[radext] IETF 89: Preliminary meeting notes

"Sanchez, Mauricio" <mauricio.sanchez@hp.com> Thu, 06 March 2014 12:44 UTC

Return-Path: <mauricio.sanchez@hp.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id E7B741A0276 for <radext@ietfa.amsl.com>; Thu, 6 Mar 2014 04:44:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.445
X-Spam-Status: No, score=-2.445 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RP_MATCHES_RCVD=-0.547] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id zKjiWyxFZ_Vs for <radext@ietfa.amsl.com>; Thu, 6 Mar 2014 04:44:31 -0800 (PST)
Received: from g6t1526.atlanta.hp.com (g6t1526.atlanta.hp.com []) by ietfa.amsl.com (Postfix) with ESMTP id 9E8791A025D for <radext@ietf.org>; Thu, 6 Mar 2014 04:44:31 -0800 (PST)
Received: from G6W4001.americas.hpqcorp.net (g6w4001.atlanta.hp.com []) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by g6t1526.atlanta.hp.com (Postfix) with ESMTPS id 9FBF489 for <radext@ietf.org>; Thu, 6 Mar 2014 12:44:27 +0000 (UTC)
Received: from G6W3997.americas.hpqcorp.net ( by G6W4001.americas.hpqcorp.net ( with Microsoft SMTP Server (TLS) id; Thu, 6 Mar 2014 12:43:25 +0000
Received: from G6W2505.americas.hpqcorp.net ([]) by G6W3997.americas.hpqcorp.net ([]) with mapi id 14.03.0123.003; Thu, 6 Mar 2014 12:43:25 +0000
From: "Sanchez, Mauricio" <mauricio.sanchez@hp.com>
To: "radext@ietf.org" <radext@ietf.org>
Thread-Topic: IETF 89: Preliminary meeting notes
Thread-Index: AQHPOTmpEd3fd1VPuky/cGI46BYiog==
Date: Thu, 6 Mar 2014 12:43:24 +0000
Message-ID: <CF3E1DE7.531D9%mauricio.sanchez@hp.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
user-agent: Microsoft-MacOutlook/
x-originating-ip: []
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha256; boundary="B_3476954599_29261501"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/radext/h9hIxPpNcf4m5kqDIjl6yPjr4KU
Subject: [radext] IETF 89: Preliminary meeting notes
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Mar 2014 12:44:37 -0000

Below are preliminary meeting notes for your review  They are also posted on
IETF website (http://www.ietf.org/proceedings/89/minutes/minutes-89-radext).
Thanks go to Stefan for note taking.

Please post any corrections/feedback to mailing list.

Jouni and Mauricio 

London, UK

Tuesday, March 4, 2014
Meeting started 2:23PM and adjourned 3:52PM

Jouni Korhonen <jouni.korhonen at broadcom.com>
Mauricio Sanchez <mauricio.sanchez at hp.com>

Benoit Claise <bclaise at cisco.com>

a. Note Takers: Stefan Winter
b. Agenda bash: no changes
c. Call for new WG co-chair: Mauricio stepping down. Email Benoit if
d. Document Status: as per slide deck, no comments

1. RADIUS dynamic discovery, Stefan Winter
- presented per slide deck; no comments
- Chairs state the next step is for short WGLC of draft -11

2. Support of fragmentation of RADIUS packets, Diego Lopez
- presented as per uploaded slide deck
- main issue is the lack of State/*-Password/EAP-Message in the first chunk
of a fragmented packet.
- Is this really a significant issue? Sam, Stefan: not worth any changes.
- Lionel: just need to document that it somehow violates RFC2865.
- Alan: update RFC2865, removing the MUST for fragments?
- Alternatively: an EAP-Message with nonsense would also do.
- Klaas: proxies - do any proxies have problems with this?
- Diego: none (Alan: one historic implementation has been seen, long time
- unrelated issue by Sam: document review by ADs: no alarm signs.
- How to go on?
- many say: dont care, -04 is good enough
- Benoit: would be better to document this somewhere
- Alan: or add phony EAP-Message? Group: no.
- Conclusion: add a sentence or two admitting that this is formally
- RFC2865, but no known operational issues with it, so should be okay
- Lionel: about the T and M bit; is there an IANA registry for those bits?
- Who knows which bits exist, if later specs add more bits?
- Mauricio: take it to the list (over time already)

3. Larger Packets for Remote RADIUS over TCP, Sam  Hartman
- Presented per slide deck
- Sam: if you can modify your infrastructure, use TCP, can send 64K packets
this is then better than fragmentation. Do we need capability discovery
for this to work over proxies? Current draft uses Status-Server for
Negotiation piggybacking. Could work, not very clean.
- Need to work on IANA consideration to add new RADIUS code (Error).
- This is considered better than Access-Reject (which would incorrectly
suggest end-to-end failure).
- Alan: is okay for me.
- Mauricio: would be good moment to add to charter; many things from charter
are now almost finished. Wait for those other drafts to be final, then
well possible to add it.
- Sam: would want a cross-reference from fragmentation to bigger-packets and
and back.
- Benoit: is this on the charter already, or should it be added? Looks to be
on charter already.
- Show of hands: unanimous that this is good work, so adopt as WG item.
Chairs will confirm on ML.

4. RADIUS Extensions for Port Set Configuration and Reporting, Jaqueline
- Presented per slide deck
- Alan: why extended space? Chairs: no more space left in standard space.
- Alan: then give datatypes draft priority.
- Alan: is this about the number of TCP ports allowed to use? Yes; but that
is not easily visible in the draft.
- Alan: don't make complex datatypes.
- Chairs: read draft? Pleasant surprise: many. Interested in this work?
Again pleasant surprise; draft has momentum.
- Will confirm on mailing list; open up charter discussion to get this on.
- Lionel: Do we have a clear requirement definition for conversation between
- AAA server and NAS? Does this all have to be in a AAA conversation?
- Could be by-reference (like with Filter-Id). Jouni: broadband typically
pulls all config via AAA conversation; this is standard practice.
- Jouni: should ask authors for more details.
- Arran: slightly odd way of operation; more natural would be "allocate
fixed range" or "allocate on demand"; but this draft doesn't allow for that.

5. CoA Proxying, Alan DeKok
<no draft exists at this time, presentation on what could be interesting
work in radext>
- Presented per slide deck
- Stefan: Operator-Name is also what dynamic discovery uses; looks like
natural continuation and useful work
- Chairs: could become chartered if current work items are finished.

6. RADIUS Extensions for Key Management in WLAN network, Li
- Stefan and others: why does this have to RADIUS? Could be any protocol as
it distributes keys (not related to AAA interaction)
- Lionel: other issues - layer 2 link, security, IP address assignment -
none of this is RADIUS. This does not fit into RADIUS framework.
- Chairs: suggest to take work to the mailing list. Maybe there is a better
protocol than RADIUS - people on the list will undoubtedly comment
on a possible better place.