Re: [radext] AD review http://tools.ietf.org/html/draft-ietf-radext-dtls-09
Alan DeKok <aland@deployingradius.com> Wed, 16 April 2014 16:47 UTC
Return-Path: <aland@deployingradius.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C33A11A00FB for <radext@ietfa.amsl.com>; Wed, 16 Apr 2014 09:47:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DqvYm-5uUynY for <radext@ietfa.amsl.com>; Wed, 16 Apr 2014 09:47:35 -0700 (PDT)
Received: from power.freeradius.org (power.freeradius.org [88.190.25.44]) by ietfa.amsl.com (Postfix) with ESMTP id ADD3A1A01AC for <radext@ietf.org>; Wed, 16 Apr 2014 09:47:34 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by power.freeradius.org (Postfix) with ESMTP id 7D83622401C5; Wed, 16 Apr 2014 18:47:00 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at power.freeradius.org
Received: from power.freeradius.org ([127.0.0.1]) by localhost (power.freeradius.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dnK2q9FEEvzL; Wed, 16 Apr 2014 18:46:57 +0200 (CEST)
Received: from Thor.local (unknown [64.229.83.96]) by power.freeradius.org (Postfix) with ESMTPSA id D1E5722403B8; Wed, 16 Apr 2014 18:46:56 +0200 (CEST)
Message-ID: <534EB3FF.5040507@deployingradius.com>
Date: Wed, 16 Apr 2014 12:46:55 -0400
From: Alan DeKok <aland@deployingradius.com>
User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228)
MIME-Version: 1.0
To: Benoit Claise <bclaise@cisco.com>
References: <534D42E8.8020501@cisco.com>
In-Reply-To: <534D42E8.8020501@cisco.com>
X-Enigmail-Version: 0.96.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/radext/uHWMP58d4O3vGv3QMYSYuAI8kTM
Cc: "radext@ietf.org" <radext@ietf.org>
Subject: Re: [radext] AD review http://tools.ietf.org/html/draft-ietf-radext-dtls-09
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Apr 2014 16:47:37 -0000
Benoit Claise wrote: > - In section 5.1: > > A RADIUS/DTLS server MUST track ongoing DTLS client session based the > following 4-tuple: > > Does the MUST also apply to the DTLS Data and Last Traffic as well? The MUST means that the 4 tuple MUST contain the DTLS session information. The Last Traffic need be there only if it's used. The implementation-specific DTLS data information is there only if it's needed by the implementation. I'll update the text to make this clearer. > - Any reason why this sentence is repeated. Maybe the third one wants to > stress_ for all DTLS sessions_? Yes. I'll make that clear. > - Section 7 "Implementation experience" should follow RFC 6982 > "Implementation Status" format. > Example: > https://datatracker.ietf.org/doc/draft-ietf-eman-energy-aware-mib/ or > https://datatracker.ietf.org/doc/draft-ietf-eman-energy-monitoring-mib/ I'll take a look. > - IANA considerations. > Please make sure to spell out the exact IANA registry. Done. > Editorial: > - OLD: > > This specification does not, however, solve all of the problems > associated with RADIUS. > > NEW: > This specification does not, however, solve all of the problems > associated with RADIUS/UDP Done. > - Some misalignement in section 5.1: > Each 4-tuple points to a unique session entry, which contains the > following information: I'll update the text. > 10.1 > <http://tools.ietf.org/html/draft-ietf-radext-dtls-09#section-10.1>. > Legacy RADIUS Security > > protocol. We suggest that RADIUS clients and servers implement > either this specification, or [RFC6614 <http://tools.ietf.org/html/rfc6614>]. > > "protocol" looks lonely there :-) Fixed. > - please extend CSPRNG Done. > - > When DTLS is used, the fixed IP address model can be relaxed. As > discussed earlier in Section 2.2.1 <http://tools.ietf.org/html/draft-ietf-radext-dtls-09#section-2.2.1>, client identies should be > determined from TLS parameters. > > identies? Fixed. Alan DeKok.
- [radext] AD review http://tools.ietf.org/html/dra… Benoit Claise
- Re: [radext] AD review http://tools.ietf.org/html… Alan DeKok
- Re: [radext] AD review http://tools.ietf.org/html… Benoit Claise