IETF Logo Mail Archive

Re: [radext] Alissa Cooper's Discuss on draft-ietf-radext-ip-port-radius-ext-11: (with DISCUSS and COMMENT)

<lionel.morand@orange.com> Thu, 15 September 2016 17:09 UTC

Return-Path: <lionel.morand@orange.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 796DA12B380; Thu, 15 Sep 2016 10:09:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.619
X-Spam-Level:
X-Spam-Status: No, score=-1.619 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QV_X5fK3bCUh; Thu, 15 Sep 2016 10:09:23 -0700 (PDT)
Received: from relais-inet.francetelecom.com (relais-ias91.francetelecom.com [193.251.215.91]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4135612B319; Thu, 15 Sep 2016 09:42:00 -0700 (PDT)
Received: from omfedm06.si.francetelecom.fr (unknown [xx.xx.xx.2]) by omfedm11.si.francetelecom.fr (ESMTP service) with ESMTP id A0BFC3B4937; Thu, 15 Sep 2016 18:41:58 +0200 (CEST)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [10.114.31.58]) by omfedm06.si.francetelecom.fr (ESMTP service) with ESMTP id 794A227C07B; Thu, 15 Sep 2016 18:41:58 +0200 (CEST)
Received: from OPEXCLILM43.corporate.adroot.infra.ftgroup ([fe80::ec23:902:c31f:731c]) by OPEXCLILM33.corporate.adroot.infra.ftgroup ([fe80::3881:fc15:b4b2:9017%19]) with mapi id 14.03.0301.000; Thu, 15 Sep 2016 18:41:58 +0200
From: lionel.morand@orange.com
To: "David B. Nelson" <d.b.nelson@comcast.net>
Thread-Topic: [radext] Alissa Cooper's Discuss on draft-ietf-radext-ip-port-radius-ext-11: (with DISCUSS and COMMENT)
Thread-Index: AQHR9/Cwu6n7TFEfE0aWCTw3JOS72qBL68EAgAADpYCAAAXuAIAfD2BwqSufjMbW5EA68A==
Date: Thu, 15 Sep 2016 16:41:57 +0000
Message-ID: <32333_1473957718_57DACF56_32333_668_1_6B7134B31289DC4FAF731D844122B36E01FB02AE@OPEXCLILM43.corporate.adroot.infra.ftgroup>
References: <147137412687.22998.17081075232946825763.idtracker@ietfa.amsl.com> <CAHbuEH7+Gw=zDiN66Aydmie2M4dXcVqjLKWHixR7Qe6ECfN9Hg@mail.gmail.com> <D0152C61-D391-482B-BF1E-45180F89DA41@cooperw.in> <EACFFDF5-3974-4778-8EDD-A68410BAD972@gmail.com> <17466_1473152611_57CE8663_17466_5602_1_6B7134B31289DC4FAF731D844122B36E01F9ECE4@OPEXCLILM43.corporate.adroot.infra.ftgroup> <1665923093.11596755.1473175346518.JavaMail.zimbra@comcast.net>
In-Reply-To: <1665923093.11596755.1473175346518.JavaMail.zimbra@comcast.net>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.168.234.3]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-PMX-Version: 6.2.1.2478543, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2016.6.17.114517
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/gvZoHliYf7F0Y8Uud8xaNeTm8SA>
Cc: "draft-ietf-radext-ip-port-radius-ext@ietf.org" <draft-ietf-radext-ip-port-radius-ext@ietf.org>, "radext@ietf.org" <radext@ietf.org>, Alissa Cooper <alissa@cooperw.in>, kathleen moriarty ietf <kathleen.moriarty.ietf@gmail.com>, IESG <iesg@ietf.org>, "radext-chairs@ietf.org" <radext-chairs@ietf.org>
Subject: Re: [radext] Alissa Cooper's Discuss on draft-ietf-radext-ip-port-radius-ext-11: (with DISCUSS and COMMENT)
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Sep 2016 17:09:24 -0000

Hi Dave,

Please see below.

Regards,

Lionel

> -----Message d'origine-----
> De : David B. Nelson [mailto:d.b.nelson@comcast.net]
> Envoyé : mardi 6 septembre 2016 17:22
> À : MORAND Lionel IMT/OLN
> Cc : kathleen moriarty ietf; Alissa Cooper; draft-ietf-radext-ip-port-radius-
> ext@ietf.org; radext@ietf.org; IESG; radext-chairs@ietf.org
> Objet : Re: [radext] Alissa Cooper's Discuss on draft-ietf-radext-ip-port-radius-
> ext-11: (with DISCUSS and COMMENT)
> 
> Lionel wrote:
> 
> > My understanding is that, when defining authorization type attributes
> > that are use over RADIUS, it is not deemed required to define the
> > specific use of these attributes nor the error handling.
> 
> Yes and no.  While attributes can be re-used in multiple applications and use
> cases, the *semantics* of the authorization needs to be unambiguous.
> Remember, RADIUS doesn't have the notion of applications, so the meaning of
> attributes needs to be idempotent, if good interoperability to to be achieved.

[LM] I agree. Especially on the semantic issue.

> 
> > As for other AAA documents, this draft is not specifying a specific
> > procedure or a new protocol application. It is just about defining
> > attributes that can be used in the use case described in this document
> > but also in any other solution that would see advantage to reuse these
> attributes.
> 
> Yes, but see above.

[LM] ok.

> 
> > The main point of this document is to ensure that the definitions of
> > these attributes are correct (type, length, value), unambiguous and
> > describe in which messages they can appear.
> 
> The definition of RADIUS attributes also includes their semantics, not just their
> syntax.
> 
> > The exact behavior of the client/server using these attributes is
> > often left out of this kind of document. It is up to the specification
> > describing the implementation the clients and/or servers using these
> > attributes to define this error handling.
> 
> I disagree.  Leaving out semantics and client/server behavior is not traditional
> for RADIUS and is likely to lead to poor interoperability.

[LM] I think that there is what it could be and what it is. As I said, I agree with your comment on the format and the semantic of the attributes. But on client/server behavior and error handling, you can check for instance with RFC7268 and RFC6911 (other standards track RFCs defining RADIUS attributes) that these aspects are not always addressed. It depends on who is the real "client" of the specification. In the present case, the attributes are only used for configuration or reporting, not strictly related to the authorization process.   
Now, if authors want to address these points in the draft, I will be fine. But I'm not convinced it is required to be published as RFC.

> 
> Regards,
> 
> Dave Nelson

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

v2.23.0 | Report a Bug | By Email