IETF Logo Mail Archive

Re: [radext] Extended IDs

Alan DeKok <aland@deployingradius.com> Wed, 19 April 2017 00:16 UTC

Return-Path: <aland@deployingradius.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D83CE129463 for <radext@ietfa.amsl.com>; Tue, 18 Apr 2017 17:16:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PxlsSfUX8Cqn for <radext@ietfa.amsl.com>; Tue, 18 Apr 2017 17:16:39 -0700 (PDT)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) by ietfa.amsl.com (Postfix) with ESMTP id 140D81200C1 for <radext@ietf.org>; Tue, 18 Apr 2017 17:16:39 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.networkradius.com (Postfix) with ESMTP id 253C51A89; Wed, 19 Apr 2017 00:16:38 +0000 (UTC)
Received: from mail.networkradius.com ([127.0.0.1]) by localhost (mail-server.vmhost2.networkradius.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vab7gA2EklwC; Wed, 19 Apr 2017 00:16:37 +0000 (UTC)
Received: from [192.168.120.42] (23-233-24-114.cpe.pppoe.ca [23.233.24.114]) by mail.networkradius.com (Postfix) with ESMTPSA id DE8F55B6; Wed, 19 Apr 2017 00:16:36 +0000 (UTC)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <af16dfe3-f134-0478-6a02-f73699ecdb02@cisco.com>
Date: Tue, 18 Apr 2017 20:16:34 -0400
Cc: radext@ietf.org, Naiming Shen <naiming@cisco.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <1767D4FB-29BB-4E91-9339-1B40F3D3FC91@deployingradius.com>
References: <361AC9F2-4CFE-46D5-A893-CBEDAFFA85B8@deployingradius.com> <af16dfe3-f134-0478-6a02-f73699ecdb02@cisco.com>
To: Enke Chen <enkechen@cisco.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/t3tzz09iuD8pOO24f7Bec7BNamk>
Subject: Re: [radext] Extended IDs
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Apr 2017 00:16:42 -0000

On Apr 18, 2017, at 6:47 PM, Enke Chen <enkechen@cisco.com> wrote:
> Out of 255 numbers for the Packet Type Codes, 52 are currently allocated.  Given
> the popularity of RAIDUS, this number space may run out in the future.

  That's called "Diameter".  :(

> Although the Code field does not have to be enlarged together with the Identifier
> field, it just makes sense to do them together so that we go through the changes
> once and be done with it.  There is little additional cost (in terms of development,
> memory and transmission) to cover the Code field, and its usage is optional until
> needed.

  The issue is solving one problem at a time.  There is no *current* need to extend the Code space.  Therefore, there shouldn't be a proposal to extend it.

>> 
>> * The "status" field should similarly be removed from the document.  Instead,
>>  just the presence of the attribute in a reply should be good enough.
> 
> Without the "status" field, we are afraid that some implementation may just send
> back the unrecognized attribute.  The field would certainly help make it more
> explicit and deterministic about whether the feature is supported by a device.

  I think it's safe to say that servers don't "echo" back attributes.

  If you need an explicit ACK, create one.  Don't overload the contents of an attribute.  See RFC 6929 Section 6.3 for guidelines on using Complex Data Types.

>> * using the 4-octet identifier *instead of* the normal ID means the protocol
>>  is being changed, this cannot be done.
> 
> I am not sure what you mean by the statement "the protocol is being changed, 
> this cannot be done".
> 
> You seem to mean that "such change is not allowed"?  If that is correct, then I
> am wondering what basis you have (other than personal opinion) for such a position.
> If there exists some official IETF rules that I am not aware of, please let me know.

  I mean that modifying RADIUS in minor ways is probably OK.  Changing the base RADIUS protocol is not.

  Making clients and servers change the meaning and interpretation of the ID field is changing RADIUS.  I don't think you will get consensus from RADEXT, much less the IESG for this proposal.

> I have been involved in IETF (mostly in the routing area) for more than 20 years.
> AFAIK, any extension to an existing protocol is a change to the protocol, and such
> changes have been made and continue to be made all the time, and some by you in
> this radext working group :-) 

  Sure.  Except that *major* changes to RADIUS are called "Diameter". :(

> AFAIK, the RADIUS standard does not specify how the IDs are allocated, and that is
> completely left to the implementation and as a local matter on the sender.
> 
> IMO deviation from such well-established practice will be challenging for backward
> compatibility and deployment.

   It's no more challenging than your proposal to replace the ID field entirely.

> In addition, following the current RADIUS practice it remains an implementation
> decision how this new 4 bytes "ID" field is allocated.  However, I do not see any
> value for combining this new 4-byte "ID" field with the existing one-byte "ID"
> field and using them both.

  There is likely no technical value.  The issue is any change requires consensus from RADEXT and IESG, which means the changes must be *percieved* to be minor extensions to RADIUS.

  Alan DeKok.

v2.23.0 | Report a Bug | By Email