Re: [radext] Extended IDs
Bernard Aboba <bernard.aboba@gmail.com> Sun, 10 December 2017 16:31 UTC
Return-Path: <bernard.aboba@gmail.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC5C5128B93 for <radext@ietfa.amsl.com>; Sun, 10 Dec 2017 08:31:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lG6Si8Z_IUUN for <radext@ietfa.amsl.com>; Sun, 10 Dec 2017 08:31:11 -0800 (PST)
Received: from mail-qt0-x230.google.com (mail-qt0-x230.google.com [IPv6:2607:f8b0:400d:c0d::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D830E124D6C for <radext@ietf.org>; Sun, 10 Dec 2017 08:31:10 -0800 (PST)
Received: by mail-qt0-x230.google.com with SMTP id g9so32329732qth.9 for <radext@ietf.org>; Sun, 10 Dec 2017 08:31:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=7Rbh0+iCP09RRSWz/0YR8olFacuR1zZSG2F14tdVeSc=; b=rOWlnTwAYsx7ozaDhLITPbT6d6799ORkv/zAVQmold1ycZnBmCFf6yP9gKtMPuZMnA BgiafVfOi985araDPRunKG1veDIa3GOxh8ftQOF5q03WmVAqoWUjz/2+Wznmwu3Diw75 UWeZ1c0sOjpatQnJPLlZ0bQ2dZB1onSejWVGg+BJxGtrYbMqvqxUPXL6DJ+RxNWEt5h3 88+28x7xLMnx2zS3stPbrXmfajxarylNW7hs8BDs9T0hQux+AEZjN4KD6JRvqiIuNbru 73vjU+A1bvSxQwjbuzLJm8Zh/tEzuzXM2T3a+XvUf49CTi8oVQ9j0Cgndd2syrMK8ixD LD9Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=7Rbh0+iCP09RRSWz/0YR8olFacuR1zZSG2F14tdVeSc=; b=c2uN7LoSfAXWumLL4RLF1AqX79C5tXVEilITcQ7DnxLnXTUSH8kt8E6fRrtVw5R8lb FF1l5Ga9D++Rhe+gIyUJdXhmYRYuL5S0OQrI4SnpEbYyEQJZvQRmWKo+otGdUpMF1FwM KgELovtlxgXBnsq/E/0xkH13wqW5OT/iSBDmOV4kEFeYFsry/qPiVRZS9FQcj0ttxkJT uSMBF7UBWLWzBLj/lDqH5QxtuW74p9sbfvwf4iQzuL+iAPVY/gZbxhL/J5/kzWam+W+C 3004tPbLiB4vzdt01QkDYhBY+1AQni2ueBpevQtZMOeHa9JKMTtvIwLqhNi9RP+dT+6p ai7A==
X-Gm-Message-State: AJaThX4zQliXtuo3G8UPkOQFzz645U3F6oaImtWs+0iY9HwGkXSShTQo W9lllGoty/V+IqF15FuB4lvtsDPR
X-Google-Smtp-Source: AGs4zMb2tK1df0GPVlO8A8bNmqUX6HCCJYTs8I3vkIivOdb+fPGdWk22b+RIa7WMPkAPueNryQmQhg==
X-Received: by 10.129.78.73 with SMTP id c70mr24949426ywb.300.1512923469595; Sun, 10 Dec 2017 08:31:09 -0800 (PST)
Received: from [10.152.76.136] (mobile-166-172-185-140.mycingular.net. [166.172.185.140]) by smtp.gmail.com with ESMTPSA id k16sm5393841ywh.88.2017.12.10.08.31.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 10 Dec 2017 08:31:08 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
From: Bernard Aboba <bernard.aboba@gmail.com>
X-Mailer: iPhone Mail (15C114)
In-Reply-To: <A4B9DD54-859E-4EDC-9596-6D2274E9F367@deployingradius.com>
Date: Sun, 10 Dec 2017 11:31:06 -0500
Cc: Winter Stefan <stefan.winter@restena.lu>, radext@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <9B25ADF9-CBAF-4A1D-937E-13532C2D7B06@gmail.com>
References: <fef698a5-9802-c9be-04d7-1e869651c988@restena.lu> <dfd0ff02-c9e8-7253-4fb4-1e6def3e93b2@restena.lu> <A4B9DD54-859E-4EDC-9596-6D2274E9F367@deployingradius.com>
To: Alan DeKok <aland@deployingradius.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/yuUDRVlubsptIGWASovhdZuI8RQ>
Subject: Re: [radext] Extended IDs
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Dec 2017 16:31:13 -0000
I strongly prefer draft-dekok. draft-chen takes approaches outside the mainstream of RADIUS implementations and previous standards, and is very under-specified. As a result its implementation will be much more difficult than is necessary. It extends the Status-Server message for the purpose of capability discovery which is inappropriate and utilizes an adhoc complex data type which violates RFC 6929. > On Nov 28, 2017, at 11:16 AM, Alan DeKok <aland@deployingradius.com> wrote: > >> On Nov 28, 2017, at 8:54 AM, Stefan Winter <stefan.winter@restena.lu> wrote: >> In your reply to this call for adoption, please indicate which of the >> two drafts you think should be adopted. You can of course also indicate >> that none of the two are fit for purpose. The only thing you really >> shouldn't do is to vote for both; that wouldn't help the discussion move on. > > I prefer draft-dekok-radext-request-authenticator-02 > > If the WG decides to use draft-chen-radext-identifier-attr-02, then I believe it needs significant changes before it's ready for publication: > > - use of "ad hoc" complex data type violates RFC 6929 Section 6.3 > > - the negotiation can be simplified with no loss of functionality. See my draft for examples. > > - there is minimal discussion as to how this affects proxies, TCP, UDP, etc. > > - there is minimal discussion of inter-operability considerations with existing RADIUS solutions > > - there are few guidelines for implementors > > While some WG members may prefer the technical solution in draft-chen-radext-identifier-attr-02, I think everyone can agree that the other proposal has these issues exhaustively enumerated and discussed. > > Alan DeKok. > > _______________________________________________ > radext mailing list > radext@ietf.org > https://www.ietf.org/mailman/listinfo/radext
- [radext] Extended IDs Stefan Winter
- Re: [radext] Extended IDs Stefan Winter
- Re: [radext] Extended IDs Alan DeKok
- Re: [radext] Extended IDs Acee Lindem (acee)
- Re: [radext] Extended IDs Robert Raszuk
- Re: [radext] Extended IDs Jakob Heitz (jheitz)
- Re: [radext] Extended IDs Alan DeKok
- Re: [radext] Extended IDs Jakob Heitz (jheitz)
- Re: [radext] Extended IDs Alan DeKok
- Re: [radext] Extended IDs Astrid Smith
- Re: [radext] Extended IDs Naiming Shen (naiming)
- Re: [radext] Extended IDs Alan DeKok
- Re: [radext] Extended IDs Peter Deacon
- Re: [radext] Extended IDs Alan DeKok
- Re: [radext] Extended IDs Stig Venaas
- Re: [radext] Extended IDs Enke Chen
- Re: [radext] Extended IDs Peter Deacon
- Re: [radext] Extended IDs Arran Cudbard-Bell
- Re: [radext] Extended IDs peter
- Re: [radext] Extended IDs Bernard Aboba
- Re: [radext] Extended IDs Alan DeKok
- [radext] FW: Extended IDs Albert Tian
- Re: [radext] Extended IDs Enke Chen
- Re: [radext] Extended IDs Brian Weis (bew)
- Re: [radext] Extended IDs Alan DeKok
- Re: [radext] Extended IDs Brian Weis (bew)
- Re: [radext] Extended IDs David Carrel
- Re: [radext] Extended IDs Peter Deacon
- Re: [radext] Extended IDs Alan DeKok
- Re: [radext] Extended IDs Adam Bishop
- Re: [radext] Extended IDs Jun Zhuang
- Re: [radext] Extended IDs Naiming Shen (naiming)
- Re: [radext] Extended IDs Naiming Shen (naiming)
- Re: [radext] Extended IDs Peter Deacon
- Re: [radext] Extended IDs Naiming Shen (naiming)
- Re: [radext] Extended IDs Peter Deacon
- Re: [radext] Extended IDs Naiming Shen (naiming)
- Re: [radext] Extended IDs Peter Deacon
- Re: [radext] Extended IDs Naiming Shen (naiming)
- Re: [radext] Extended IDs Peter Deacon
- Re: [radext] Extended IDs Naiming Shen (naiming)
- Re: [radext] Extended IDs Jakob Heitz (jheitz)
- Re: [radext] Extended IDs Peter Deacon
- Re: [radext] Extended IDs Naiming Shen (naiming)
- Re: [radext] Extended IDs Stefan Winter
- Re: [radext] Extended IDs Stefan Winter
- Re: [radext] Extended IDs Peter Deacon
- Re: [radext] Extended IDs Enke Chen
- Re: [radext] Extended IDs Peter Deacon
- Re: [radext] Extended IDs Alan DeKok
- Re: [radext] Extended IDs Alan DeKok
- Re: [radext] Extended IDs Acee Lindem (acee)
- Re: [radext] Extended IDs Adam Bishop
- Re: [radext] Extended IDs Enke Chen
- Re: [radext] Extended IDs Alan DeKok
- Re: [radext] Extended IDs Stefan Winter
- Re: [radext] Extended IDs Acee Lindem (acee)
- Re: [radext] Extended IDs Alan DeKok
- Re: [radext] Extended IDs Acee Lindem (acee)
- Re: [radext] Extended IDs Stefan Winter
- Re: [radext] Extended IDs Alexander Clouter