Re: [radext] Fwd: New Version Notification for draft-ietf-radext-radius-fragmentation-05.txt

Benoit Claise <bclaise@cisco.com> Tue, 18 March 2014 18:50 UTC

Return-Path: <bclaise@cisco.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 980DE1A044C for <radext@ietfa.amsl.com>; Tue, 18 Mar 2014 11:50:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.048
X-Spam-Level:
X-Spam-Status: No, score=-10.048 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l0eXLS_imGbf for <radext@ietfa.amsl.com>; Tue, 18 Mar 2014 11:50:31 -0700 (PDT)
Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) by ietfa.amsl.com (Postfix) with ESMTP id E6C691A040E for <radext@ietf.org>; Tue, 18 Mar 2014 11:50:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1439; q=dns/txt; s=iport; t=1395168623; x=1396378223; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=kzGlxN2PNPWcTXu28KQVWRDr6gT5CAJ5Z6vR4Xmw9YQ=; b=LCKA6gmAJZacRHEUyRpYmBb+Tmp3yssMTqoTy+Pq+xU82jSxhi1qIimj qXQXfm7xFiY7ksdNT4C5qBwDwX872C99A0uXIzM8vp4Fz03KqnH39OFxN Vai/gUluWEPDHHnNjeZuiMDFsxUNVd331svOV6sw5HHwoSUuaLJC7kJM8 0=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgUFAB6VKFOQ/khR/2dsb2JhbABagwY7uz6Ga1GBLRZ0giUBAQEEAQEBNTQCCAEBARALGAkWDwkDAgECARUwBgEMAQUCAQGHdQ3QHxMEjmIHhDgBA5hGhkyLZIFvgT88
X-IronPort-AV: E=Sophos;i="4.97,679,1389744000"; d="scan'208";a="9097990"
Received: from ams-core-1.cisco.com ([144.254.72.81]) by aer-iport-2.cisco.com with ESMTP; 18 Mar 2014 18:50:21 +0000
Received: from [10.60.67.89] (ams-bclaise-8918.cisco.com [10.60.67.89]) by ams-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id s2IIoLWb006595; Tue, 18 Mar 2014 18:50:21 GMT
Message-ID: <5328956D.5080908@cisco.com>
Date: Tue, 18 Mar 2014 19:50:21 +0100
From: Benoit Claise <bclaise@cisco.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Alan DeKok <aland@deployingradius.com>, Alejandro Perez Mendez <alex@um.es>
References: <20140307075126.8756.14600.idtracker@ietfa.amsl.com> <53197B56.10303@um.es> <53281E36.2020708@cisco.com> <53282898.9050504@um.es> <532849D2.3040504@deployingradius.com>
In-Reply-To: <532849D2.3040504@deployingradius.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/radext/_QYNZaIVjFdp8jLOAAMweehvwSU
Cc: radext@ietf.org
Subject: Re: [radext] Fwd: New Version Notification for draft-ietf-radext-radius-fragmentation-05.txt
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Mar 2014 18:50:32 -0000

On 18/03/2014 14:27, Alan DeKok wrote:
> Alejandro Perez Mendez wrote:
>> we could extend that line to something like:
>>
>> The
>>     authors acknowledge this is formally violating [RFC2865], but no
>>     operational issues are expected as no known implementation
>>     perform that verification when proxying Access-Requests, since doing so would
>>     preclude them to support future extensions.
>    Perhaps this (word-smithing)
>
> The authors acknowledge that this specification violates the "MUST"
> requirement of [RFC2865] Section 4.1.  We note that a proxy which
> enforces that requirement would be unable to support future RADIUS
> authentication extensions.  Extensions to the protocol would therefore
> be impossible to deploy.
>
> All known implementations have chosen the philosophy of "be liberal in
> what you accept".  That is, they accept traffic which violates the
> requirement of [RFC2865] Section 4.1.  We therefore expect to see no
> operational issues with this specification.  After we gain more
> operational experience with this specification, it can be re-issued as a
> standards track document, and update [RFC2865].
To answer Alejandro's question here: If the WG is fine with this, I'm fine.

Regards, Benoit
>
>    Alan DeKok.
>
> _______________________________________________
> radext mailing list
> radext@ietf.org
> https://www.ietf.org/mailman/listinfo/radext
>