Re: [radext] Implementation inventions

Michael Sym <msym@singledigits.com> Thu, 24 August 2023 02:28 UTC

Return-Path: <msym@singledigits.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6386C1782C0 for <radext@ietfa.amsl.com>; Wed, 23 Aug 2023 19:28:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=singledigits.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Pj6dkZio8Aj for <radext@ietfa.amsl.com>; Wed, 23 Aug 2023 19:28:19 -0700 (PDT)
Received: from NAM04-DM6-obe.outbound.protection.outlook.com (mail-dm6nam04on2053.outbound.protection.outlook.com [40.107.102.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B9E7C16B5CF for <radext@ietf.org>; Wed, 23 Aug 2023 19:28:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CQEruSRJDxJCM05adKjUyxP+opO78IXcL3kG2S258TPX+Q5d1QBSPN4CaWl3rCt2r2upy+hrA4uKis3Yy25fH00YvI8CPQEh4xVetbZMioM1dvW0CEmBa2EWOMXNM0ZlcfOvxdY+YLnhL66pRb7v9Efzg6wrzs3LINBNsbH3GkIQaOjE8BBZYF84ZT9SggGv9Cj+W8Hcd9LORfM02RrClG/aGDpfq9WqdqI+r2LIOwOuwQtReVLQwqPTQlJjdQ5qJgrRgpdi46N+X3vuhKkK6xEKjrfITZUDZrfKmyDDFviHJDQDbXolZJ0uJ1Mnn6ppd3Qh9r/+v3+9CL4M2JvlgQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=U3nrSZdTteQ9x01FjHwfX+nYMKtG5FWMnmxCeTRwvy8=; b=nWpNUDsTOjZxFh/vN7deqJWsMvmNKXWjRgTs+XrSrQ1WkYY797ffO+5wKjEZGkG7xajDMNbhD4MOnAlm7sYza6wh9TO1hj2jFvaqTb9awtEZu3HM6hPNDSc5UPRJJMPk4W7D+XsMWjwJriIEtacEdxAlHMhfNEnF6Bf1z0VSONht1r9FxjLRwT2LyUXrXH+4QqCtDSW9bzVHI51Uopo447QwkPdeEhK4ScOZVoQhHNzQEXd+es/Ukw2Gl86L6oZMoQAU1maV/1IyBZggvW4xRdO4cK0TnuboLsxYLS4G3kHkTX9H7g6+pRkLuZEjXFKfGYyD3X3mXD83T72NvwpxkA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=singledigits.com; dmarc=pass action=none header.from=singledigits.com; dkim=pass header.d=singledigits.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=singledigits.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=U3nrSZdTteQ9x01FjHwfX+nYMKtG5FWMnmxCeTRwvy8=; b=HIq7sjoihZtxG4Cqmk7rk1wAlWC+0xPPQiHqMfiXS3yH2f0kj1QqplxnXmt62O/4T+3BVJBeczkoXpGuXq/FYcljh49oS/1n2BSs6Q0TQQaM0SxsR8+43x81KS+QIlgCLFzVGY7RgVVRLvWYNJzpevzZzBAHH/e/3tQQX4HQRZsqi6Hgfq4vwuLYaxtOxNcLDGx17z+i6Jzm7tz9xBaPnu2tMqTHRouKko5/mll6I/5dKm20wB9d4r+lRYiHmq8Kz3aIq/DIIxbZKfo+Z7+Y0HK/ShoNcjQCcDgoUwgazDUfGgAwUHaX2mIlbA3I2lY31FWXrCZ4D/mzw/XoDMdYcg==
Received: from SN4PR10MB5589.namprd10.prod.outlook.com (2603:10b6:806:204::20) by MN2PR10MB4190.namprd10.prod.outlook.com (2603:10b6:208:19a::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6699.20; Thu, 24 Aug 2023 02:28:14 +0000
Received: from SN4PR10MB5589.namprd10.prod.outlook.com ([fe80::aa93:3321:b489:d24c]) by SN4PR10MB5589.namprd10.prod.outlook.com ([fe80::aa93:3321:b489:d24c%4]) with mapi id 15.20.6699.027; Thu, 24 Aug 2023 02:28:14 +0000
From: Michael Sym <msym@singledigits.com>
To: Heikki Vatiainen <hvn@radiatorsoftware.com>, "radext@ietf.org" <radext@ietf.org>
Thread-Topic: [radext] Implementation inventions
Thread-Index: AQHZyXNzkPeRA25ufk6pCNSWjaYacq/fVQcogAAFiQCAFvO2gIAABVcAgAGMwICAAPBwUw==
Date: Thu, 24 Aug 2023 02:28:14 +0000
Message-ID: <SN4PR10MB5589141124336784947B1A7FA11DA@SN4PR10MB5589.namprd10.prod.outlook.com>
References: <2B40BD0B-8C16-491C-90F8-B744F2E4E2D3@deployingradius.com> <SN4PR10MB5589C79F441AFBB72493DA84A10CA@SN4PR10MB5589.namprd10.prod.outlook.com> <A4625416-E62C-45F9-ABDF-3FDF3034511C@deployingradius.com> <CAA7Lko_WY-yDX5XJUqNGN2MQ+m5_9eY_4eEBs1VJNsgZ3mOrsQ@mail.gmail.com> <7DED2D44-0972-4013-952B-F41F243C945D@deployingradius.com> <CAA7Lko8CXgCxpVCi3SKF5dq6oOD1jdvjAHGFs+REAormOoDVew@mail.gmail.com>
In-Reply-To: <CAA7Lko8CXgCxpVCi3SKF5dq6oOD1jdvjAHGFs+REAormOoDVew@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=singledigits.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SN4PR10MB5589:EE_|MN2PR10MB4190:EE_
x-ms-office365-filtering-correlation-id: 8cd88acf-3890-4e17-2a57-08dba449c4b0
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: mzQPEAJh7cToxaDTtMJy5fIw+3AmNtryOZSn4QiUJxqpRLy7gCU5liGvXMx9XmFgNcPBEz58xw8hADcAwUmNK9JaXksYtPMDOEIFdE8ZOinlSRetgjPactrRRQPqfVvW+28RAN8hiReY4CQg4t+K0PfBYyYAysldMFhmrAqPYx3n1/eesNLeDYtMkCKDhowvxM3iUnFMIahxIVbu7Ubr3a0wEtngenFcwGKW4WMWs8avbiZpcJoIMNqnr8vZ5ONTgbMPDMMqmrWrlMOrOukpl6P01qnxMJasZRyWJLGHleES3OJDZQmlGIz2Ba1X7Hej8Ox3/txmnAOWQUREtLipStRHmHistCPiEB4Mz5MrqKZUxsoSxR30hPDrynyc4CyNzXZ1oLmHZySKgmsomaZEHr+Dk7uQpPWZx1riSsznfJwYLaxIkzbZKYsk+z21oFaqbQKIUs1CU5THwG+3teJvWyzYtMF+wSBPoorXVXBr2gUu0eJUo2ZSW+uwXLPxkfPW2exRHtKLcJu9tMPtrfVYrQKWkt+CRkR+2swYl/l2kUWLwb9aSuk4GPot4kSdwLh2N8UHh/gGz7SiZKTNCRWOXxaWIeRnVhqCdvsZ4wgR+Wg=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN4PR10MB5589.namprd10.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(396003)(39860400002)(136003)(346002)(366004)(376002)(1800799009)(186009)(451199024)(76116006)(66476007)(66446008)(66946007)(64756008)(9686003)(66556008)(316002)(110136005)(8676002)(8936002)(966005)(41300700001)(478600001)(55016003)(122000001)(71200400001)(38100700002)(53546011)(6506007)(38070700005)(83380400001)(2906002)(166002)(7696005)(86362001)(5660300002)(52536014)(33656002)(26005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Jlf0vSvyGEcYONcycu7C4hH3HGMXQJwRoBlWBPd8iBL6Xy8IAiN7uqp3AkoEsgE3QyHpAO/ADl9TgCoapddjTZ56linX2l2xnSurUuY+5OvsyWleMERUQ0CrLz8ebwfdKQ13wXHWA0VTfHT4g+3D/7/siYk5pNYkhPEPxGzyzxPtZJyaJdJ6d2kjRnn+LJPhW0ZqorGpu4itjlIOv2/KKvimCxDPgPeN9wkN/dlvcHb7fwPe8/2y/14UBbyE8MEignffgxuoDyl9O4gLbgn/+Q3D6LxbTHBWhGc5k/L8P/SilvCKCXsyGuy6bzwB2vSr/JnZc7cv/BYv3y8YS7rxTgaZPlWy/N6ItX21kSfMn8tksZHbJuY+rcaJXJDaFGq2QQEKDhVjcSDO051vaNyGHswFJVGqLCkRz3FIA34kgOu6C+bpSSHt0CWKyoRe7dLKyU8tCLw+dGg+Bj23EO7rR4baLUmERk9c/SLj/Nm0KAI7gB13w3+hUd7oJcqyANpenX3u0mLlJjwOXJMEo0NYDOM+ZT6S32SMRy69dQeKE9A5g9qtFv700QaUFrdYRIFoknVF8rBnAlr+sO70aHL6k6gKt5dLuZP4BR2+9WuDbq958akuZRsEcHcj5Z/F98INGP/FTyrZmSqH0kYk1la7Yu040C6/ugixw1VjybXdkdwD6xTguIhpdYv1tcMoOcNRKv7+2+qxyBFakemZ7CiQsx+74xnZbZQ4ug0cCGDs91hUUyyzL13BT8jbTAm3CzPLHDKAlq4njm7yFznW9WeSDeHlP7ty1VCOCKLvW0ZeD09VrebZivvEGNnldRhrMpp2Fv9GLukI5SPZPRVVUIt7Ct/XH5HJEaVoiHUB3ZErD0ujdT2jdRYVjhe6RHIKbqjtCEsze5YXdTh11hWdc8Fvh5e4fFTgPmBEF7vqxCosiDWZpqlIMdFh/AC+TIsfUumY+PEtvwhsgmYkyYCiy3aO+mbDDHdMBemBalUoDFYnbEI38lx2xnJYGaDEwuJypmJ+kgxkbFy2AweUGPLV3hD5t2S7jou2u+mjHQ9FNmCr/nOgyy6evj0VwWlQWXymLZzMVDBT1nexiymZiV1YQos1XzNfSjmmYWyUIPFgA5xHQutDi4JTdT+wXZ9AxKrJsGhqCWienR7X76VblSS9pXpTZwxlEvUgz0xE2EElKaMSRinkpbIbmTUodPUQzXdxfUm34+8UsV363NN9/RMJ7nm3tucIZvVeF83CDBAuORAX9W0EEpNbHwt882pRDWGLj5C/qPBJaP40JGyUYykDDjZE2hY4GqvDI7tKp4tqhyLFPmrSVm9Lsdce5B9n2whREilzSr2aUz2l5Icl1jj4DD7P0rAeovxCJyZCm55LVPQGwdgBNivG/YHySVL8JBanUPzN6nr4ab8d3UUxn5VN5TUFD9ZkxLXPcOgGfFrGEmRZv50fQdoDCwQSGVjkleWTqWNhURmSFcypQUTnyyXHB+lYDosoKOgRLvHE+Kc0pAXqCkwydV6lrweCGgNUTDST5777/L1RE6X7ryt9WFJTbqZ9D1gAe4pEQjCfPk8PN29sUMuwiO5uEiL9ery5jlJgHocgWgQOoWq7DHUzb/8yp/jd7g==
Content-Type: multipart/alternative; boundary="_000_SN4PR10MB5589141124336784947B1A7FA11DASN4PR10MB5589namp_"
MIME-Version: 1.0
X-OriginatorOrg: singledigits.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SN4PR10MB5589.namprd10.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8cd88acf-3890-4e17-2a57-08dba449c4b0
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Aug 2023 02:28:14.2459 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 1e19743e-6574-4f0e-b0e3-53b3549ad454
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: nY91ahCk5gTGHMcWXH2CHulqoPlDgkxDsPosHFAZVeQuD7xCg13qoLgUSYevyQ/8BpzOHfoU7tEEPo9F2zBckw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR10MB4190
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/ULDNo4OpXlFDRjiL-vr-Eq7W7sk>
Subject: Re: [radext] Implementation inventions
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Aug 2023 02:28:23 -0000

Can we add “reliably associating accounting to a valid auth” to the list?

I see there’s an item about keeping User-Name consistent (which is definitely important!), but we also need other solid ways to tie auth to acct.  I think this is vital for broader adoption of paid Wi-Fi roaming.

I think clearer guidelines on Acct-Session-Id and Acct-Multi-Session-Id (and their inclusion in auth requests) could address this.

-Michael


From: radext <radext-bounces@ietf.org> on behalf of Heikki Vatiainen <hvn@radiatorsoftware.com>
Date: Wednesday, August 23, 2023 at 7:02 AM
To: radext@ietf.org <radext@ietf.org>
Subject: Re: [radext] Implementation inventions

CAUTION: This email originated from outside of SingleDigits. Do not click links or open attachments unless you know the content is safe.

________________________________
On Tue, 22 Aug 2023 at 15:22, Alan DeKok <aland@deployingradius.com<mailto:aland@deployingradius.com>> wrote:

https://github.com/radext-wg/issues-and-fixes-2

  I've given you write access.  and added a wiki page:  https://github.com/radext-wg/issues-and-fixes-2/wiki

  I can give people write access to the Wiki, and we can save issues there.  We may have enough issues for a new document.

I've added an item about use of zero-length attributes. This uses RFC 7268 EAP-Key-Name and RFC 4372 Chargeable-User-Identity as examples. Both should carry a single all-zero octet for requesting action from a server, but some clients use a zero length attribute instead.

--
Heikki Vatiainen
hvn@radiatorsoftware.com<mailto:hvn@radiatorsoftware.com>