IETF Logo Mail Archive

Re: [radext] Proposed new charter text

Alan DeKok <aland@deployingradius.com> Mon, 23 March 2015 11:24 UTC

Return-Path: <aland@deployingradius.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45F131A8988 for <radext@ietfa.amsl.com>; Mon, 23 Mar 2015 04:24:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d1N79TlbKega for <radext@ietfa.amsl.com>; Mon, 23 Mar 2015 04:24:13 -0700 (PDT)
Received: from power.freeradius.org (power.freeradius.org [195.154.231.44]) by ietfa.amsl.com (Postfix) with ESMTP id E05CA1A1BA9 for <radext@ietf.org>; Mon, 23 Mar 2015 04:24:12 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by power.freeradius.org (Postfix) with ESMTP id DED9F2240490; Mon, 23 Mar 2015 12:23:41 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at power.freeradius.org
Received: from power.freeradius.org ([127.0.0.1]) by localhost (power.freeradius.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JuN6x_Re3uPQ; Mon, 23 Mar 2015 12:23:41 +0100 (CET)
Received: from [192.168.20.49] (198-84-181-115.cpe.teksavvy.com [198.84.181.115]) by power.freeradius.org (Postfix) with ESMTPSA id 757832240168; Mon, 23 Mar 2015 12:23:40 +0100 (CET)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <alpine.WNT.2.20.1.1503221852040.3600@SMURF>
Date: Mon, 23 Mar 2015 07:23:38 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <5FA970CC-2E05-4EFC-8AE6-840D334B28E4@deployingradius.com>
References: <5502B836.5000100@restena.lu> <alpine.WNT.2.20.1.1503221133420.3600@SMURF> <9C712CB9-7834-4049-9318-54E769F7661D@deployingradius.com> <alpine.WNT.2.20.1.1503221518060.3600@SMURF> <2DB68EA1-97A6-4263-9E7F-9BD24B567C7A@deployingradius.com> <alpine.WNT.2.20.1.1503221852040.3600@SMURF>
To: Peter Deacon <peterd@iea-software.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/radext/dxBf00LwEmdw0IOvf0G1x36biwk>
Cc: "radext@ietf.org" <radext@ietf.org>
Subject: Re: [radext] Proposed new charter text
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Mar 2015 11:24:15 -0000

On Mar 23, 2015, at 12:14 AM, Peter Deacon <peterd@iea-software.com> wrote:
> RFC5176 Section 2.3 explains atomicity requirements while CoA or DM requests match multiple sessions.

  OK… I hadn’t noticed that before.  It still doesn’t change my opinion of the charter changes, though,

> This an important reason why I believe state will be required in some cases to facilitate correlation in the event insufficient information is available to do so.

  Correlation of what?  I find that sentence so vague that I don’t know what it means.

  The draft implements CoA proxying based on Operator-Name.  This is sufficient for all proxies to get the packet to the visited domain, independent of anything else in the packet.  The Operator-Name *is* “sufficient information” for all proxies.  The proxies need no other information, and can safely ignore every single other attribute in the packet.

  The draft allows for the visited network to get the packet to the NAS based on Operator-NAS-Identifier.  This is sufficient for the visited network to get the packet to the correct NAS, independent of anything else in the packet.  The Operator-NAS-Identifier is “sufficient information” for the visited network.  It needs no other information, and can safely ignore every single other attribute in the packet.

  The rest of the information in the packet is interpreted by the NAS.

> I believe the mechanism to support can be fully opaque like Operator-NAS-Identifier and fully implementation dependant I advocate only enabling communication channel exist.

  To support… what?  You’re making some kind of assumption, and not explaining it here.

> I believe Operator-NAS-Identifier's constraints make it insufficient for this role otherwise it would be sufficient.  Section 3.1 20 octets language is insufficient and automatic removal of NAS identifying attributes may be counterproductive.

  Why?

> I do not advocate for fixing Dynamic authorization or session identifying attributes.  I do not advocate for fixing Proxy.  In previous remarks possible courses of action were enumerated to assist in demonstrating why state is needed by implementations.

  I read those remarks.  I still have no idea why you think state is needed.

> With regards to CoA draft I would support either a separate State attribute or loosening constraints of Operator-NAS-Identifier.

  A separate State attribute to do… what?

> Regardless of concerns specific to CoA draft appreciate any consideration of my recommendation.

  I have no idea what you’re recommending.  Please explain.  Your remarks are cryptic and unhelpful.

  Alan DeKok.

v2.23.0 | Report a Bug | By Email