[radext] Re: Éric Vyncke's Discuss on draft-ietf-radext-radiusdtls-bis-15: (with DISCUSS and COMMENT)
Valery Smyslov <smyslov.ietf@gmail.com> Thu, 26 February 2026 13:57 UTC
Return-Path: <smyslov.ietf@gmail.com>
X-Original-To: radext@mail2.ietf.org
Delivered-To: radext@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 06AB9BEBB41E for <radext@mail2.ietf.org>; Thu, 26 Feb 2026 05:57:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.099
X-Spam-Level:
X-Spam-Status: No, score=-1.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_GMAIL_RCVD=1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VoOzUp9YHI8Z for <radext@mail2.ietf.org>; Thu, 26 Feb 2026 05:57:35 -0800 (PST)
Received: from mail-lf1-x12c.google.com (mail-lf1-x12c.google.com [IPv6:2a00:1450:4864:20::12c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 85286BEBB411 for <radext@ietf.org>; Thu, 26 Feb 2026 05:57:35 -0800 (PST)
Received: by mail-lf1-x12c.google.com with SMTP id 2adb3069b0e04-5a10e8cb3c7so227230e87.0 for <radext@ietf.org>; Thu, 26 Feb 2026 05:57:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1772114254; x=1772719054; darn=ietf.org; h=content-language:thread-index:content-transfer-encoding :mime-version:message-id:date:subject:in-reply-to:references:cc:to :from:from:to:cc:subject:date:message-id:reply-to; bh=p28BSwRkTO3+vZVLBHHYvsvEzi+8a7t5g+HL3Fze408=; b=cTZzwPQqI1arSa2RGgDdoMoWziCiuODLjQDf6GCBuLh3iUYRRfS9ixSpUSS6WjDntz kBxjWJuQtUcPCRsbuLE/opl2Jt9j6HTlpZLqvSd/ZW6sqVxpMkeSHGYr/vee9j+wjdf7 fIl83c5CgWABxrRNAO1N/mKTgyoMRwE786F0L04q362f+XVtLw2chr2yTg6MqRWuHbPr YL643wWaAmCPE8qbEr1Cz2crBsX+Lou5zPL/sHRH+no8+CdwqYjMig1u/INeYpWZupSQ EdWK2KHXflY8x8tqVJoy/oSYFf0uQUAJGrmAWYw2u+S1xaHkKn4JS3j6bkc8zG5FJYjx WI+g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772114254; x=1772719054; h=content-language:thread-index:content-transfer-encoding :mime-version:message-id:date:subject:in-reply-to:references:cc:to :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=p28BSwRkTO3+vZVLBHHYvsvEzi+8a7t5g+HL3Fze408=; b=fhWamsw+dDzx8m20yAhZcXspf3ChBIWB8mAIQZNghi+wHTTcmWIggUFl8InQ9MpxLD 6zdElmto/Rh5B8I+brmFaQ4l7QKlAAhPQWq1jZmiEiwZtTWYOAUwRFeYND2UrLN2QaUw SzqLpfRxMgE1IqkkeN6FDZL5DA7wBRr79dYbsNLfPFeb4AXCd99Gytp94KWmoc7ps0eo zEezugPspbutzs4AC1+vDuXKKNSszzInpH2F6/SRuukff7yrq53q41JXTD2Z3okikSpO aALR5E8VVNLXF4uU5Qp3PyqBbhG8nTp2HCmu7RCoJB0fUg5FBGabX9+jXFHIRTFmjRzy kX3A==
X-Forwarded-Encrypted: i=1; AJvYcCX/RI1fzR2kl07DYGSFJ7V08Ff4IGSDRuPGfMsk+5fJsVmJpqn8PAGQFdNH+W3rwvcLNQ4G/vA=@ietf.org
X-Gm-Message-State: AOJu0YySwvYlsBZzBQ35Eg9F4ezvryCoIrf4+IjQZooSXHbOjoJbJNvR FNMeZkrXgsj0Zlporjw3kU6kdMrEIFbUV7vIGUutY8XSGkOOdYFb/5Sj
X-Gm-Gg: ATEYQzyDO4bUa+GAYNgqHsqtya24diEVtLdAwBLg8NvW8MK1ujkAY+qalz5yAGWqLlN wUfq2k0hlRL6VIPwd4byHVvKUUXqz5kJcjTfcBJ6wvUCEJl0uB2c//cXQfyJEemRW+5Ek8E9vuE I6Lst1BrwUy100iJouY8jqnT8HMGsv1wvJQOE7bx+Ki8YoEtT+n3B6E6n0SpqZ969EOhjp7mkIZ q4ulQrH4U5u0g+ovKGAzS3zD+TvKqfPDRA+1zGFq7GkCrWc/79JLjotmIj/qV+gc2mHaWCmjKBX BLPcR/kCsD2blag9jterWby8wUAxduswhtli583AJUCKhFFBZ8TW0Ilo0BEhsfoXeWUUpYkZ3M2 sVR/zFSMFJo2E4VBTomZ6Ju2/j+XreHpPW1vh8PqIEFSLhqV90D+PbfnUcXHNbT+2oV6xUDkGdt IusH8J5/07f7HN4XJjpDoNBjDm/gt7gA==
X-Received: by 2002:ac2:568a:0:b0:5a0:eeb8:efb6 with SMTP id 2adb3069b0e04-5a10984b841mr924097e87.0.1772114253946; Thu, 26 Feb 2026 05:57:33 -0800 (PST)
Received: from BuildPC ([93.188.44.204]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-5a109e07f54sm887140e87.41.2026.02.26.05.57.31 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 26 Feb 2026 05:57:32 -0800 (PST)
From: Valery Smyslov <smyslov.ietf@gmail.com>
To: 'Éric Vyncke' <evyncke@cisco.com>, 'The IESG' <iesg@ietf.org>
References: <177211264609.2652055.8198177672201735309@dt-datatracker-6ff7c68975-7k42g>
In-Reply-To: <177211264609.2652055.8198177672201735309@dt-datatracker-6ff7c68975-7k42g>
Date: Thu, 26 Feb 2026 16:57:31 +0300
Message-ID: <1e7601dca727$da72c4f0$8f584ed0$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQJBjOd96q57umbVyMSgEe4hTvMrbLTLNHUQ
Content-Language: ru
Message-ID-Hash: YYDPZQETN7LJWGPGPKZZQXLJWDTILKQZ
X-Message-ID-Hash: YYDPZQETN7LJWGPGPKZZQXLJWDTILKQZ
X-MailFrom: smyslov.ietf@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-radext.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: draft-ietf-radext-radiusdtls-bis@ietf.org, mrcullen42@gmail.com, radext-chairs@ietf.org, radext@ietf.org, valery@smyslov.net
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [radext] Re: Éric Vyncke's Discuss on draft-ietf-radext-radiusdtls-bis-15: (with DISCUSS and COMMENT)
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/nVl33KS-da2ww8AuQUwMTPS0kLo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Owner: <mailto:radext-owner@ietf.org>
List-Post: <mailto:radext@ietf.org>
List-Subscribe: <mailto:radext-join@ietf.org>
List-Unsubscribe: <mailto:radext-leave@ietf.org>
Hi Éric, thank you for your review. A very quick response to address only one minor issue (the last in your review). The bullet list is indeed broken in the draft on the datatracker, but it is not broken on github: https://github.com/radext-wg/draft-ietf-radext-radiusdtls-bis/blob/main/draft-ietf-radext-radiusdtls-bis.md Perhaps this is an issue with kramdownrfc (I don't know), but anyway, there is a PR to fix it (not yet merged): https://github.com/radext-wg/draft-ietf-radext-radiusdtls-bis/pull/155 Regards, Valery. > Éric Vyncke has entered the following ballot position for > draft-ietf-radext-radiusdtls-bis-15: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-radext-radiusdtls-bis/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > > # Éric Vyncke INT AD comments for draft-ietf-radext-radiusdtls-bis-15 > CC @evyncke > > Thank you for the work put into this document. > > Please find below some blocking DISCUSS points (super easy to address), some > non-blocking COMMENT points/nits (replies would be appreciated even if only for > my own education). > > Special thanks to Valery Smyslov for the shepherd's detailed write-up including > the WG consensus *and* the justification of the intended status. > > I hope that this review helps to improve the document, > > Regards, > > -éric > > Note: this ballot comments follow the Markdown syntax of > https://github.com/mnot/ietf-comments/tree/main, i.e., they can be processed by > a tool to create github issues. > > ## DISCUSS (blocking) > > As noted in > https://datatracker.ietf.org/doc/statement-iesg-handling-ballot-positions-20220121/, > a DISCUSS ballot is a request to have a discussion on the points below; I > really think that the document would be improved with a change here, but can be > convinced otherwise. > > ### Section 3.2 > > `RadSec clients MUST establish a (D)TLS session immediately upon connecting to > a new server.` why "immediately" ? Does it mean that they should first try with > plain RADIUS ? The subsequent paragraphs give some hints, but a PS must be > crystal clear. > > ### Section 3.12 > > What is `server IP` ? Please avoid readers guessing that it is "server IP > address", especially in a PS. Also occuring in other places. > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > > ## COMMENTS (non-blocking) > > ### Section 3 > > s/Client implementations *SHOULD implement both, but* MUST implement at least > one of RADIUS/TLS or RADIUS/DTLS./Client implementations MUST implement at > least one of RADIUS/TLS or RADIUS/DTLS./ Clearer and avoiding a SHOULD. > > ### Section 3.1 > > The legend of table 1 is rather useless ;-) also use it in the text. > > ### Section 3.3.1 (and others) > > A lot of "SHOULD" without any guidance... Why not "MUST" ? See also > https://datatracker.ietf.org/doc/statement-iesg-statement-on-clarifying-the-use-of-bcp-14-key-words/ > > What is a source IP address as opposed to "IP address" in `For clients > configured by their source IP address` ? Please remove "source". > > ### Section 3.5 > > Again a "SHOULD" without guidance to the implementers in `RadSec clients and > servers SHOULD implement session resumption.` .... > > ### Section 6.4 > > Unsure whether this section is required. Nice experience return by early > implementers probably, but unsure whether it belongs to a PS. > > ### Section 6.5.1 > > s/IP address version (IPv4 or IPv6)/IP *protocol* version (IPv4 or IPv6)/ > > ### Section 9 > > Please add a URI to the registry, e.g., > https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml > > Also, it seems that the format of the bullet list is broken (at least on my > browser). > > > > _______________________________________________ > radext mailing list -- radext@ietf.org > To unsubscribe send an email to radext-leave@ietf.org
- [radext] Éric Vyncke's Discuss on draft-ietf-rade… Éric Vyncke via Datatracker
- [radext] Re: Éric Vyncke's Discuss on draft-ietf-… Valery Smyslov
- [radext] Re: Éric Vyncke's Discuss on draft-ietf-… Margaret Cullen
- [radext] Re: Éric Vyncke's Discuss on draft-ietf-… Jan-Frederik Rieckers
- [radext] Re: Éric Vyncke's Discuss on draft-ietf-… Eric Vyncke (evyncke)