Re: [radext] [Technical Errata Reported] RFC5176 (4311)
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Tue, 21 April 2015 21:40 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E031C1B2BC9 for <radext@ietfa.amsl.com>; Tue, 21 Apr 2015 14:40:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RuJuSjFY8td6 for <radext@ietfa.amsl.com>; Tue, 21 Apr 2015 14:40:55 -0700 (PDT)
Received: from mail-lb0-x22f.google.com (mail-lb0-x22f.google.com [IPv6:2a00:1450:4010:c04::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D30F1B2BFA for <radext@ietf.org>; Tue, 21 Apr 2015 14:40:54 -0700 (PDT)
Received: by lbbqq2 with SMTP id qq2so165834542lbb.3 for <radext@ietf.org>; Tue, 21 Apr 2015 14:40:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=HsVX8KMK+537rXhJ7JbbR88B0uR87Zt/u0yscvUU+jQ=; b=exAjgG+RlAWwuQbJ0NX5BPOI+kIEQEaT4QffuaUY0K+PKud4OG5qZDz/OZYiY3T8kW 1veVv4lt9c09X4245C4rEjJ953RV3DLQzJbOAZ0j9w2Xt4XjJtLUFk+pf/66P5GDUE+o H9T7H91cFwmCnT4XBq25D61T8Yk3ecJc7agfDFsXUMvm1Nmp2t2BY/fq5M2y76vcxxoQ EG5plWNZjIKiNBROc81VtWGj8YihtgLbYVetm6mTaRMq7MmNy1cSmTZJC+jprlJsNFDr Srueq8zNoWHkrCII5WAKYk+bzS/iTv1qAFhf42cXZdXomXgYs1lTCOOxjzI3xuAfd6IX J6hQ==
MIME-Version: 1.0
X-Received: by 10.112.29.36 with SMTP id g4mr22460905lbh.56.1429652452888; Tue, 21 Apr 2015 14:40:52 -0700 (PDT)
Received: by 10.112.11.199 with HTTP; Tue, 21 Apr 2015 14:40:52 -0700 (PDT)
In-Reply-To: <22950_1429645448_5536A888_22950_6217_1_6B7134B31289DC4FAF731D844122B36E0103B176@PEXCVZYM13.corporate.adroot.infra.ftgroup>
References: <20150323165024.CFFDA180459@rfc-editor.org> <CAHbuEH7Z83dWUgJuYX0gqsr5uEYqQ9KrCPuZv1R_uEjU01qXXg@mail.gmail.com> <22950_1429645448_5536A888_22950_6217_1_6B7134B31289DC4FAF731D844122B36E0103B176@PEXCVZYM13.corporate.adroot.infra.ftgroup>
Date: Tue, 21 Apr 2015 17:40:52 -0400
Message-ID: <CAHbuEH6EPrdJLKriC7xzpk8HNA=_3CZc4byo9KyGBKfM_3uH3Q@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
To: "<lionel.morand@orange.com>" <lionel.morand@orange.com>
Content-Type: multipart/alternative; boundary="001a1133f9949b5587051442e61e"
Archived-At: <http://mailarchive.ietf.org/arch/msg/radext/UiUiAtbToxy0zUJohSnvNdK5o8k>
X-Mailman-Approved-At: Wed, 22 Apr 2015 01:35:09 -0700
Cc: "gdommety@cisco.com" <gdommety@cisco.com>, "radext@ietf.org" <radext@ietf.org>, Alan DeKok <aland@freeradius.org>, Stefan Winter <stefan.winter@restena.lu>, joel jaeggli <joelja@bogus.com>, "bernarda@microsoft.com" <bernarda@microsoft.com>, "david@mitton.com" <david@mitton.com>, Benoit Claise <bclaise@cisco.com>, "meklund@cisco.com" <meklund@cisco.com>, "mchiba@cisco.com" <mchiba@cisco.com>, RFC Errata System <rfc-editor@rfc-editor.org>
Subject: Re: [radext] [Technical Errata Reported] RFC5176 (4311)
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Apr 2015 21:40:59 -0000
Thanks, Lionel. One more question in-line. On Tue, Apr 21, 2015 at 3:44 PM, <lionel.morand@orange.com> wrote: > I'm OK with this erratum but I would provide further clarifications. > > First, I would recommend to clarify what "mandatory" in the context of > RADIUS. > I can replace the text with what you provided below, but if clarifying what "mandatory" means is needed. Can someone propose text within the paragraph below so I have the full replacement text? If I am just doing "Hold For Document Update", I can add this in a not as well. I'd just like to get the agreed upon text. > I would also highlight the specific case of the Proxy-State. > > > > I would propose the following text: > > > > In CoA-Request and Disconnect-Request packets, all attributes MUST > be treated as mandatory to understand by the NAS, except Proxy-State > > attributes that MUST be treated as opaque data. See Section 3.1 for > > further details on the handling of Proxy-State attributes by NAS. > > > > let me know if it is OK for you. > Thank you, Kathleen > > > regards, > > > > Lionel > > > > *De :* Kathleen Moriarty [mailto:kathleen.moriarty.ietf@gmail.com] > *Envoyé :* mardi 21 avril 2015 19:16 > *À :* RFC Errata System > *Cc :* mchiba@cisco.com; gdommety@cisco.com; meklund@cisco.com; > david@mitton.com; bernarda@microsoft.com; Benoit Claise; joel jaeggli; > Stefan Winter; MORAND Lionel IMT/OLN; radext@ietf.org; Alan DeKok > *Objet :* Re: [radext] [Technical Errata Reported] RFC5176 (4311) > > > > Hello, > > > > I haven't seen any discussion on this from the Radext WG. The report > looks reasonable and make sense to me, but would like to hear from the > chairs to confirm. Since this is getting addressed in a new draft, I would > be included to mark this as "Hold for Document Update". This puts the > errata with this draft (it's not rejected) and can be added to a new > revision of this particular draft if it gets updated in the future. > > > > Please let me know if you agree/disagree and I'll mark it appropriately. > > > > Thanks! > > > > On Mon, Mar 23, 2015 at 12:50 PM, RFC Errata System < > rfc-editor@rfc-editor.org> wrote: > > The following errata report has been submitted for RFC5176, > "Dynamic Authorization Extensions to Remote Authentication Dial In User > Service (RADIUS)". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata_search.php?rfc=5176&eid=4311 > > -------------------------------------- > Type: Technical > Reported by: Alan DeKok <aland@freeradius.org> > > Section: 2.3 > > Original Text > ------------- > Section 2.3 says: > > In CoA-Request and Disconnect-Request packets, all attributes MUST > be treated as mandatory. > > > Corrected Text > -------------- > In CoA-Request and Disconnect-Request packets, all attributes MUST > be treated as mandatory, except Proxy-State. See Section 3.1 for a > discussion of how the NAS must handle Proxy-State. > > Notes > ----- > This was seen with vendor equipment. CoA proxying was done to the NAS, > and the proxy was adding and forwarding Proxy-State as required by Section > 3.1. However, the NAS was returning a CoA-NAK with Error-Cause = > Unsupported-Attribute. > > The issue comes because Proxy-State is called out in Section 3.1 for > special handling. However, that special handling isn't called out in > Section 2.3. As a result, implementors can get confused. > > The RADEXT WG is rechartering with a document to address CoA proxying. We > will also be addressing this issue in that document. There are additional > attributes which a NAS should ignore, OR which should be filtered out by > the proxy closest to the NAS. > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party (IESG) > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC5176 (draft-ietf-radext-rfc3576bis-13) > -------------------------------------- > Title : Dynamic Authorization Extensions to Remote > Authentication Dial In User Service (RADIUS) > Publication Date : January 2008 > Author(s) : M. Chiba, G. Dommety, M. Eklund, D. Mitton, B. Aboba > Category : INFORMATIONAL > Source : RADIUS EXTensions > Area : Operations and Management > Stream : IETF > Verifying Party : IESG > > _______________________________________________ > radext mailing list > radext@ietf.org > https://www.ietf.org/mailman/listinfo/radext > > > > > > -- > > > > Best regards, > > Kathleen > > _________________________________________________________________________________________________________________________ > > Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, > Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. > > This message and its attachments may contain confidential or privileged information that may be protected by law; > they should not be distributed, used or copied without authorisation. > If you have received this email in error, please notify the sender and delete this message and its attachments. > As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. > Thank you. > > -- Best regards, Kathleen
- [radext] [Technical Errata Reported] RFC5176 (431… RFC Errata System
- Re: [radext] [Technical Errata Reported] RFC5176 … Kathleen Moriarty
- Re: [radext] [Technical Errata Reported] RFC5176 … lionel.morand
- Re: [radext] [Technical Errata Reported] RFC5176 … Kathleen Moriarty
- Re: [radext] [Technical Errata Reported] RFC5176 … lionel.morand
- [radext] [Errata Verified] RFC5176 (4311) RFC Errata System