IETF Logo Mail Archive

Re: [radext] Ben Campbell's Discuss on draft-ietf-radext-coa-proxy-06: (with DISCUSS and COMMENT)

Ben Campbell <ben@nostrum.com> Thu, 16 August 2018 04:07 UTC

Return-Path: <ben@nostrum.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8FA8128C65; Wed, 15 Aug 2018 21:07:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.88
X-Spam-Level:
X-Spam-Status: No, score=-1.88 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cNQ3YeWWjyGe; Wed, 15 Aug 2018 21:07:27 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC347124C04; Wed, 15 Aug 2018 21:07:27 -0700 (PDT)
Received: from [10.0.1.95] (cpe-70-122-203-106.tx.res.rr.com [70.122.203.106]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id w7G47HID009787 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 15 Aug 2018 23:07:18 -0500 (CDT) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-70-122-203-106.tx.res.rr.com [70.122.203.106] claimed to be [10.0.1.95]
From: Ben Campbell <ben@nostrum.com>
Message-Id: <A1A49AB9-ED90-4681-A7B4-9CFFDFEBFF8C@nostrum.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_EE508420-3884-44F4-946B-8CF6494655DD"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Wed, 15 Aug 2018 23:05:40 -0500
In-Reply-To: <78BEFFD7-2B87-4EC1-A1A3-8BDD7AB97C5F@freeradius.org>
Cc: The IESG <iesg@ietf.org>, draft-ietf-radext-coa-proxy@ietf.org, Winter Stefan <stefan.winter@restena.lu>, radext-chairs@ietf.org, radext@ietf.org
To: Alan DeKok <aland@freeradius.org>
References: <153436290915.3118.1227345371925581329.idtracker@ietfa.amsl.com> <78BEFFD7-2B87-4EC1-A1A3-8BDD7AB97C5F@freeradius.org>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/bprCjBesvmUNlHXcPFtZVrnx-7w>
Subject: Re: [radext] Ben Campbell's Discuss on draft-ietf-radext-coa-proxy-06: (with DISCUSS and COMMENT)
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Aug 2018 04:07:30 -0000


> On Aug 15, 2018, at 8:14 PM, Alan DeKok <aland@freeradius.org> wrote:
> 
> On Aug 15, 2018, at 3:55 PM, Ben Campbell <ben@nostrum.com> wrote:
>> (This is a procedural DISCUSS. Hopefully it can be resolved easily, but I do
>> think it needs to be resolved prior to publication..)
>> 
>> This draft is standards track, yet it primarily serves to extend RFC 5176. That
>> RFC is informational. The shepherd writeup argues that this is okay because it
>> seems like 5176 should have been standards track. But the applicability
>> statement RFC 5176 explains why it was informational, and the reasons seem
>> convincing. Therefore I do not think it is appropriate to publish this draft as
>> Standards Track.
> 
>  We may choose Informational for this document, because it has a normative dependency on RFC 5176.
> 
>  But I don't see how those two last sentences are related.  The argument which is convincing for 5176 is not applicable to this document. So conflating the two applicability statements is simply not appropriate.
> 
>  i.e. the issues highlighted in Section 1.1 of RFC 5176 do not apply to this document.  Any applicability statement here would be *false* if it repeated (or even normatively referenced) the discussion in RFC 5176.

What I had in mind was just a statement to the effect that, while this extension includes normative language, it is informational because it is based on RFC 5176, which is also informational.

However, I do not understand your point that the applicability statement from 5176 does not apply to this draft. It basically says that 5176 is informational because CoA has (or had) issues (security, architectural, etc) that made it inappropriate for standards track. Since this draft is fundamentally based on 5176, it seems like it would inherit those issues. Or do you think all those issues have been mitigated, either by this draft or others? (The answer is probably academic, in that it addresses the question about whether 5176 _should_ still be informational, which doesn’t change the fact that it _is_.)


> 
>> I think it would be fine to progress it as Informational (or
>> even Experimental)
> 
>  If it's Experimental, then any possible subsequent Standards track document would run into the same problem: 5176 is Informational.
> 
>  And if we're being realistic... I think we're past the point where we can expect RADIUS Information or Experimental documents to progress to Standards track.  I can't for the life of me think of a single RADIUS document which has progressed from Informational or Experimental to Proposed Standard.  And, the RADIUS WG is on the verge of shutting down, with no new work envisioned.
> 
>  And if 20+ years isn't enough to make RFC 2866 (RADIUS accounting) a Proposed Standard, then I suspect no further progress will be made in the next 20 years.
> 
>> if it included an applicability statement explaining why in
>> order to avoid the appearance of a standard masquerading as an Informational
>> RFC.
> 
>  "This document is Informational because it updates RFC 5176, which is itself Informational.  None of the applicability statements in Section 1.1 of RFC 5176 apply to this document."
> 
>> ----------------------------------------------------------------------
>> COMMENT:
>> ----------------------------------------------------------------------
>> 
>> Thanks for a readable and understandable drafts. I have some additional
>> comments that do not rise to the level of a DISCUSS
>> 
>> Substantive Comments:
>> 
>> - I support Adam's DISCUSS point concerning the security properties of
>> Operator-NAS-Identifier. But I will let that play out in Adam's thread.
>> 
>> §3.1 and §3,3: Do the normative changes to Access-Request and
>> Accounting-Request mean that this draft needs to update documents other than
>> just RFC 5176?
> 
>  The document does not provide for normative changes to Access-Request or Accounting-Request packets.  As with other RFCs that define new RADIUS attributes (e.g. 5580), it does not update RFC 2865 or 2866.
> 
>  i.e. simply carrying a new attribute is not a normative change to those packets.
> 
>> Editorial Comments:
>> 
>> - The abstract and introduction explain how this draft updates 5176, which is
>> good. However, they avoid using the explicit term-of-art "Updates RFC 5176".
>> Doing so would help make things more explicit. (The RFC style guide recommends
>> doing this at least in the abstract.)
> 
>  Fixed.
> 
>> - Please expand PPTP and L2TP on first mention.
> 
>  Fixed.
> 
>> §3.1: I suspect some of the normative keywords in this section refer to
>> previously existing requirements rather than new requirements. If  so, they
>> should not be capitalized except in literal quotes.
> 
>  The normative keywords do not refer to previously existing requirements.
> 
>> §6: I think it would be helpful to mention the discussion in §4.3 in the
>> security considerations.
> 
>  Sure.
> 
>> §7: It would be helpful for the IANA considerations to briefly summarize the
>> new attributes, so that a reader that started out reading the IANA
>> considerations doesn't have to flip back to §3.3 just to find out what they are.
> 
>  The latest draft has the updates.  IANA has the allocation ready, and it has been reviewed.
> 
>  Alan DeKok.

v2.23.0 | Report a Bug | By Email