[radext] AD review of draft-ietf-radext-ieee802ext-09
Benoit Claise <bclaise@cisco.com> Fri, 17 January 2014 10:30 UTC
Return-Path: <bclaise@cisco.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBBE61ADFCE for <radext@ietfa.amsl.com>; Fri, 17 Jan 2014 02:30:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.038
X-Spam-Level:
X-Spam-Status: No, score=-10.038 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c5q_LvWc4ghr for <radext@ietfa.amsl.com>; Fri, 17 Jan 2014 02:30:40 -0800 (PST)
Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) by ietfa.amsl.com (Postfix) with ESMTP id 4BDFB1ADFC6 for <radext@ietf.org>; Fri, 17 Jan 2014 02:30:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7813; q=dns/txt; s=iport; t=1389954628; x=1391164228; h=message-id:date:from:mime-version:to:cc:subject; bh=o95c9nZx7W448CkKg5xkPncDLzUqWi89W174jEL47ZA=; b=Odh8shXqVjeWY5dbt2AuZJ87Ok6zR6e7CqD+B4sdYcltkmiv1QO2gP/c B+clLOLyV+vtfM5E9mLXmpBJ2Rx7UN0zuOS6dyEugmJVBcI6PMFIoRlv+ eUSkjf3RV3lw2suhRkNStGXwj5y5Cz7iOfyXGaXg4UZ1T2lJ32Xppl8yP k=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AjMFAJFf2FKQ/khL/2dsb2JhbABZgws4iTGyNoEPFnSDJAE8FhgDAgECAUsNAQcBAYgADcU0EwSOf4Q/BIxfi0KGRnyKVYMuOw
X-IronPort-AV: E=Sophos;i="4.95,670,1384300800"; d="scan'208,217";a="3094493"
Received: from ams-core-2.cisco.com ([144.254.72.75]) by aer-iport-2.cisco.com with ESMTP; 17 Jan 2014 10:30:27 +0000
Received: from [10.60.67.85] (ams-bclaise-8914.cisco.com [10.60.67.85]) by ams-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id s0HAUQrQ028312; Fri, 17 Jan 2014 10:30:26 GMT
Message-ID: <52D90642.4000000@cisco.com>
Date: Fri, 17 Jan 2014 11:30:26 +0100
From: Benoit Claise <bclaise@cisco.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: "radext@ietf.org" <radext@ietf.org>
Content-Type: multipart/alternative; boundary="------------080008050106020301020404"
Cc: "<lionel.morand@orange.com>" <lionel.morand@orange.com>
Subject: [radext] AD review of draft-ietf-radext-ieee802ext-09
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jan 2014 10:30:43 -0000
Dear all, Glad that this document finally makes progress. From the writeup (https://datatracker.ietf.org/doc/draft-ietf-radext-ieee802ext/shepherdwriteup/), I see: (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. The document (informatively) references to RFC4005 on its Diameter considerations. The RFC4005 will soon be obsoleted by RFC4005bis. The RFC4005bis also deprecates the RADIUS-Diameter automated translation, which is discussed in detail in Section 4 Diameter Considerations. The shepherd would recommend removing entire Section 4, since RADIUS-Diameter considerations are not really endorsed anymore. Furthermore, Section 4 uses Diameter AVP Flag rules as defined in RFC3588, which has already been obsoleted by RFC6733 and there the AVP Flag rules are less due to e.g. deprecation of Diameter in-band security. I would actually prefer to keep the section 4, because the AVPs are allocated in the range 1-255. However, RFC 4005bis must be mentioned as well. This specific point is also discussed in draft-ietf-dime-app-design-guide-21 Guidelines for implementing a RADIUS-Diameter translation agent were put into the Diameter NASREQ Application RFC 4005. However, it was acknowledged that such translation mechanism was not so obvious and deeper protocol analysis was required to ensure efficient interworking between RADIUS and Diameter. Moreover, the interworking requirements depend on the functionalities provided by the Diameter application under specification, and a case-by-case analysis is required. As a consequence, all the material related to RADIUS-to-Diameter translation has been removed from the new version of the Diameter NASREQ application specification [RFC4005bis], which deprecates RFC4005 Feel free to synchronize with Lionel Morand, the draft-ietf-dime-app-design-guide-21 editor, who is currently working on a revised text Regarding this point below, I agree with Jouni, can you please make the change to be in line with the RFC 6733 format (for example, RFC 6733 doesn't have encryption) Furthermore, Section 4 uses Diameter AVP Flag rules as defined in RFC3588, which has already been obsoleted by RFC6733 and there the AVP Flag rules are less due to e.g. deprecation of Diameter in-band security. EDITORIAL The guidelines in RFC 3580 are still valid, right? OLD: "IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines" [RFC3580] provided guidelines for the use of the Remote Authentication Dialin User Service (RADIUS) within networks utilizing IEEE 802 local area networks. NEW: "IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines" [RFC3580]_provides_guidelines for the use of the Remote Authentication Dialin User Service (RADIUS) within networks utilizing IEEE 802 local area networks. Regards, Benoit
- [radext] AD review of draft-ietf-radext-ieee802ex… Benoit Claise
- Re: [radext] AD review of draft-ietf-radext-ieee8… Benoit Claise