IETF Logo Mail Archive

Re: [radext] draft-ietf-dhc-dhcpv6-radius-opt-10

"Leaf Yeh" <leaf.yeh.sdo@gmail.com> Thu, 04 April 2013 17:49 UTC

Return-Path: <leaf.yeh.sdo@gmail.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF1DE21F8FD3; Thu, 4 Apr 2013 10:49:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.826
X-Spam-Level:
X-Spam-Status: No, score=-1.826 tagged_above=-999 required=5 tests=[AWL=1.773, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7oo63mYeqiWy; Thu, 4 Apr 2013 10:49:12 -0700 (PDT)
Received: from mail-pb0-f42.google.com (mail-pb0-f42.google.com [209.85.160.42]) by ietfa.amsl.com (Postfix) with ESMTP id 1ADDF21F8EED; Thu, 4 Apr 2013 10:49:12 -0700 (PDT)
Received: by mail-pb0-f42.google.com with SMTP id up7so1553368pbc.29 for <multiple recipients>; Thu, 04 Apr 2013 10:49:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:from:to:cc:references:in-reply-to:subject:date :message-id:mime-version:content-type:content-transfer-encoding :x-mailer:thread-index:content-language; bh=fnd0HqJLfYaqKrV+2Zsir0EoBZPda+zT6CMKIO/MyJM=; b=MR3et63OkPab9DiMJtOwBZW2kZPqH3Bda0Am/uOLFiCVbtdsLozn3RB/07ZRjbJluQ yAppXD6rly2XfQJg7hM4JCPIQJzjRTm0IKyZ28pozp38vlYBeWunHh6RYA1LLHG7vf8m mqs0+MxSaMOXoVWPpjeBbuDjrDgJa7VMeYRgcifqFyENClUdgQktwDd0lA8YZTmTc7Nu yBzjyNk4Pj86RJmw90hxqdwWjYFemJWXVDxxmCkzDTFKWrk7s1sWV+/f5uKZdzjjZP48 FBUW2YTfDHgQBHSIII0V0A3HSlkVV8/a0dm7U16lQFJKTI21q4jBV75MOwXJXj53TPHz 0jPQ==
X-Received: by 10.67.1.39 with SMTP id bd7mr10453929pad.194.1365097751804; Thu, 04 Apr 2013 10:49:11 -0700 (PDT)
Received: from PC ([111.193.205.188]) by mx.google.com with ESMTPS id yz4sm5980959pbc.11.2013.04.04.10.49.08 (version=TLSv1 cipher=RC4-SHA bits=128/128); Thu, 04 Apr 2013 10:49:11 -0700 (PDT)
From: Leaf Yeh <leaf.yeh.sdo@gmail.com>
To: 'Jim Schaad' <ietf@augustcellars.com>, 'Alan DeKok' <aland@deployingradius.com>, 'Jouni Korhonen' <jouni.nospam@gmail.com>
References: <B51C71CC-654D-43F3-A50A-321C171CD562@gmail.com> <515D7B4D.7090201@deployingradius.com> <011701ce3157$8d1c4900$a754db00$@augustcellars.com>
In-Reply-To: <011701ce3157$8d1c4900$a754db00$@augustcellars.com>
Date: Fri, 05 Apr 2013 01:49:01 +0800
Message-ID: <515dbd17.24fa440a.4c16.ffff9e13@mx.google.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AQHeMUCySghpWabMjAXlQ7CQqOxydwChOzqJmKFCjMCAAAPOQA==
Content-Language: zh-cn
Cc: radext@ietf.org, 'dhcwg' <dhcwg@ietf.org>
Subject: Re: [radext] draft-ietf-dhc-dhcpv6-radius-opt-10
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/radext>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2013 17:49:12 -0000

Jim - ...however should there be the ability to send vender defined traffic?

The VSA (26) has recommended in the proposed IANA Registry of 'RADIUS
attributes permitted in DHCPv6 RADIUS option'. (Section 4.1)
Do you want more?


Best Regards,
Leaf



-----Original Message-----
From: radext-bounces@ietf.org [mailto:radext-bounces@ietf.org] On Behalf Of
Jim Schaad
Sent: Friday, April 05, 2013 1:12 AM
To: 'Alan DeKok'; 'Jouni Korhonen'
Cc: radext@ietf.org; draft-ietf-dhc-dhcpv6-radius-opt@tools.ietf.org
Subject: Re: [radext] draft-ietf-dhc-dhcpv6-radius-opt-10



> -----Original Message-----
> From: radext-bounces@ietf.org [mailto:radext-bounces@ietf.org] On 
> Behalf Of Alan DeKok
> Sent: Thursday, April 04, 2013 6:08 AM
> To: Jouni Korhonen
> Cc: radext@ietf.org; draft-ietf-dhc-dhcpv6-radius-opt@tools.ietf.org
> Subject: Re: [radext] draft-ietf-dhc-dhcpv6-radius-opt-10
> 
> Jouni Korhonen wrote:
> > draft-ietf-dhc-dhcpv6-radius-opt-10 has recently passed WGLC in DHC 
> > WG. RADEXT WG is solicited for review. We can provide input as part 
> > of the IETF LC once it is started.  Remember to CC the RADEXT so we 
> > can keep  track of the (possible) comments better.
> 
>   A quick review:
> 
> 4.  DHCPv6 RADIUS option
> 
>     option-len       Length of the option-data in octets
> 
> Q: Can it encode more than 256 octets of RADIUS attributes?  If so, 
> what happens then?
> 
> 
>    ... Only the attributes listed in the IANA Registry of 'RADIUS
>    attributes permitted in DHCPv6 RADIUS option' SHOULD be included in
>    the OPTION_RADIUS.
> 
>  That should be a MUST.  There's no sense in permitting non-RADIUS 
> traffic
in
> this option.

Alan, I have not looked at the registry in question yet, however should
there be the ability to send vender defined traffic?

Jim

> 
> 
> 
> 8.  Security Considerations
> 
>    Known security vulnerabilities of the DHCPv6 and RADIUS protocol 
> MAY
> 
> 
>   Using "MAY" here is probably wrong.  It should be "may".
> _______________________________________________
> radext mailing list
> radext@ietf.org
> https://www.ietf.org/mailman/listinfo/radext

_______________________________________________
radext mailing list
radext@ietf.org
https://www.ietf.org/mailman/listinfo/radext

v2.35.0 | Report a Bug | By Email | System Status