Re: [radext] New DTLS document
Jouni Korhonen <jouni.nospam@gmail.com> Mon, 29 April 2013 08:32 UTC
Return-Path: <jouni.nospam@gmail.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A63521F9763 for <radext@ietfa.amsl.com>; Mon, 29 Apr 2013 01:32:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dvgBD6vVCfiJ for <radext@ietfa.amsl.com>; Mon, 29 Apr 2013 01:32:24 -0700 (PDT)
Received: from mail-la0-x22f.google.com (mail-la0-x22f.google.com [IPv6:2a00:1450:4010:c03::22f]) by ietfa.amsl.com (Postfix) with ESMTP id A2B0E21F9497 for <radext@ietf.org>; Mon, 29 Apr 2013 01:32:20 -0700 (PDT)
Received: by mail-la0-f47.google.com with SMTP id em20so1911453lab.6 for <radext@ietf.org>; Mon, 29 Apr 2013 01:32:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:content-transfer-encoding:message-id:references:to:x-mailer; bh=zz7PqHekF2+19KVWdVcKw1scOTqCFP1P/ArX5sPecTA=; b=FNIkPhLRRVqoGPpvOiIWOCB8YRIlkdTKpV8uwlG86dPqQQJmOyKAGLIM8tss9E/bVI +oKV8Sl+MX9H9jo9gd9L5D7NsGSJ3mPDIgzRmKHhYDhiUZb9WX3H3ZWZuQJ6xN507P1S ZU1uo81z98/LWWrhpfeNQ1NhEc0i735JYYn5qif31zGMadhcxZCDy8OM1Im2q+ar4GBH wnJcafbtuYVvJfsYwoyFyD4noxI5sKOXXe9J9Bz/6YNV3mr+E6JUBTW9a7mrcs+H0IKS MRDDIfb4JrtPK4+Ai6LtU9M7EO403VeHVjYr/lrCuqK7J2IzI0xUDdcP/O2yYFuL5srp kroQ==
X-Received: by 10.112.161.97 with SMTP id xr1mr26838869lbb.15.1367224339556; Mon, 29 Apr 2013 01:32:19 -0700 (PDT)
Received: from [192.168.250.191] ([194.100.71.98]) by mx.google.com with ESMTPSA id u2sm9389988lag.7.2013.04.29.01.32.17 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 29 Apr 2013 01:32:18 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\))
From: Jouni Korhonen <jouni.nospam@gmail.com>
In-Reply-To: <A95B4818FD85874D8F16607F1AC7C628B4032E@xmb-rcd-x09.cisco.com>
Date: Mon, 29 Apr 2013 11:32:28 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <0E1BBA4B-1985-43C3-800A-AF336CABEF30@gmail.com>
References: <516EA97E.2000005@deployingradius.com> <C47910C2-BCEA-4DC2-A016-C98D67B62DD9@gmail.com> <A95B4818FD85874D8F16607F1AC7C628B4032E@xmb-rcd-x09.cisco.com>
To: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>, Alan DeKok <aland@deployingradius.com>
X-Mailer: Apple Mail (2.1503)
Cc: radext@ietf.org, Jouni Korhonen <jouni.nospam@gmail.com>
Subject: Re: [radext] New DTLS document
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/radext>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Apr 2013 08:32:24 -0000
Thanks Joe for detailed comments. Just few generic questions to the WG. 1) Do you agree with Joe's suggestion to use the same port as RADSEC: radius-dtls 2083/udp RADIUS over DTLS [RFCTBD] 2) Do you think Joe's concern on Section 5.1.2 "disambiguation recommendation" is something that need to be reconsidered.. - Jouni On Apr 22, 2013, at 8:32 AM, Joseph Salowey (jsalowey) <jsalowey@cisco.com> wrote: > I think there are a few inconsistencies that need cleaning-up: > > - Section 2.2.1 > > Section 2.5 of RFC 6614 should apply to RADIUS over DTLS since a single port is used for all types of RADIUS codes. ( I think the last bullet point in section 2.1 should be removed as well.) > > - Section 5.1.1 > > This section references a requirement to receive RADIUS/UDP and RADIUS/DTLS on the same port, this is no longer a requirement. Suggest cleaning up the text along the lines of: > > " ... Implementations that accept RADIUS/DTLS on the RADIUS/UDP port may find this recommendation difficult to implement in > practice. ... " > > - Section 5.1.2 > > I still have a concern about the disambiguation recommendation since it relies upon a protocol field which is not in control of RADIUS, but it is rather in control of DTLS. Its possible that int he future DTLS may choose to define a new extended handshake type that would use a different type code of 22. This would introduce ambiguity and prevent this version of DTLS from being used with this mechanism. It would be a better, more reliable design to have the disambiguation rely upon something that RADIUS had control over. For example, define a RADIUS code type that encapsulates a RADIUS DTLS message. > > Additionally section 5.1.2 should clarify that it only applies to implementations that accept RADIUS/DTLS on the RADIUS/UDP port > > - Section 5.1.3 > > Most of this section applies to implementations that accept RADIUS/DTLS on the RADIUS/UDP port. THis section should clarify this. I think the last 3 paragraphs are generic and can be moved to a a different section, such as 5.1.1. > > > - Section 9 > > We could request the same port as RADSEC. Something like: > > IANA is requested to assign a registered UDP port number for RADIUS over DTLS. The same values as for RADIUS over TLS (RFC6614) are requested. That is, update the registry as follows: > > radius-dtls 2083/udp RADIUS over DTLS [RFCTBD] > > > > > > > On Apr 18, 2013, at 12:26 AM, Jouni Korhonen <jouni.nospam@gmail.com> wrote: > >> >> Folks, >> >> <as a co-chair> >> >> Everybody happy with -05 ? If I here no immediate >> voices of disagreement, we can conclude the WG >> has reached consensus and the document can move >> forward. I'll wait till next Monday. >> >> - Jouni >> >> >> >> On Apr 17, 2013, at 4:54 PM, Alan DeKok <aland@deployingradius.com> wrote: >> >>> http://tools.ietf.org/html/draft-ietf-radext-dtls-05 >>> >>> Which addresses all of the open concerns. >>> >>> Alan DeKok. >>> _______________________________________________ >>> radext mailing list >>> radext@ietf.org >>> https://www.ietf.org/mailman/listinfo/radext >> >> _______________________________________________ >> radext mailing list >> radext@ietf.org >> https://www.ietf.org/mailman/listinfo/radext >
- Re: [radext] New DTLS document jouni korhonen
- [radext] New DTLS document Alan DeKok
- Re: [radext] New DTLS document Jouni Korhonen
- Re: [radext] New DTLS document Peter Deacon
- Re: [radext] New DTLS document Joseph Salowey (jsalowey)
- Re: [radext] New DTLS document Jouni Korhonen
- Re: [radext] New DTLS document Sam Hartman
- Re: [radext] New DTLS document Alan DeKok
- Re: [radext] New DTLS document Sam Hartman
- Re: [radext] New DTLS document Peter Deacon
- Re: [radext] New DTLS document Alan DeKok
- Re: [radext] New DTLS document Jouni Korhonen
- Re: [radext] New DTLS document Alan DeKok
- Re: [radext] New DTLS document Jouni Korhonen
- Re: [radext] New DTLS document Joseph Salowey (jsalowey)
- Re: [radext] New DTLS document Stig Venaas
- [radext] A way forward with the DTLS document - a… Jouni Korhonen
- Re: [radext] A way forward with the DTLS document… Bernard Aboba
- Re: [radext] A way forward with the DTLS document… Peter Deacon
- Re: [radext] A way forward with the DTLS document… Jim Schaad
- Re: [radext] A way forward with the DTLS document… Diego R. Lopez
- Re: [radext] A way forward with the DTLS document… Stig Venaas
- Re: [radext] A way forward with the DTLS document… Jouni Korhonen