[radext] Proposed new charter text

[Stefan Winter <stefan.winter@restena.lu>]

Hello,

as you may recall, we discussed new charter text at IETF91, which was
unanimously accepted in the room.

We still need to verify consensus on the list, so below is the proposed
updated charter text. This mail starts a two week comment period on the
charter text. Please send your comments to the list until 2015-03-27
2400 UTC.

You'll notice that there is specific text for "data types", "CoA proxy"
and "Populating EAP identity" in the draft charter's Work Items. Judging
from the mailing list traffic and prior discussions at the last IETF
meeting, I believe there is consensus that the working group wants to
work on these problem. As soon as the charter is approved, I will issue
an adoption call for the individual drafts which go in that direction.

We should also adjust milestones (some items to be marked as Done, some
new target dates for the ongoing work). These are not formally part of
the charter update, but they fit nicely into this mail nontheless. For
the completion dates, some authors have indicated a very short timeframe
for completion, but I've set everything at least to "2 meetings ahead"
-> November 2015; simply because our working group has a certain track
record of always being slower than anticipated :-)

Here is the text, see the IETF91 slides for a rationale of the changed bits:

"The RADIUS Extensions Working Group will focus on extensions to the
RADIUS protocol pending approval of the new work from the Area Director
and clarify its usage and definition.

Furthermore, to ensure backward compatibility with existing RADIUS
implementations, as well as compatibility between RADIUS and Diameter,
the following restriction is imposed on extensions considered by the
RADEXT WG:
All documents produced MUST specify means of interoperation with legacy
RADIUS and, if possible, be backward compatible with existing 
RADIUS
RFCs, including RFCs 2865-2869, 3162, 3575, 3579, 3580, 4668-4673,4675,
5080, 5090, 5176 and 6158. Transport profiles should, if possible, be
compatible with RFC 3539.

The WG will review its existing RFCs’ document track categories and
where necessary or useful change document tracks, with minor changes in
the documents if needed. Any changes to document tracks require approval
by the responsible Area Director.

Work Items

The immediate goals of the RADEXT working group are to address the
following issues:

- CoA proxying.  RFC 5176 permits proxying of CoA and Disconnect
messages, but makes no provisions for how that is done in a roaming
environment.  This work item will provide descriptions of how to use the
Operator-Name attribute in a roaming environment to proxy CoA packets.
It will also define a new attribute which defines an opaque NAS
identifier which can be used to uniquely identify a visited NAS, and
whose value will not be modified when proxying, as is done with
NAS-Identifier and NAS-IP-Address.

- Encoding Rules for EAP-Response/Identity packets over RADIUS. Neither
EAP (RFC3748) nor EAP over RADIUS (RFC3579) demand specific character
encoding and normalisation rules for EAP Identity responses. RADIUS
(RFC2865) requires User-Name attributes to be encoded in UTF-8. Where a
NAS is required to verbatimly copy an EAP-Identity into a User-Name,
invalid packets might be produced. This document will suggest
restrictions on EAP Identities so that transport over AAA becomes
correct under all circumstances (UTF-8) and deterministic (normalisation).

- Data Types. RFC 2865 defines a number of data types, but later
documents do not use those types in a consistent way.  This work item
will define data types, and update the IANA RADIUS Attribute Type
registry so that each attribute has a data type.  Where necessary, it
will correct issues with previous specifications.  This will be a
standards track document.

- Larger Packets. Support RADIUS packets greater than 4096-octets over
RADIUS transports with this capability.

- RADIUS Attributes for IP Port Configuration and Reporting. These
attributes are used by devices that implement IP port ranges to
configure and report TCP/UDP ports and ICMP identifiers, as well as
mapping behaviors. These attributes can be used in the context of
address sharing (e.g., NAT44 [RFC3022], Dual-Stack Lite AFTR [RFC6333],
CGN [RFC6888], NAT64 [RFC6146], Provider WLAN (e.g., [TR-146]), etc.).

Milestones

(mark RFC4282bis as Done [RFC Editor Queue now])
(mark RADIUS packet fragemntation as Done [in RFC Editor Queue now])
(mark Dynamic Discovery as Done [in IETF LC now])

Nov 2015 - Submit CoA Proxying as Standards Track RFC
Nov 2016 - Submit Populating EAP Identity as BCP RFC
Nov 2015 - Data Types as Informational RFC
Nov 2015 - Larger Packets for RADIUS over TCP as Experimental RFC
Mar 2016 - IP Port RADIUS Extensions as Standards Track RFC

Greetings,

Stefan Winter

-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66