IETF Logo Mail Archive

[radext] Re: New I-D: draft-seralathan-radext-persistent-devid-00

"Premanand Seralathan (pseralat)" <pseralat@cisco.com> Tue, 02 June 2026 05:59 UTC

Return-Path: <pseralat@cisco.com>
X-Original-To: radext@mail2.ietf.org
Delivered-To: radext@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 7D6B2F91073B for <radext@mail2.ietf.org>; Mon, 1 Jun 2026 22:59:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1780379966; bh=ZApA8vioR90JAyHc9m4wVGIoZhKAljR3z0nVojtPO98=; h=From:To:CC:Subject:Date:References:In-Reply-To; b=bPFVuMklZQPXR4crWdG60v/yiawINMZAs1pDBW00uAqMb5PVZtsDkR2MHb54YQ1O4 waWQ4AMTXsy489oGFzOnTraZXVzTvSlbkuLpmSp7WpiLSLZDniORpJaRX+3ihhICYr ax4uhprNqk47kxj9kBRuMjYy0SixTcP98Pz1r/oI=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -11.885
X-Spam-Level:
X-Spam-Status: No, score=-11.885 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_NONE=0.001, T_SPF_HELO_PERMERROR=0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=cisco.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kkZDMLJQHQc6 for <radext@mail2.ietf.org>; Mon, 1 Jun 2026 22:59:25 -0700 (PDT)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id C3053F91072F for <radext@ietf.org>; Mon, 1 Jun 2026 22:59:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; i=@cisco.com; l=11546; q=dns/txt; s=iport01; t=1780379965; x=1781589565; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=ZApA8vioR90JAyHc9m4wVGIoZhKAljR3z0nVojtPO98=; b=Lt31aO8mYmMLlSI370gH7OiEqlzQr3m2VQsvUOwABJegDfG6vItlEzey Tc4PPzLNC2wUJENQknv+/yGIi94GURqfsqIyUji3wo497AbPYsirCXoic HxEj32dq8jVgwEbMWy1lIHTnHVL2hWlYfdm7XFSXkWSqdYV6MMeI3DKFb kEpSi7/pZxlJnrWRGitbgJnD9ZtO6e+EaD+9WC3bvC/MA9jYY2gsgDPrc NgoeggqebRlRlVfwUoeKeBsME2UodYVUnugL6Cpt1Xjg2h6+6/Ap08w8c gVuoSpQRCSUJTKLG+C6HpQ6N9rzq1jky8oFKrTRDLUMH8GV49TQbRW1SB g==;
X-CSE-ConnectionGUID: w34kJiNORIepWcHyfRfr4A==
X-CSE-MsgGUID: OP++2b6SQtK7irqKh3g92Q==
X-IPAS-Result: A0BwAwDZbx5q/5T/Ja1QAQmBLoErgT0xU4IpSYRXg0wDhSyIeQOBE5YxhleBfg8BAQENAlEEAQGFBgIWjRwCJjQJDgECBAMCAwEBAQEBAQEBAQEBCwEBBQEBAQIBBwWBDhOGXIZaAQEBAQIBEhFEEgULAgEIGCcDAgICLxQRAgQOBQgahH4vJwMBAqZ3AYE9AooqeoEygQHgMYFNiFkBKoE1Aw6EBQEbhGAnG4FJRIEVQoIwOD6CYQSBMQEUGoNZOoIvBIINFXoSG4RFiyFSciIDJjMsAVUTFwsHBYEjQwOBBiNLBS0dgSMhHRcVHlgbBwUSICpuRjcDAw0hJBFZPzgLRgWBYwKCGk4jHwM5gReBf4ErbGkQAwttPTcUGwMEgTUFiwddFw+CDyQ/JgSBTmodMAEEAwENAgSXCotiR44YlRcKhByiEReqBGeZBqkVAgQCBAUCEAEBBoFoPIFZcBWDIlMZD44tFs0aeQIBOgIHAgcOAwuRaCyBUQEB
IronPort-PHdr: A9a23:jElA9hCYBp3j6IOmBaj3UyQVXRdPi9zP1kY98JErjfdJaqu8usmkN 03E7vIrh1jMDs3X6PNB3vLfqLuoGXcB7pCIrG0YfdRSWgUEh8Qbk01oAMOMBUDhav+/Ryc7B 89FElRi+hmG
IronPort-Data: A9a23:f5oYjKnCzBDV6rmVIR4+8dro5gzBJ0RdPkR7XQ2eYbSJt1+Wr1Gzt xIcUGCHM/rcNGSjedh+O9zipEoAuceEy95iTwZvrSAyRFtH+JHPbTi7wugcHM8zwunrFh8PA xA2M4GYRCwMZiaC4E/raf658SUUOZigHtLUEPTDNj16WThqQSIgjQMLs+Mii+aEu/Dha++2k Y20+ZG31GONgWYubDpKs/vb8nuDgdyr0N8mlg1mDRx0lAe2e0k9VPo3Oay3Jn3kdYhYdsbSb /rD1ryw4lTC9B4rDN6/+p6jGqHdauePVeQmoiM+t5mK2nCulARrukoIHKZ0hXNsttm8t4sZJ OOhGnCHYVxB0qXkwIzxWvTDes10FfUuFLTveRBTvSEPpqHLWyOE/hlgMK05FZJDpuVVAEdpz 90VMA8GTgGNveysnJvuH4GAhux7RCXqFJkUtnclyXTSCuwrBMmaBa7L/tRfmjw3g6iiH96HO JFfMmUpNkmdJUQTaj/7C7pm9AusrmHkfidRrFuJjaE2+GPUigd21dABNfKJKoPUGpUEwx/wS mTu2Fy6QUsQauem1Rna82i1pe+UknKhYddHfFG/3rsw6LGJ/UQJAREbRUeToPSlhAi5Qd03F qAP0jAloa538AmgScPwGkTh5nWFpRUbHdFXFoXW9T2w90Yd2C7AbkAsRT9aY9tgv8gzLQHGH HfQ9z81LVSDaIGodE8=
IronPort-HdrOrdr: A9a23:EWY/uav/vG/FunuK2naGOAfQ7skCS4Aji2hC6mlwRA09TyXGrb HMoB1L73/JYWgqOU3IwerwRpVoIUmxyXZ0ibNhW4tKLzOWyVdATbsSorcKrAeQYREWmtQtsZ uINpIOd+EYbmIKw/oSgjPIburIqePvmMvH9IWuqkuFDzsaF52IhD0JczpzZ3cGPzWucqBJbK Z0iPA3wAaISDA8VOj+LH8DWOTIut3Mk7zbQTNuPXQawTjLpwmFrJrhHTal/jp2aV5y6IZn3X nOkgT/6KnmiPem1x/a2VbU6pRdiPHhxtFACMHksLlVFtzrsGmVTbUkf4fHkCE+oemp5lpvus LLuQ0cM8N67G6UVn2poDP2sjOQkwoG2jvH8xu1kHHjqcv2SHYREMxan79UdRPf9g4JoMx86q RWxGiU3qAnTy8o3R6NouQgZSsa0XZckkBS19L7SEYvCLf2XYUh6bD3OnklSKvoUhiKs7zPW9 MefP00rMwmAm9yKUqp/lVH8ZiLQmk5GAuATwwpv8yY1CUToVVCpnFonvD2Whw7hc4Ao14u3Z WYDo140L5JVcMYdqR7GaMIRta2EHXERVbWPHuVOkmPLtBMB5vhke++3FwO3pDgRLUYiJ8p3J jRWlJRsmA/P0roFM2VxZVOthTAWn+0UzjhwtxXo8ERgMyxeJP7dSmYDFw+mcqppPsSRsXdRv aoIZpTR/vuN3HnF4pF1xD3H5NSNX4dWssIvctTYSPCnuvbbonx8uDLevfaI7TgVT4iR2PkG3 MGGCP+Ic1Rh3rbE0MQQCKhLU8FVnaPiq6YSpKqitQ72cwILMlWvgAelFS+4dvjE0wxjkUfRj oLHI/a
X-Talos-CUID: 9a23:bMVzMG1mK2aCa1FqKbeb9rxfBZt5cV/c6lDqAkKgNm1JWbOvR0XM0fYx
X-Talos-MUID: 9a23:qFonbwqoS+A3pTyGUDsezxZad4Qy6fqVMVwuzpQcouqEbiMhYQ7I2Q==
X-IronPort-Anti-Spam-Filtered: true
Received: from rcdn-l-core-11.cisco.com ([173.37.255.148]) by rcdn-iport-9.cisco.com with ESMTP/TLS/TLS_AES_256_GCM_SHA384; 02 Jun 2026 05:59:25 +0000
Received: from rcdn-opgw-5.cisco.com (rcdn-opgw-5.cisco.com [72.163.7.169]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by rcdn-l-core-11.cisco.com (Postfix) with ESMTPS id D708D18000155 for <radext@ietf.org>; Tue, 2 Jun 2026 05:59:24 +0000 (GMT)
X-CSE-ConnectionGUID: vTn5kQHLQcmykFThPwrqKA==
X-CSE-MsgGUID: IQPdjpG9SAO/BS0RHu5k7w==
Authentication-Results: rcdn-opgw-5.cisco.com; dkim=pass (signature verified) header.i=@cisco.com
X-IronPort-AV: E=Sophos;i="6.24,182,1774310400"; d="scan'208,217";a="58464597"
Received: from mail-sj0pr08cu00101.outbound.protection.outlook.com (HELO SJ0PR08CU001.outbound.protection.outlook.com) ([40.93.1.73]) by rcdn-opgw-5.cisco.com with ESMTP/TLS/TLS_AES_256_GCM_SHA384; 02 Jun 2026 05:59:24 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=nM5oakoEiTxRkjAvUiGuCuKYzyLk8CHDMFgS76hTfS09edsHEVhVuwq0Td2GCaCVZwepa8BZVOsIO3BA4yiomi3dA/xyT1JbtOLPrW0UJXf8fAZHGyprw3QVGYcPNdgwiJA2nP1o6fz7PDcHdmVhA+QsJ8DqnBvC89sWJ5JbVUYgU1ZBzqmyMwLVDSD97OYs20aXn7tBFFwfFKEB3UPQdx1DZmTaH/VNU810ggdb6vuzPAMs0VjIMZrxwo/x4JTj7CnSXuWYKrw+j9sZiDvglwmRlqVT3BzLDgTsD+ElnkchaeLCjslKVhfEQmMUmOMDTVFPLjVeByea4fOEBF8BRA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZApA8vioR90JAyHc9m4wVGIoZhKAljR3z0nVojtPO98=; b=BA+zsdhRDtVQbOLjJcCoCk+zqMuPZsNCyDusD6/RPi0E5T7r6mYbLoUv/PVZ8LQw/vnqle+Wqg92HgPUOP0ZSZVxugq+ohJKqExjx8WJjFHBsdpbGjF6wOVpRA5Tb4WDFaWPpUispVF3VzfS/+RrkGjXJWIyti9RW4vM7kDRtyrc59NTwjKtMFwALTQ04uKaUuw3ThWW8+d7sjoRF5+3L2/zXCH+Tn2o7teKdoNpZ1orE47lK1DzMLvKIaFSh2G0pgEt+VOR1BUlp9OwvwLBtBD0bnL5oM+qJI+k9olcycwTQqqkBYX55qsRHXs98Nj0u6qx4Y4LPs/tQLowYKvC0g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
Received: from BN8PR11MB3762.namprd11.prod.outlook.com (2603:10b6:408:8d::19) by PH8PR11MB6612.namprd11.prod.outlook.com (2603:10b6:510:1cf::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.71.15; Tue, 2 Jun 2026 05:59:21 +0000
Received: from BN8PR11MB3762.namprd11.prod.outlook.com ([fe80::5e90:55d6:e949:14e9]) by BN8PR11MB3762.namprd11.prod.outlook.com ([fe80::5e90:55d6:e949:14e9%4]) with mapi id 15.21.0071.014; Tue, 2 Jun 2026 05:59:21 +0000
From: "Premanand Seralathan (pseralat)" <pseralat@cisco.com>
To: Alan DeKok <alan.dekok=40inkbridge.io@dmarc.ietf.org>
Thread-Topic: [radext] New I-D: draft-seralathan-radext-persistent-devid-00
Thread-Index: AQHc2NUy8nA4vwgd3UqI5n5zmJHAirYSfBgAgA1TqeWAAHmVAIAKrkSK
Date: Tue, 02 Jun 2026 05:59:21 +0000
Message-ID: <BN8PR11MB37623EBEBB836D64F836490BCC122@BN8PR11MB3762.namprd11.prod.outlook.com>
References: <BYAPR11MB37689273BC46B447843F3516CC352@BYAPR11MB3768.namprd11.prod.outlook.com> <C035972D-A954-4449-B1AA-194C7954F27B@inkbridge.io> <BYAPR11MB3768995A3F905845409EF032CC0B2@BYAPR11MB3768.namprd11.prod.outlook.com> <4C8F2356-BE1F-43AC-AC9A-3AAAE136D906@inkbridge.io>
In-Reply-To: <4C8F2356-BE1F-43AC-AC9A-3AAAE136D906@inkbridge.io>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-reactions: allow
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN8PR11MB3762:EE_|PH8PR11MB6612:EE_
x-ms-office365-filtering-correlation-id: 8e1478c5-b3ed-476e-a3fc-08dec06c1780
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|376014|1800799024|22082099003|18002099003|6133799003|4143699003|11063799006|56012099006|8096899003|38070700021;
x-microsoft-antispam-message-info: n237qY4XLpRtQtC0EToRQ9Hq3XR2pZBTtcmvBie12kW6++gmvVUUep1OrXE2NrFAywliuBu8SHBLUyIcnsST4UX1dzyKKHZfjXZlLbkCe8dUDlYym8gWv7G8GBGoM9oEHEJdXnDk2W1aaHuidXYDXHT8NgIGKxZa7EE/L2Ima5oAmmXnELzb1CG4hRa9dvSmApLBAAHs89V7py4V4SxooV8UL6sfHIMkKSHb6f0+aL5MNcfUXKbA6PhihhTgHduHbug3Oh8wwBrFz/cUnUI564520TyTlwUBOI+8XV5xjugNatwU+Vh+X/+lWVp7F9zQTyXvNTODnezdbXve2Fqrd6dAnh2/VEBKk7Vjecqe3KuWeeff4ypjKk+MPWVVIuPw386OGLomVjB2teW54yP+n2Ij6xW8fMn9AFmlZGvXu9lT1XCuK8bgpN1xBT/vn77BZe6Sg5oq7PKFGwUFhlYIJAMjyTRmORkG3B72Tgv0SaCVFHqs+D/GBssTD+mek9S+d3wSV2CTtR5serXQ+1xAyLmzqJARBc2259k9ToznxsKkVYetAvOwUaEOBXx5R7mCR4laNLJZEfwDqQjeqYxznWasnUagCsv0X+9zrwpT0cf4yCbFdQmVATAPZtKoWsd7QCUst+XejxPY1qeM180+bhRjbXHD+Y/uuBOmzQgOt9PujzyE4z8dtyureUUj+FalVf3AAmoJJ3T1SPlxjG5B9WF+S01oB0q37VScYJyWrbZP6NjMjk61BDiAuswlseLj
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BN8PR11MB3762.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(22082099003)(18002099003)(6133799003)(4143699003)(11063799006)(56012099006)(8096899003)(38070700021);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: qB2wXa48ZUIWUMBEFQNHBkkesZCmkI8NA+OwMKweAnYuO7VpH6+QjoRMlPH9f5lAdf1nWjMTQoF3igz/UzK2tuTXo/w6Er+JEYTdzB9nqjxqgWV1zn1WVVXA5tt7WiatHegdeafsag7ZFBSEzXsA18A/B9AE00vJkR7c4jl/xBNTrYaxV9hejsTnQQM+W3eQNG7mpVXbU5Vn/XXQPvwaCKmcCNOB92cYPjgSoXfADGlQyD5o/rucX6Y2XovH/C6Tvz2ubHC25ZbkWUuuvlKAktvgC/KD+QrSS4JbU82/p8DTG41DZz1XZYUJGgCI3uuegs+EJPv1Y3jjRhtnBQKgajp2r8C7ABrIERFNxKOeXpBLVAUVnrIitkSMLHTLpafDWjhipHhxZOwvc04TVp2K1tNcBBD9iVdmwAwueqatQ7Jm2KmhXp5Y0XsszbXkKrmJPh2V5i4YWOTFVbIrkHxbFyYsccTNb+JhiqRhZv3ug8dFSiqGDtM/1EPS6yhFbvFq+TTq5AeqQ18+XySeny7vJIAm/B0ltikGI2xDjyZ/3MgXyHbRjA1vyJDUVovqCQpOn78F/54VaEgj1GAh/1VeRl/j4zaTCmWIVeRi4Rm9s7Fiyzds5gbcTcSZJlhG7iMUCRZTXqeI7Mzmb53LDA3VrSl7gT8oDQVp6L48D6nutZm5DpvRqaAZY+XUJTXHGSATMPg6QZswTeqjs6Q9YoY1UrzKf0dvfjw5Lca56vY+m9fk0B1GPol2f1lDp/t0/2M+6oVtz+YhY3pfGePHlbTgyPIiPh/kDMy7l5emyoaeInTKSxGWZPvDA1QGBuXN1WiR3Y44GiXEgoGgGMsgFwNDwGx/ik1BKcYgLlhS3qY7ut7FVDvBbIDBbgPKoHd4GMZ+E3Vh5Q/diMEGvFMEIu9NJcLFC+GHfDSIZ0Vn3KJLvlo5j2b/kLDK8Py2EKfDtCfBiHWvB8E6fWcwGlHl9Rd6lHh6kxIP6koI//LTP+e/r3NFLghMFA1rvw2hXAY/t/UzT6cz8hGyLPhkqs2OTFmmf46Ia+ebaR5QybnllmQ1NzoN1hWdKduYtZZZJqzVeJ9E8OwnBU6P6Jhx6mzZzS7lBUf04lu+1+LcEYra8XauXc7cTwzOw7pI+V2xtYCZo+ixncki68ByPdPzWdMus0tJDATLd3wwgZOOvSqRMkBzZ3wIDehfqytmmABSwZEJI4MYSKFXH+sXV+oLxBUE16q//u3LZmaSH7uAIhE6SsRBjTraLrquqTLwVr8DmF1GDrO7w4+avkIg7mBTvq4H/DB+UnGF7t5zX5Uv/CCXnLZYeAVUeGNGhcADA39vWjEPncB0vCF2kO4z7DWE2XW23kEwNlo0/wSZKBrO+IiTLEFgRGI+AVge0uy8rCyyRmUUT7bSpVd83UDgz/OP7UqtLtwyM9TyX+a0Ui6VPIQfdlIrcguA1EfHmeNPFesrrtVrnWBBleX8JfmdXRx5p8SemdhV2J4ASlWd37C2XLyOVUp91zPygG1gqoF7pfhrsG6xujDbnNnegMlOKFdYq53eu+4UKwN3tibQz17gRsx8Sl1KfceemPwS4gCJrmOoSCpqprlw1kkTA0mWpydsyHDjWinFPIO0yWLtQe/gkx3ShNtO//jR+lYdAYwHCE8eNuBfiijlnMYOYmIYFDp677FNfxEOza7CmOzdMGidHXbyC82vQ96UR/Z0NLVD6wrhQxMTU2DqCv77uWeDKGKHE0Ovpd54esIooSN9mkhkKJ/rDoJNB1A=
Content-Type: multipart/alternative; boundary="_000_BN8PR11MB37623EBEBB836D64F836490BCC122BN8PR11MB3762namp_"
MIME-Version: 1.0
X-Exchange-RoutingPolicyChecked: YwNGreMSRE0ePIzuXBxTZYSo7e79bEYHrlurWm4c65ywYnstPccsPMsdPvVCA4SQlVYHOo3h7e9uMjLNAADb77sJb85Ii34yxPER5aZgbk8pSQd4NWhqmalCUcHffLDEbpbhmIef4N2FSFDJlOheewp2HZzNIelM4A/kTjsN2Y2xH0jksa7fUDRJHbeZzumJQAHiY6q6Zrg1iyVDknAr5iaUDMcP367NkoQSh+TP26xHNa4qnE0jcUGEUBlrnljbe2QQJRrLGEl5VhilGmrIc6KFL5V7+5SwSXByhx49VuRBa/qDkD+evSlaeIdXskGt8huHTLuou/Fjk9zFtSBD4A==
X-OriginatorOrg: cisco.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN8PR11MB3762.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8e1478c5-b3ed-476e-a3fc-08dec06c1780
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Jun 2026 05:59:21.5896 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: CHSndC4bd87055T4sn+JJlOMX2pFBg2Zuz8TmRkW2UDEkQlcKB1tDsmJb/xoDbsyV/Ues9yXBXC23QKUlkuN3Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH8PR11MB6612
X-Outbound-Client-TLS: ANONYMOUS;rcdn-opgw-5.cisco.com [72.163.7.169];TLSv1.3;TLS_AES_256_GCM_SHA384;256
X-Outbound-SMTP-Client: 72.163.7.169, rcdn-opgw-5.cisco.com
X-Outbound-Node: rcdn-l-core-11.cisco.com
Message-ID-Hash: HDHUHTSJTD72RBJ5A6AGDKKKM374DWQC
X-Message-ID-Hash: HDHUHTSJTD72RBJ5A6AGDKKKM374DWQC
X-MailFrom: pseralat@cisco.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-radext.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "radext@ietf.org" <radext@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [radext] Re: New I-D: draft-seralathan-radext-persistent-devid-00
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/gA2DQ4glHunjVXP2VHLEwkBF2tM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Owner: <mailto:radext-owner@ietf.org>
List-Post: <mailto:radext@ietf.org>
List-Subscribe: <mailto:radext-join@ietf.org>
List-Unsubscribe: <mailto:radext-leave@ietf.org>

Thanks, Alan, for the feedback! My response inline.


Regards

Prem


On 5/26/26, 3:51 AM, "Alan DeKok" <alan.dekok=40inkbridge.io@dmarc.ietf.org> wrote:

On May 25, 2026, at 11:42 PM, Premanand Seralathan (pseralat) <pseralat=40cisco.com@dmarc.ietf.org<mailto:40cisco.com@dmarc.ietf.org>> wrote:
> The NAS doesn't need to correlate across connections — the server does. On reconnect with a new MAC, the same certificate yields the same UUID server-side. The NAS caches Persistent-Device-Id for the current session, echoes it in accounting, and shares it with integrated platforms (profiling engines, location services) so they can identify the endpoint across MAC changes. Will clarify this in -01.

  Thanks.

  This functionality could be done by a RADIUS proxy, so the NAS doesn't have to be modified.  That would make it much easier to deploy.


>> Agreed -- a proxy is a valid deployment model. We'll add this in -01.

  Alternately, since this proposal provides for device tracking, it could just be done with CUI.  i.e. instead of sending a new attribute, just send:


>> Section 10 of the draft covers this -- five reasons why CUI can't serve this purpose. The short version: CUI identifies a user for billing with mandated temporary bindings and opaque treatment (RFC 4372). PDID identifies a device, is persistent for the certificate lifetime, and needs to be consumed by profiling/compliance systems with defined semantics. A deployment may need both in the same message.


Chargeable-User-Identity = <persistent-device-id>@<realm from User-Name>

  Or since most User-Names are "@realm" or "anonymous@realm", the IdP can reply with

User-Name = <persistent-device-id>@<realm from User-Name>


>> User-Name carries the canonical authenticated identity. Downstream systems (SIEM, compliance, audit) key on it for user-level correlation. User and device identity are orthogonal -- one user has multiple devices, one shared device has multiple users. They need to coexist independently.

We'll make sure -01 explicitly discusses why CUI and User-Name were considered, and we'll add the proxy deployment model.


  And then the functionality works, without changing anything else in RADIUS.  The main downside here is that there's no separate attribute for persistent device ID.  But I think the main goals of the document are met.

  Alan DeKok.

v2.46.0 | Report a Bug | By Email | System Status