IETF Logo Mail Archive

Re: Questions on modified Extended Attribute format?

Alan DeKok <aland@nitros9.org> Thu, 03 January 2008 04:21 UTC

Return-path: <owner-radiusext@ops.ietf.org>
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1JAHaX-0002Pl-6a for radext-archive-IeZ9sae2@lists.ietf.org; Wed, 02 Jan 2008 23:21:49 -0500
Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1JAHaV-0000A0-K4 for radext-archive-IeZ9sae2@lists.ietf.org; Wed, 02 Jan 2008 23:21:49 -0500
Received: from majordom by psg.com with local (Exim 4.68 (FreeBSD)) (envelope-from <owner-radiusext@ops.ietf.org>) id 1JAHTK-0000R3-1s for radiusext-data@psg.com; Thu, 03 Jan 2008 04:14:22 +0000
X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on psg.com
X-Spam-Level:
X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00,RDNS_NONE autolearn=no version=3.2.3
Received: from [216.240.42.17] (helo=deployingradius.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.68 (FreeBSD)) (envelope-from <aland@nitros9.org>) id 1JAHTH-0000Qo-2d for radiusext@ops.ietf.org; Thu, 03 Jan 2008 04:14:20 +0000
Received: from [192.168.0.14] (pas38-1-82-67-71-238.fbx.proxad.net [82.67.71.238]) by deployingradius.com (Postfix) with ESMTP id 24EC8A71A3; Wed, 2 Jan 2008 20:14:08 -0800 (PST)
Message-ID: <477C60D6.3020008@nitros9.org>
Date: Thu, 03 Jan 2008 05:13:10 +0100
From: Alan DeKok <aland@nitros9.org>
User-Agent: Thunderbird 2.0.0.6 (X11/20071022)
MIME-Version: 1.0
To: Glen Zorn <glenzorn@comcast.net>
CC: radiusext@ops.ietf.org
Subject: Re: Questions on modified Extended Attribute format?
References: <003401c83a92$db6ed850$924c88f0$@net> <47729084.8060206@nitros9.org> <005d01c847e8$20c81f30$62585d90$@net> <4772A741.40303@nitros9.org> <007e01c847fa$cbae1a00$630a4e00$@net> <47732E9D.4030803@nitros9.org> <00b401c848e0$2f0e9c60$8d2bd520$@net> <4774B67D.7040603@nitros9.org> <005601c8496f$9e430910$dac91b30$@net>
In-Reply-To: <005601c8496f$9e430910$dac91b30$@net>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Sender: owner-radiusext@ops.ietf.org
Precedence: bulk
X-Spam-Score: -4.0 (----)
X-Scan-Signature: 39bd8f8cbb76cae18b7e23f7cf6b2b9f

Glen Zorn wrote:

> As I said, put that way or any other way you like, ANY change is
> incompatible with existing deployments.  If one were to add a new "standard"
> attribute (in the old format or the proposed VSA-like format or any other)
> it would be incompatible with existing deployments.

  That isn't the point.  Everyone accepts that implementations have to
be updated to handle new standards.  One of the major efforts in RADIUS
has been to maintain backwards compatibility with existing deployments.

  i.e. if a product doesn't implement the new standard, it can still
communicate with products that do implement that standard.

  This proposal breaks that completely.  It will be perfectly legal for
implementations of your proposal to put ALL RADIUS attributes as
grouped, inside of an "extended attribute".  Any NAS that receives such
a response will get a packet containing *nothing* but VSA's.  It will
then decide that there is nothing in the packet that it recognizes, and
will fail.

  i.e. your proposal creates a new protocol that is incompatible with
legacy RADIUS.

> Actually, while the timeframe was long, the discussion wasn't: I've only
> received a couple of comments on it in the last months.  It _did_ take an
> inordinate amount of time to reject the 'Diameterization' of RADIUS,
> though...

  This proposal is no better.  It's worse in many respects.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

v2.23.0 | Report a Bug | By Email