IETF Logo Mail Archive

[radext] Re: Gorry Fairhurst's Discuss on draft-ietf-radext-radiusdtls-bis-15: (with DISCUSS and COMMENT)

Gorry Fairhurst <gorry@erg.abdn.ac.uk> Thu, 11 June 2026 13:07 UTC

Return-Path: <gorry@erg.abdn.ac.uk>
X-Original-To: radext@mail2.ietf.org
Delivered-To: radext@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 956ACFF55A23; Thu, 11 Jun 2026 06:07:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1781183237; bh=9hmf/KIo85+XhKvR31qTOL4QhALICubuThFf02mrTHs=; h=Date:Subject:To:Cc:References:From:In-Reply-To; b=eJ/aOhZo58rN2rbYrcZFlF3FMNB0C2teu1jp70Tb/V+MmTysjTs/OoUu7rNuCy7ZW lThnBY9K2qJVkiFDm0g7ZdbuVGsl2y0RpFNPFdX0GAGfw4upWpe0Lo1SkceEExDDWn 6K4nPfu7yRlgg646oCmd5vBpDFQ6LJWXR9p3pLbo=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=erg.abdn.ac.uk
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k5qV5GwwuFLe; Thu, 11 Jun 2026 06:07:16 -0700 (PDT)
Received: from pegasus.erg.abdn.ac.uk (pegasus.erg.abdn.ac.uk [IPv6:2001:630:42:150::2]) by mail2.ietf.org (Postfix) with ESMTP id C0DF4FF55A1A; Thu, 11 Jun 2026 06:07:16 -0700 (PDT)
Received: from [192.168.1.130] (fgrpf.plus.com [212.159.18.54]) by pegasus.erg.abdn.ac.uk (Postfix) with ESMTPSA id 05E301B00078; Thu, 11 Jun 2026 14:07:00 +0100 (BST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=erg.abdn.ac.uk; s=default; t=1781183229; bh=9hmf/KIo85+XhKvR31qTOL4QhALICubuThFf02mrTHs=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=vj52hrATMqrCBEoBtxMBf/tsREjga/v3/WmVUxxYH7EnpZa9LwH+n/j+PkqoQ2sJ+ 5qgfDwu3Tug/u7e+QgqUdsCI7TonPOIeTwr2ySExzJycZrhDe2AuOTSuGlqUpDvrjr DE6mene6NTAFqg781rjggcnFpf+U1tlW/pz7ygdqIIdtAseSEXSs/MJGRIqrHvuJzV jwg/9dGr/NYwcg+vLZQ4Tu6lflbsbI0JzmL0irNaVRTCjgVDgOPRA8Dn0P4uVKUnO6 tTZLc0MiUNwb6usdHtQGz17Bd+JIwM0weGYApUM03A34dxDzwwt4htPfYJiuVijCk+ TJ8Izr6s4ac5A==
Message-ID: <84cf4b4f-dad9-457d-93ce-16589af4ed5a@erg.abdn.ac.uk>
Date: Thu, 11 Jun 2026 14:07:00 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-GB
To: Alan DeKok <alan.dekok@inkbridge.io>, Jan-Frederik Rieckers <rieckers@dfn.de>
References: <177263477673.4189860.18422256499304151674@dt-datatracker-6ff7c68975-7k42g> <70F300A2-4747-47AD-948E-5CBC1E599F06@inkbridge.io> <d61c9879-a4b2-4978-9ead-d1ac92242b21@erg.abdn.ac.uk> <78A01BFD-CCF2-4B02-92BD-DDC0F8BBC50F@inkbridge.io> <5eb0c79f-89e1-4e13-9b5c-2fbc74b7bf6c@erg.abdn.ac.uk> <26439355-e06c-48fc-87e3-83461867cbcc@dfn.de> <25E78003-5994-4028-9CEF-FC985970340E@inkbridge.io>
From: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Organization: UNIVERSITY OF ABERDEEN
In-Reply-To: <25E78003-5994-4028-9CEF-FC985970340E@inkbridge.io>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Message-ID-Hash: DVKVOHLOWQMIGTBE3KPNEKBIC3ULMSPA
X-Message-ID-Hash: DVKVOHLOWQMIGTBE3KPNEKBIC3ULMSPA
X-MailFrom: gorry@erg.abdn.ac.uk
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-radext.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: The IESG <iesg@ietf.org>, draft-ietf-radext-radiusdtls-bis@ietf.org, mrcullen42@gmail.com, radext-chairs@ietf.org, radext@ietf.org, valery@smyslov.net
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [radext] Re: Gorry Fairhurst's Discuss on draft-ietf-radext-radiusdtls-bis-15: (with DISCUSS and COMMENT)
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/p0RDZsbepLvc0zyS7a6dnelJ3rA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Owner: <mailto:radext-owner@ietf.org>
List-Post: <mailto:radext@ietf.org>
List-Subscribe: <mailto:radext-join@ietf.org>
List-Unsubscribe: <mailto:radext-leave@ietf.org>

On 06/06/2026 02:15, Alan DeKok wrote:
> On Jun 5, 2026, at 4:37 PM, Jan-Frederik Rieckers <rieckers@dfn.de> wrote:
>> I'm not sure which parts of RFC8085 we can reference here that would add value to this document.
>>  From what I read, there is little guidance on implementation and more on how to design a UDP-based protocol. Since we are using an existing UDP-based protocol (RADIUS) and only extending it, there is not much that we can do without significantly changing the way RADIUS behaves.
>    RFC 8085 has some recommendations for applications using UDP.  But there are issues when applying those recommendations to RADIUS, or even other UDP protocols such as DHCP or DHCPv6.
>
>    For example, the document discusses "flows" of UDP packets.  There are aren't "flows" in RADIUS, or in DHCP.
>
>    The document also distinguishes "high data-volume" applications from "Low data-volume" applications.    It's not clear which one applies to RADIUS.  But if we look at low-volume, the document says this:
>
>> 3.1.3. Low Data-Volume Applications
>> Applications that at any time exchange only a few UDP datagrams with
>> a destination SHOULD still control their transmission behavior by not
>> sending on average more than one UDP datagram per RTT to a
>> destination.
>    Except that in RADIUS (and DHCP), the sending of datagrams is triggered by external events.  So the RADIUS application does not (and can not) limit its transmission behavior to any one "high volume" or "low volume" regime.
>
>    Maybe we can refer to specific sections of RFC 8085.  But event the discussion of rate limiting is wrong or misleading for RADIUS:
>
>> Even low data-volume UDP flows may benefit from packet pacing, e.g.,
>> an application that sends three copies of a packet to improve
>> robustness to loss is RECOMMENDED to pace out those three packets
>> over several RTTs, to reduce the probability that all three packets
>> will be lost due to the same congestion event (or other event, such
>> as burst corruption).
>    RADIUS doesn't send 3 copies of a packet at the same time.  If a RADIUS server is sending bursts of traffic, it's because there is a sudden burst of users who are asking for network access.
>
>    Some of the recommendations in RFC8085 are actively harmful for RADIUS.  Others cannot be implemented in RADIUS.  I don't see many sections of RFC 8085 which directly apply to RADIUS.
>
>    RFC8085 is intended to deal with applications which use UDP to send streams / flows of packets, so that the application has finer-grained control over the rate limiting, RTT handling, and retransmission.  i.e. applications which use UDP as a replacement for TCP.  RADIUS isn't in this category, and neither is DHCP, DHCPv6, or DNS.
>
>    As a result, I think that a general reference to follow RFC 8085 is likely to be misleading and / or wrong.
>
>    Alan DeKok.
>
I saw this email and then realised I had not directly responded to your 
text on my comment.

So I think the remaining question was if there was useful insight in 
RFC8085.  I take your point that the base protocol is already UDP, and 
this is not calling for a redesign of that.

I'd also agree that RFC 8085 doesn't provide much help, so not 
referencing is fine with me. (Maybe it should be updated to include more 
on this type of use, but that is certainly another story...)

Best wishes,

Gorry

v2.46.0 | Report a Bug | By Email | System Status