYJMaBIpaDGOR1RN7JharRUgRkMo2TLBVxaesylyhexOY2QFDULpjrF2zEBCa7RUAAtaeyseoj4kRwvLtrXS3RHCkqV8CW57HvV7GcIZUX1elRcCFKzOH6S0LIoENBfMv2PzZ0ftHX1iPBvAv0l+46LIds4RITF5nJQAQKMRReinuMoxLShRrpZK/96QBuQWKdZqlU6M87XoVH5Y12D5ShTJLEJPNLNC32DnPPadkDFN9iHwpSMmBit4w7pTCJi6cS0JlMlLE82El3WgAWtV9isiMn3skqHvfLKRtBFfIAaV3m2HsnX5xtr6Wl7UEkYYXKxs4kPVewgkDyWDvX/aMNdRJYvBacUJEhHQgzxOorjWL+x1mI3OJqq5IU2y9NkHiflA3FhlN9+441THXbuVwu26W4/nFH0OfAt5yBzC63OOn26nLjSceKI3NwQZ6t7jM6gqyzbmJmBurl1oLYSicl5qiPSH9tAW/K7EsKRXXbXzogcL54WJJ0+YHtrYRSn3OHZZHRNQdj9ZjwanTpzFo4m1H48Y+wwMTNQM111NzXmTVnQo0H4dFPJ3IGhp9nGoRd3xqk/IFWW0YCnoHinydMzHhMAxPgH35hc19ePS//ZNxYUaD7QRnclDJBrhkaWaBTYfkWuYBNlD0zy9aaNMZ8b+sFmOao=
Content-Type: multipart/alternative; boundary="_000_BYAPR11MB3768995A3F905845409EF032CC0B2BYAPR11MB3768namp_"
MIME-Version: 1.0
X-Exchange-RoutingPolicyChecked: XYG1ZxnZir9WpsLpLcRyhSkAzEHP1I45hL7opn/raDPDwmqokWk+ujqSFkrw/ZFAUuUQSTN3zhiL4iFU2QBOoPRQAfXKv9l0BO6oBF4hJdiLfgYDfqvdLzi/k06CrVZGQDmCn6EdmuiQMnpd1qT/g1OL7VeiWPr/pypPpR5J02u4xQc+lcERza9ap/zJ1qtGfctSQXTnBIOAePOXJQG0LLSxub81TTY9E47a7jLfG8DswSErVAXCx1PtSmwbMIfkp1MEOoNr7rDANOISOHAxe7Q1aIyGGWAts66+Jsdo2sRLLpvfXe1N9SOkBzRfrAV2bt9KrtTT8Q//WQ3YLInQqA==
X-OriginatorOrg: cisco.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB3768.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6b3d399c-0f60-4736-18d9-08debad8d5c1
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 May 2026 03:42:39.4868 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: dwe3cv6/saWaXUUD+bd1iXw/hQX/65rFureyzG5HYON6a6G1KfC70x4XpDBuTSLo5j6lJ/k/WaWcKrxdT/9FWA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR11MB8180
X-Outbound-Client-TLS: ANONYMOUS;rcdn-opgw-1.cisco.com [72.163.7.162];TLSv1.3;TLS_AES_256_GCM_SHA384;256
X-Outbound-SMTP-Client: 72.163.7.162, rcdn-opgw-1.cisco.com
X-Outbound-Node: rcdn-l-core-02.cisco.com
Message-ID-Hash: 2RLZN2W6MVD6M6RLDKSHFN2UBZXP5BIE
X-Message-ID-Hash: 2RLZN2W6MVD6M6RLDKSHFN2UBZXP5BIE
X-MailFrom: pseralat@cisco.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-radext.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "radext@ietf.org" <radext@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [radext] Re: New I-D: draft-seralathan-radext-persistent-devid-00
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/LLITT7svizDLNI7ol1UbXfMWOsE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Owner: <mailto:radext-owner@ietf.org>
List-Post: <mailto:radext@ietf.org>
List-Subscribe: <mailto:radext-join@ietf.org>
List-Unsubscribe: <mailto:radext-leave@ietf.org>

Hi Alan,

Thanks for the review. Inline below.

It took a while of reading the document before it was clear exactly what the mechanism was, and how it worked. It would be useful to have a short overview at the start of the document.

Agreed. Will add a mechanism overview in the Introduction for -01.

this proposal has similar behavior to the Class attribute, but is persistent across multiple connections. It would be good to mention this.

Good point — same echo-back pattern, but semantically defined and persistent across sessions/MAC changes. Will add an explicit comparison in Section 10.

it's not clear from the document how the NAS persistently identifies the device across multiple connections.

e.g. Section 9.4 talks about the RADIUS client caching Persistent-Device-Id. How is this done?

The NAS doesn't need to correlate across connections — the server does. On reconnect with a new MAC, the same certificate yields the same UUID server-side. The NAS caches Persistent-Device-Id for the current session, echoes it in accounting, and shares it with integrated platforms (profiling engines, location services) so they can identify the endpoint across MAC changes. Will clarify this in -01.

Do the NASes have to change? If so, what changes need to be made? If not, why not?

No NAS changes required for the core mechanism. The NAS receives it in Access-Accept and echoes in accounting — standard attribute handling. Unrecognized attributes are silently ignored per RFC 2865 Section 5. NAS-side use of the identifier (local correlation, UI display) is optional. Will add a deployment considerations subsection.

it would be good if it was useful for EAP methods which didn't use TLS. Perhaps one option would be to derive the Persistent-Device-Id from the MSK / EMSK on an initial connection.

Interesting idea. It would give per-NAS consistency but not cross-NAS and would change with credential changes. Worth exploring as a future extension — will add a discussion in Future Work for -01 and keep the current scope to certificate-based methods.

Will address all of these in -01.


Thanks again.

Prem

On 5/17/26, 9:05 AM, "Alan DeKok" <alan.dekok=40inkbridge.io@dmarc.ietf.org> wrote:

On Apr 30, 2026, at 3:13 PM, Premanand Seralathan (pseralat) <pseralat=40cisco.com@dmarc.ietf.org<mailto:40cisco.com@dmarc.ietf.org>> wrote:
> We have submitted a new individual Internet-Draft to the RADEXT working group:
> RADIUS Attribute for Persistent Device Identity in MAC-Randomized Environments https://datatracker.ietf.org/doc/draft-seralathan-radext-persistent-devid/
>
> Modern operating systems now randomize MAC addresses by default, breaking RADIUS workflows that use Calling-Station-Id as a stable device identifier. This draft defines a new RADIUS attribute, Persistent-Device-Id, that carries a stable identifier derived from the device's X.509 certificate used during certificate-based EAP authentication (EAP-TLS, TEAP, EAP-TTLS). The attribute is returned in Access-Accept and propagated through Accounting messages, enabling session correlation, device profiling, and policy enforcement despite MAC changes.
>
> We welcome review and feedback from the working group.

  Thanks for the draft.  I have some comments, mostly nits:

* It took a while of reading the document before it was clear exactly what the mechanism was, and how it worked.  It would be useful to have a short overview at the start of the document.  That overview could give a high level summary of how it works, without getting into detail.  That then provides motivation and framework for longer explanations later in the document.


* this proposal has similar behavior to the Class attribute, but is persistent across multiple connections.  It would be good to mention this.  That will help readers understand how it relates to existing practices.


* it's not clear from the document how the NAS persistently identifies the device across multiple connections.  Is there an external reference which can be used to describe how this is done?

  e.g. Section 9.4 talks about the RADIUS client caching Persistent-Device-Id.  How is this done?


* if this proposal doesn't require changes to RADIUS clients, then it's much easier to implement.  The RADIUS servers have to be updated, and that's about it.


* if this proposal requires (or suggests) changes to RADIUS clients, then it will take a long time for it to be deployed.  This isn't an argument against the proposal, it's just an unfortunate reality.

  Suggestion: make this clearer in the document.  Do the NASes have to change?  If so, what changes need to be made?  If not, why not?


* it would be good if it was useful for EAP methods which didn't use TLS.  It's not clear how to do that, though.

  Perhaps one option would be to derive the Persistent-Device-Id from the MSK / EMSK on an initial connection.  So long as the user reconnect to the same NAS, the NAS can cache it (presuming that's possible), and send it on subsequent authentication attempts.

  That process doesn't create a value for Persistent-Device-Id which is constant across multiple NASes or visited locations.  But it at least provides a consistent value for a particular location.

  Alan DeKok.

v2.45.0 | Report a Bug | By Email | System Status