Re: [radext] moving forward with draft-ietf-radext-coa-proxy
Benjamin Kaduk <kaduk@mit.edu> Tue, 22 January 2019 20:24 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CB18128AFB; Tue, 22 Jan 2019 12:24:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZOkkoIi_Yb6S; Tue, 22 Jan 2019 12:24:47 -0800 (PST)
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-eopbgr770139.outbound.protection.outlook.com [40.107.77.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 034FD13102C; Tue, 22 Jan 2019 12:24:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=47EVTrB9zEMv4picl8vEpQigzOSs/wQSOLzlTsnkQPM=; b=Et70q6EUKSfwM/Y+Ti6OM09HaFROfJ1qh1OHeoc9vMLREIg/AmhWusONTfCZYUCOCIx0MMax2BZ1uqs0WlWDMJLF4OUnUXb6uqUGmUDbuKMRt40rxUaUnv/CO2TMq34HuB4EpJTFsV2QqZ03YxWLt+FHireK3bkWHOa49IM5uPs=
Received: from BYAPR01CA0035.prod.exchangelabs.com (2603:10b6:a02:80::48) by SN6PR01MB4989.prod.exchangelabs.com (2603:10b6:805:c8::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1537.31; Tue, 22 Jan 2019 20:24:38 +0000
Received: from CO1NAM03FT005.eop-NAM03.prod.protection.outlook.com (2a01:111:f400:7e48::209) by BYAPR01CA0035.outlook.office365.com (2603:10b6:a02:80::48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1537.26 via Frontend Transport; Tue, 22 Jan 2019 20:24:37 +0000
Authentication-Results: spf=pass (sender IP is 18.9.28.11) smtp.mailfrom=mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates 18.9.28.11 as permitted sender) receiver=protection.outlook.com; client-ip=18.9.28.11; helo=outgoing.mit.edu;
Received: from outgoing.mit.edu (18.9.28.11) by CO1NAM03FT005.mail.protection.outlook.com (10.152.80.156) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1558.11 via Frontend Transport; Tue, 22 Jan 2019 20:24:37 +0000
Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x0MKOXmj020060 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 22 Jan 2019 15:24:35 -0500
Date: Tue, 22 Jan 2019 14:24:33 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: Alan DeKok <aland@deployingradius.com>
CC: draft-ietf-radext-coa-proxy.all@ietf.org, radext@ietf.org
Message-ID: <20190122202432.GO81907@kduck.mit.edu>
References: <20181112234823.GG99562@kduck.kaduk.org> <650E5AB0-662D-4A9D-95A3-54C1C9CFB3B0@deployingradius.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <650E5AB0-662D-4A9D-95A3-54C1C9CFB3B0@deployingradius.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.9.28.11; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(136003)(346002)(39860400002)(376002)(396003)(2980300002)(199004)(189003)(47776003)(2906002)(426003)(246002)(26005)(186003)(4326008)(486006)(46406003)(23726003)(305945005)(53546011)(476003)(36906005)(14444005)(8676002)(50466002)(75432002)(1076003)(126002)(104016004)(106002)(88552002)(446003)(6916009)(33656002)(229853002)(6246003)(956004)(7696005)(316002)(11346002)(16586007)(106466001)(786003)(8936002)(58126008)(86362001)(53416004)(478600001)(54906003)(76176011)(97756001)(55016002)(26826003)(356004)(336012)(18370500001); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR01MB4989; H:outgoing.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-auth-1.mit.edu; A:1; MX:1;
X-Microsoft-Exchange-Diagnostics: 1; CO1NAM03FT005; 1:PpzDlP1iIZw7MIaCwDzun4j07fMcuQmam7URGKNkWcNMnWdllddMmc0ZAhnYNRKZoyYAFe2bjXp1pEnKKi8emtQYC5LlumYZqHGLy9l5jCKohFHKCfRsSIHMMikfRDuwIhlZ1ewb9LcSOf3KI44VIZPEW4SxdEBLmkBV9d8Q6Vc=
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 54aba0a4-cb20-4455-089e-08d680a7a177
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600109)(711020)(4608076)(4709027)(2017052603328)(7153060); SRVR:SN6PR01MB4989;
X-Microsoft-Exchange-Diagnostics: 1; SN6PR01MB4989; 3:U6V5n9dyNsLVlwkDJzejDk+y4qdbcwnSLxG8Tl8irbiGUbd+HDGM36No+gxVHjAObIUzuKSWnxDCCYL6156JbD8MK0ktSMTEXQ/tCt685PeGdTHJ9FlODwo7bYd3nZHkiowomaVXrE/X/ahKF0Dkcvqwpn67EKZQbGgLYq+KmcTZVqKKGSeA/0pkCbbAAx/3G0OVbVS5orp0kfUwN4IfKLIPfXiLvz+nWUbUKJo8FOD7yEP9D/e6IXZsN4/6f6UbFvQEv7DADBKlhKVoId1OPebWzz3SgXCSkZr1midXvkZzeL74pekPwsm2q891oCAc/dyAElopWEZwHua+7ioLw/QItF5uqkXctBIXl/e3mXQLW3jEAOmUFLyPs7n9OtFk; 25:B5/M4BtWcszo0R5GSOCck8t9N+6UEjqZpWJf5UpodYWjuD2oHqvTLchqiGgczjdS/iAnDQfnLPnFKxObooTjEO2+mvj36BW5FhVSKMCpD0et5M3NSxfVqvdV7MPyHNqfIZHqyaGdQZvP1IJ3mh+v+C4Xxu7pMsnt9QIRsILqklf/HSTRg1Mlmw8V8j2WQPJMrSP0XoDWYmWiOCK97o1aDIAXbgfn1egLB6KeRO2EIxMsudDdyDCrx2kPU9Dci6FuZvLgbM98HGFPjLT1nzg0xxtVfrVdWtFOPVNuAo/LvZSQ0DhHxbnlMO0ueknzEjxO31Bhmi9JXychlAwLPL8w4g==
X-MS-TrafficTypeDiagnostic: SN6PR01MB4989:
X-Microsoft-Exchange-Diagnostics: 1; SN6PR01MB4989; 31:pPdiWqawQWvHiBlZ3Tc7IRlT8dK+tEoD/6AFszHVrvXN7bPyx5SrlVUQcmacGKDKzFCvCHAkELQxv9B+sXabNbGtxikyvX4hoa2bIbplyGIOPkg4OqygBcfpgyhapdttMaQSfAONdcH5WYr9OP0RhD51RrazFciFfnadX0IrHcF+gkK+YmQvC4gJlkYIbX8G13R7TDyPwW9eE67MbarvgI3IVmoh5ATI77q5ZZ7EKXM=; 20:WOpRDOgKgwF2fDzMhRo4KJ7ldsux7mELOm9LPkjNNWyMo661QnwqWYB+Ca/8ygkbyKqzuAj5Fkv/75BwbqxKEoRMhkr6HtBhPzJqGp1drkWvB5flaCq+jfkQNHEa5Rrgr6QkvS/6gaXU7rplQlMNGKxkXKRnXj71FH/5jHNZLEdMyPEnnOJSw7FOIOQHyJOEXW+6PAOJhMBREN3U6/vQJlAWUWx2Aqp8IERTMalxot8SB1G2h/h3VUmLr+zJ70fbvK2wXwZOPGJshYXi36AWvA6RB2rtA9S/QvXYHWI6IRWKN01Lj+sXgpqv4EWIXQaQJ9En2H/fWhy9FgyWj8eOtkKcnMak2RZzr1ui3dnm52qmjn94TQev0CrNrjDopV8KzJPaPPYYB7+Az91uzymDLKNtGjTQinm7LO3c+utWohHMUdpX0DQ9Z/Of5SGDHvD9aGR3plZxiIeQSOhwE/tXUUsM6ja1ywoDJMD9yP9+M2+7JbCrUSrhRlaivutcMGtKRwh26SrE+844KvQOVsYJAEe63yigzBkyqqWvox1QrqrYmBD9iX9TPXgXTxWIYd3Ij5VOA7ULC+CzOxhJle9sp7FpPda8/xUI9GE4NCc8/uM=
X-Microsoft-Antispam-PRVS: <SN6PR01MB4989EFEB2872346C9D69C5D7A0980@SN6PR01MB4989.prod.exchangelabs.com>
X-Microsoft-Exchange-Diagnostics: 1; SN6PR01MB4989; 4:BmXhLXcQ2S+HEcpc71bLt1qz1yN2D/11p2kbBa4N9mRkdrWfEQeCwnEClpw/xr9NeCVJauSnK7gtle9LvhIltnFDfkCWVcicz/u1GD5xF7L0QZ3pWuaEv8WVBUS3zFgHNAfbo0p9hc7ZUAWCg0OxDQ11YKibAiG3s6SS1rH8+GslpVsD5SufIE0ygC1guLtQsy0SoPfwqZhuouCm1tZ+Uub/Ex2gh87vktf87HZ8ti9vHJM7ydOiYwGYiDvVW1S/5vPGMLIkN2x097ImHVoAlr/yd1NkChmERxPprq4lzD3nEc6dQCL9w7oMnoHdnIx4
X-Forefront-PRVS: 0925081676
X-Microsoft-Exchange-Diagnostics: 1; SN6PR01MB4989; 23:Yc2qRiGHnk8vWK07+hVxRQFpsIEMFdGJJlRe1I66DHnIj3ozjqYpIi8en+wYh2nKomVgHnB4LKh012t3kCb39Ra/HFdcqvY0zYap5wDb/tUwIVYPKV5YaV3EU5UsEI0t5iR4r5K7zeYNVjOb/9hVAp1Sd8G8ydwvzKClCB5TfVFOgVJzIVBDBqstU7JNWGl+hXrK6Tvx3fIgt7lF1BTVm4ULPpcBMtF+iukC8mNV6AfPP4CLTYU1WxVEZDmJbMWpQQjn/jXY7OQiodoTNaDMDrCoXPigFWVgkegU6xCzcd10r980376UlJTAKQPRxhIjtLwICoXr0H8/dUCUwBUoWlFsBZUifrpo1qzoUmmq0VEE2F7M/tglnlzWP7yREkNP9zV5aFexM+oYLgrsj3gqDTqS6TuITPZpX954eXdm49c/z52LgWQkw+ctD3LYRBNFdf4WPGlrdHXk6scw71JkwYkhsjx4sTowIaUp7bcwWUXWawgZ1dZVdNBTwSJzb1p6hRvxXAGuWlb+AvJ82LdzKA9F9zR/pOjen06k1fwgnZLjT4c6a6hh83OupNj+JWptlOF90g3l0DnNBShmNcfCIVD948Jx20sQWny/HULUwl/hxgWGZmwnfuj08WvBmac8LTZw/i1JtBUIoF8aev3lC9bP3w+yMjGiUvce9gKp2gQWS23t2DLtBTmkCeTGCMPv5/lugmLzKYbO5pwozjwO5vYJU7jFYwiqmpKM1BVvhCoAP1lj8KXEeKZ7JKiCMtrJZfwK66GeD3LIRj2n/4YuXzNw9ibjCg0+LumPzLcTSYE8Kqd76FZN13d0IgReg5t2AV/J8UtlfjSC5jsdj6k+ZAOUYHGeS4vuDI/VhS6TvrPYK4SnoPpp27wmAP3Dtcv61kDVEOKurwH74nO4bdYrOD8ev9ti2qXXPa2ggKhDQb5RBPoD6NWrSqBE6fVccJ0XfBcEyEZxZ9zb37qriu8/mvKVtLEFFQ39a9u/Z3Z1rV2+hCpUw0MucL1L98Eg656SypIHlIgtbCaKmnEzZimFRLCDDcIkbg6YWMgsO1J725KpSmsQQoXbXiCJ9G+WuYrEg0/jbNje2J1YvIx34PlwVGtpWWxMTwA1/NF20Yx+hjTS+fS5T08M4rNanqHMt5Ht+5ca9kVt1ehMn6rdixB9i2pVaT26ZovVGhfVV2ISGafesb9qRbn9cAufP7ljLIPeRGG74GForRSEajX+GgLTog==
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: xBx4gE/7t3S0rbWLrAZb4B9V1yflF1FukWEay+AXZVVjeuQJtHA/Atf04T0URbK2uBpZuGmj4kNRYAYm3k/nGrbr147bv731AAkCiA0b0L7uGwuRnO1FnaeHw6VCVs535P11eAFDho9Lsed9RlAgcF++ILQeVWLYCfPtgmWgYuw2xWnksa979lPAcQC9FE4se3M3ZAQCnVFbeC9Uz22nheuRXiFkDFuYc3ToXNskanG49MQUxOTqzwY/Ws5WqPCQiGc4JfmAp0DPPQGISHVMP+ufmvxOoiEII3fb8wHHxH83asnNf7xajJDkFjzG+epDj9vBGUPrylobj+2luI8o5VilRWWoZ3dpEd86UhclYPEYy2U9d3LfGu5cfRSM4Ml2yLgN9+zdfHNwgURVMfsxYLguZ6OzzAbNgGSR23PdHEg=
X-Microsoft-Exchange-Diagnostics: 1; SN6PR01MB4989; 6:RIV3YfGI4fxdDJg487npPF4TCHr0vIqf7aCxJkxbTttAGbhLrWAJUWn/e/gnSed7UuP9INRfnAmhtJY4zPW76dlcpL94m2tvVWqCu/nQSYMVXeLp0e8lCS6JgBjxF9QoOd3LT1kyxv9xJxqIFCAwTlq94kNxjrR9pfVGWcjsv9JHx6GeokZutBZ7dkHUskkKnaNVb7JV43VFUhSbVxD7IEZ001hHyWPGexAz6x8MzKR5fQEv2RgjfokT1Adm7BErIwEZ7qpFkLI30UWy31VDqKiMbWzc7z2LjDg2RXB54OWocWWPSGaNpAhhYUjJ9h7/vSsoOigKWhVhtXD8ZZ3JIH6bcNsCvTOxUu25XuUG51hmpFeey6jKqA5rJ2swwYZ9ZthUG+kVsGzTMouN+kAQi1zYh7App8UXBwMewwhzl8bqaqi26xXsPZ4xIrdVy0i8Q3WnkAFO0UZQvsPwkpGpLw==; 5:vOj/PkmPGx9zRoPhuRRsXJY4qCuGqrqoWXVrEbbIbhmbDZno2VrKzFcY6xOGNozNx7Uif4VWZI5YEGaR0eHAmQ9LYRubSImGHcFeC68GA9E/34IeQ66DX5+WaB519z9C8mq2P0o9J6hsQXEk2ZVWUFcRWr2b+mzUh9rK+wqivcceYkST69balCBx7MAnDFvyGd+OwoQW4ZRpfsoji1F9FA==; 7:0XMkK2ZXl68QLS6RtOfWuSMUcpHgg9/rGHn12oSIJYmk8Sfe6u5/2vKRqLNBocnzDoAMOxVoiJUQpzE8RTncoQFsXSnQsjGlqADyrAaiz1bTWscCnwgRG2liGTyxvOv7MAbRKtoO6uJ+n30ZBIKvig==
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Jan 2019 20:24:37.3205 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 54aba0a4-cb20-4455-089e-08d680a7a177
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64afd9ba-0ecf-4acf-bc36-935f6235ba8b; Ip=[18.9.28.11]; Helo=[outgoing.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR01MB4989
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/lokc9M74rYuhU4ItQ8Kb-2VJf6M>
Subject: Re: [radext] moving forward with draft-ietf-radext-coa-proxy
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Jan 2019 20:24:50 -0000
Sorry for the delay here, it was kind of messy to sort out what needs to happen, and there were holidays and an IETF meeting in there, too... On Tue, Nov 13, 2018 at 07:14:09AM -0500, Alan DeKok wrote: > On Nov 12, 2018, at 6:48 PM, Benjamin Kaduk <kaduk@MIT.EDU> wrote: > > I also plan to change the target status to Informational (from Proposed > > Standard); it is a little unfortunate to need to do so, but the IESG's > > discussions convinced me that this is the sort of thing that the downref > > policy was intended to avoid. > > OK. Unfortunately, things are not this simple, and I think we need to keep the PS status (and add some explanatory text for what is/isn't standards-track). More below. > > There were a few things in the diff between the -05 and -07 that stuck out > > to me, though, and might require further changes. > > > > In Section 3.2, > > > > We also update Section 5 of [RFC5580] to permit CoA-Request and > > Disconnect-Request packets to contain zero or one instances of the > > Operator-Name attribute. > > > > is not reflected in the Updates header and would require WG confirmation > > and potentially re-running the IETF LC. > > (Also, 5580 is Proposed Standard, so we'd have trouble doing this update > > from an Informational document.) It's somewhat unclear to me exactly what > > is being Updated, too, so I'd appreciate a bit of explanation (here in the > > email thread). > > RFC 5580 defined, Operator-Name, and Section 5 forbade Operator-Name from occurring in CoA-Request packets. > > So something needs to be updated in order to allow it. It seems that 5580 is not quite as clear as it could have been here ("The attributes defined in this document are not used in any messages other than the ones listed in Figure 7." could be merely descriptive at the time of writing, perhaps), but it does seem best to explicitly note the update of behavior. However, we can't just do that in a quick note in the main body of the text; we need a proper "Updates: 5580" header, and to mention that in the Abstract and Introduction. For the Introduction, perhaps a penultimate paragraph: We also update the behavior of RFC 5580 to allow the Operator-Name attribute to be used in the CoA messages as described in this document. Luckily, this document was LC'd for PS, so we have the option to publish as PS, which is needed in order to Update 5580 (since 5580 is PS). But that leaves us in the problematic state that sparked Ben's balot position, with this quite substantial normative dependency on a "less-mature" document. In the vein of some text you proposed in Ben's ballot thread, I'd propose that we add a disclaimer akin to: This document is a Proposed Standard in order to update the behavior of RFC 5580, which is also a Proposed Standard. This document relies heavily upon and also updates some behavior of RFC 5176, which is an Informational document; though the applicability statements in Section 1.1 of RFC 5176 do not apply to this document, this document does not change the status of RFC 5176. (after the previous paragraph I suggested to add). > > Section 3.3 introduces a new normative requirement: > > > > Some Home Networks will not have permission to send CoA packets to > > the Visited Network. The CoA server SHOULD therefore also validate > > the NAI contained in the User-Name attribute. If the Home Network is > > not permitted to send CoA packets to this Visited Network, then the > > CoA server MUST return a NAK packet that contains an Error-Cause > > attribute having value 502 ("Request Not Routable"). > > > > Can the chairs confirm there is WG consensus for it? > > I'll leave that for the chairs. My $0.02 is that it's useful to signal routing errors. Tho this specific error number may or may not be appropriate. (I don't think we heard back from the chairs, but I'm willing to go ahead with this.) > > In Section 3.4: > > > > Implementations supporting this attribute MUST be able to handle > > between one (1) and thirty-two (32) octets of data. > > Implementations creating an Operator-NAS-Identifier MUST NOT > > create attributes with more than sixty-four octets of data. A > > thirty-two octet string should be more than sufficient for future > > uses. > > > > The bump from 20 to 32 octest is fine, but now we have MUST be able to > > handle 32 and MUST NOT generate more than 64, which are different numbers. > > (In the -05 the numbers were both 20.) Where did the 64 come from? > > IIRC, Adam Roaches discussion of creating tokens using modern ciphers. 64 bytes would be needed for that to occur. > > > Section 4.2 introduces a new normative requirement: > > > > The Visited Network MUST also ensure that the CoA packet sent to the > > NAS contains one of the following attributes: NAS-IP-Address, NAS- > > IPv6-Address, or NAS-Identifier. This step is the inverse of the > > removal required above in Section 3.4. > > > > First off, is this "at least one" or "exactly one"? > > At least one. > > > And the same question of WG consensus applies. > > WG consensus is nice, but that text is required in order for this specification to be compatible with RFC 5176, and with NAS implementations. Failure to include *any* of those attributes in a CoA packet means that the NAS will reject the packet entirely. That's fair. One other comment on the changes in the -07: Section 3.4 If a packet contains more than one Operator-NAS-Identifier, implementations MUST ignore the second and subsequent attributes, and treat them as "invalid attributes", as discussed in Section 2.8 of [RFC6929]. I think the "and treat them as" is misleading; this is a "by" sort of relationship, for "as is proper for 'invalid attributes'". The present text seems to essentially be saying the same thing in two different ways, which may cause people to wonder if the two are subtly in conflict. Please go ahead and publish an -08 with the formal Updates header, Abstract/Introduction changes, and hopefully a change here in 3.4 as well, when you get a chance. Thanks, Ben
- [radext] moving forward with draft-ietf-radext-co… Benjamin Kaduk
- Re: [radext] moving forward with draft-ietf-radex… Alan DeKok
- Re: [radext] moving forward with draft-ietf-radex… Benjamin Kaduk