IETF Logo Mail Archive

Re: [radext] draft-ietf-dhc-dhcpv6-radius-opt-10

"Leaf Yeh" <leaf.yeh.sdo@gmail.com> Thu, 04 April 2013 16:54 UTC

Return-Path: <leaf.yeh.sdo@gmail.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CE1921F8BC0; Thu, 4 Apr 2013 09:54:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.053
X-Spam-Level:
X-Spam-Status: No, score=-0.053 tagged_above=-999 required=5 tests=[AWL=2.546, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1UwTZTyZzuSg; Thu, 4 Apr 2013 09:54:43 -0700 (PDT)
Received: from mail-pd0-f173.google.com (mail-pd0-f173.google.com [209.85.192.173]) by ietfa.amsl.com (Postfix) with ESMTP id 6F1D721F8BBC; Thu, 4 Apr 2013 09:54:43 -0700 (PDT)
Received: by mail-pd0-f173.google.com with SMTP id v14so1316273pde.4 for <multiple recipients>; Thu, 04 Apr 2013 09:54:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:from:to:cc:references:in-reply-to:subject:date :message-id:mime-version:content-type:content-transfer-encoding :x-mailer:thread-index:content-language; bh=7jLnhIoskYEOvLFrvPJ5NsMjgeTgVKi3x5UPcppSROM=; b=0/PqdNEfXum7iGlZ/oMjFnfXWRtGCEF/aYOkxyYQnHTEZQWjDZFS29eTWpurpAEg+l wEdN7wBMo+6xFl1QCxPw2BhZUlxB5JVsfQ9wQ5ZkHtL+UC2wJpE/AHGQX0V/KcMcqAPL yJvgfnFH36VjBNxX8mATaxRHQrlwAiWY34tRq/+UBMPakH/GFE7Qs/iky6wi8ZqSYX39 NpQ39TZs+OnFEJEUZsF+Bn44Li2nzxHxLghd7MofcwaiKagtxBjGIV8Wbskd6ozQUZIK Rcr2z9ehtnnE3FgAWyhWcPQFS8eP+bqlQ/o6+4FijFfgPNElHLODGh7GPMnXHkdaxdIf 5Zww==
X-Received: by 10.66.8.34 with SMTP id o2mr10246555paa.182.1365094483157; Thu, 04 Apr 2013 09:54:43 -0700 (PDT)
Received: from PC ([111.193.205.188]) by mx.google.com with ESMTPS id yz4sm5830974pbc.11.2013.04.04.09.54.39 (version=TLSv1 cipher=RC4-SHA bits=128/128); Thu, 04 Apr 2013 09:54:42 -0700 (PDT)
From: Leaf Yeh <leaf.yeh.sdo@gmail.com>
To: 'Alan DeKok' <aland@deployingradius.com>, 'Jouni Korhonen' <jouni.nospam@gmail.com>
References: <B51C71CC-654D-43F3-A50A-321C171CD562@gmail.com> <515D7B4D.7090201@deployingradius.com>
In-Reply-To: <515D7B4D.7090201@deployingradius.com>
Date: Fri, 05 Apr 2013 00:54:33 +0800
Message-ID: <515db052.24fa440a.4c16.ffff93c2@mx.google.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Ac4xNYeyVSG79PrhReiNj3Ln9NlMtAAFIhyw
Content-Language: zh-cn
Cc: radext@ietf.org, 'dhcwg' <dhcwg@ietf.org>
Subject: Re: [radext] draft-ietf-dhc-dhcpv6-radius-opt-10
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/radext>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2013 16:54:44 -0000

Alan - option-len       Length of the option-data in octets
Q: Can it encode more than 256 octets of RADIUS attributes?  If so, what
happens then?
---

The 'option-len' is 2-octet field. It permit the length of 'option-data' is
larger than 256, when the OPTION_RADIUS includes a number of RADIUS
attributes. I think the RADIUS attribute here can also be the attribute of
Long_Extended_Type newly defined in draft-ietf-radext-radius-extensions-13.


Alan - ... Only the attributes listed in the IANA Registry of 'RADIUS
   attributes permitted in DHCPv6 RADIUS option' SHOULD be included in
   the OPTION_RADIUS.
 That should be a MUST.  There's no sense in permitting non-RADIUS traffic
in this option.
---

Do you want the text to be 'Only the attributes listed in ....MUST be
included in ...."? How about turn that 'SHOULD' to be 'should' ?


Alan - 8.  Security Considerations
   Known security vulnerabilities of the DHCPv6 and RADIUS protocol MAY
  Using "MAY" here is probably wrong.  It should be "may".
----

Accepted. That 'MAY' will update to be 'may'.


Best Regards,
Leaf



-----Original Message-----
From: radext-bounces@ietf.org [mailto:radext-bounces@ietf.org] On Behalf Of
Alan DeKok
Sent: Thursday, April 04, 2013 9:08 PM
To: Jouni Korhonen
Cc: radext@ietf.org; draft-ietf-dhc-dhcpv6-radius-opt@tools.ietf.org
Subject: Re: [radext] draft-ietf-dhc-dhcpv6-radius-opt-10

Jouni Korhonen wrote:
> draft-ietf-dhc-dhcpv6-radius-opt-10 has recently passed WGLC in DHC 
> WG. RADEXT WG is solicited for review. We can provide input as part of 
> the IETF LC once it is started.  Remember to CC the RADEXT so we can 
> keep  track of the (possible) comments better.

  A quick review:

4.  DHCPv6 RADIUS option

    option-len       Length of the option-data in octets

Q: Can it encode more than 256 octets of RADIUS attributes?  If so, what
happens then?


   ... Only the attributes listed in the IANA Registry of 'RADIUS
   attributes permitted in DHCPv6 RADIUS option' SHOULD be included in
   the OPTION_RADIUS.

 That should be a MUST.  There's no sense in permitting non-RADIUS traffic
in this option.



8.  Security Considerations

   Known security vulnerabilities of the DHCPv6 and RADIUS protocol MAY


  Using "MAY" here is probably wrong.  It should be "may".
_______________________________________________
radext mailing list
radext@ietf.org
https://www.ietf.org/mailman/listinfo/radext

v2.23.0 | Report a Bug | By Email