IETF Logo Mail Archive

Re: [radext] draft-ietf-dhc-dhcpv6-radius-opt-10

Alan DeKok <aland@deployingradius.com> Thu, 04 April 2013 13:08 UTC

Return-Path: <aland@deployingradius.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7CD6F21F84E3 for <radext@ietfa.amsl.com>; Thu, 4 Apr 2013 06:08:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zh3xsxLll67c for <radext@ietfa.amsl.com>; Thu, 4 Apr 2013 06:08:32 -0700 (PDT)
Received: from power.freeradius.org (power.freeradius.org [88.190.25.44]) by ietfa.amsl.com (Postfix) with ESMTP id D2F6A21F84E2 for <radext@ietf.org>; Thu, 4 Apr 2013 06:08:31 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by power.freeradius.org (Postfix) with ESMTP id E5AF72240F53; Thu, 4 Apr 2013 15:08:31 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at power.freeradius.org
Received: from power.freeradius.org ([127.0.0.1]) by localhost (power.freeradius.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jTBO8r0JJEpO; Thu, 4 Apr 2013 15:08:31 +0200 (CEST)
Received: from Thor-2.local (unknown [70.50.217.204]) by power.freeradius.org (Postfix) with ESMTPSA id 0D8962240777; Thu, 4 Apr 2013 15:08:30 +0200 (CEST)
Message-ID: <515D7B4D.7090201@deployingradius.com>
Date: Thu, 04 Apr 2013 09:08:29 -0400
From: Alan DeKok <aland@deployingradius.com>
User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228)
MIME-Version: 1.0
To: Jouni Korhonen <jouni.nospam@gmail.com>
References: <B51C71CC-654D-43F3-A50A-321C171CD562@gmail.com>
In-Reply-To: <B51C71CC-654D-43F3-A50A-321C171CD562@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: "radext@ietf.org" <radext@ietf.org>, draft-ietf-dhc-dhcpv6-radius-opt@tools.ietf.org
Subject: Re: [radext] draft-ietf-dhc-dhcpv6-radius-opt-10
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/radext>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2013 13:08:32 -0000

Jouni Korhonen wrote:
> draft-ietf-dhc-dhcpv6-radius-opt-10 has recently passed WGLC
> in DHC WG. RADEXT WG is solicited for review. We can provide
> input as part of the IETF LC once it is started.  Remember to
> CC the RADEXT so we can keep  track of the (possible) comments
> better.

  A quick review:

4.  DHCPv6 RADIUS option

    option-len       Length of the option-data in octets

Q: Can it encode more than 256 octets of RADIUS attributes?  If so, what
happens then?


   ... Only the attributes listed in the IANA Registry of 'RADIUS
   attributes permitted in DHCPv6 RADIUS option' SHOULD be included in
   the OPTION_RADIUS.

 That should be a MUST.  There's no sense in permitting non-RADIUS
traffic in this option.



8.  Security Considerations

   Known security vulnerabilities of the DHCPv6 and RADIUS protocol MAY


  Using "MAY" here is probably wrong.  It should be "may".

v2.23.0 | Report a Bug | By Email