IETF Logo Mail Archive

Re: [radext] Proposed charter text based on IETF-115 BoF

josh.howlett@gmail.com Wed, 30 November 2022 09:22 UTC

Return-Path: <josh.howlett@gmail.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40AABC14CE30 for <radext@ietfa.amsl.com>; Wed, 30 Nov 2022 01:22:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cLk0DOuvSw1N for <radext@ietfa.amsl.com>; Wed, 30 Nov 2022 01:22:05 -0800 (PST)
Received: from mail-wm1-x330.google.com (mail-wm1-x330.google.com [IPv6:2a00:1450:4864:20::330]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3A39C14CE2B for <radext@ietf.org>; Wed, 30 Nov 2022 01:22:05 -0800 (PST)
Received: by mail-wm1-x330.google.com with SMTP id i81-20020a1c3b54000000b003d070274a61so462562wma.3 for <radext@ietf.org>; Wed, 30 Nov 2022 01:22:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-language:thread-index:content-transfer-encoding :mime-version:message-id:date:subject:in-reply-to:references:cc:to :from:from:to:cc:subject:date:message-id:reply-to; bh=CwIrwRNaKZvuMk+nDq2xNlhY7sIu5NBA3aPkhRh1lNw=; b=QzIsEU2txcr7S+/7LVopniAvsroaQFmUKKzXHCCiw/Oddm29+Bj9vWzW0lYm2MrR00 o+nrp+fOcd9OTmAPil3PWgUo/S0UC5HZ2JBroC704S4pTHPL3twNIYcJtipJI4niHefI NuO+wlWJ72votc+Z93TwXvb2beo327XHqtEemNAkRAKiJkkvmS2pcW66UDZHumimFMTh O/zNmEOeRRKV9Cj7CHOHvIZXOpNlgsJmRknJukixYby1mzHqxPe86hDKFCATfN6+wVAt nXCdGZMsSoivid+JfPu3i+BSfpwx9+Ca6vDU8qrlBG8/m72mAW5opAN38SSGd6xAgq5a DqeA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-language:thread-index:content-transfer-encoding :mime-version:message-id:date:subject:in-reply-to:references:cc:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=CwIrwRNaKZvuMk+nDq2xNlhY7sIu5NBA3aPkhRh1lNw=; b=VMRh4DWbJLgH+fYhZZdD6i3TjEfoWNsQJdHMFhyBlapDFLW5/Zi6Mzmq5o7glW7fJJ wGAoet+bEN2CHRdm+bJ8l7He0ywd0fpbzXcG85MF08/sfFAFdqCtV/DRQpuBOn8g87IP TS3aMYwlGM5CARi27s/AxbcqmRBJcHrltIBlhX4YH4iSrU/fKL/cN/BQAvs0z/azAqZG kig7paTODU6xb34EJ8jjyrP+pqXmWkMQxn3ileX/S+n8Uy49RFyLIicSy8NnUwZDMk6U jUpVkrVnMW3/+1zGkvHOmQhx9fMqR712isIwN2fMdlg4ZqcupeHvJh1m47uxLq1TfRwa 5V3w==
X-Gm-Message-State: ANoB5pmpEt1N5UleQXz9pNfnNnF9H5GwilBQKadc+6nZmok9NiWIqpPT nGdoODYtqCxMw5+1LnsJjb8=
X-Google-Smtp-Source: AA0mqf7BhVs8IMnn2VYidt1wBUgfUFbYfnDMUjhJltNscKP4ned67Z70HqqQjSIrPsK3BT/Y0navhQ==
X-Received: by 2002:a05:600c:3583:b0:3b4:6c36:3f59 with SMTP id p3-20020a05600c358300b003b46c363f59mr34124173wmq.100.1669800124180; Wed, 30 Nov 2022 01:22:04 -0800 (PST)
Received: from TABLET7VKS5QAO ([62.253.43.249]) by smtp.gmail.com with ESMTPSA id bi18-20020a05600c3d9200b003c65c9a36dfsm1165214wmb.48.2022.11.30.01.22.02 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 30 Nov 2022 01:22:03 -0800 (PST)
From: josh.howlett@gmail.com
To: 'Alan DeKok' <aland@deployingradius.com>, 'Bernard Aboba' <bernard.aboba@gmail.com>
Cc: radext@ietf.org
References: <FD0507D4-2C1D-478A-97E0-ECEEF1A5613B@deployingradius.com> <EAAC2507-5D29-4453-8881-BC8D9D5314D8@deployingradius.com> <CAOW+2dsKg_H9f3zRUnanCpgGO+G=VPyxzWa9hsrCJCpsnoBsxA@mail.gmail.com> <7CB701B8-BD8F-4ADC-9265-12FC7EBE8FB6@deployingradius.com> <CAOW+2dtDkN3Hvk1vmuyJYGP9KS5WaGDenwQBb7-g12e6SxvEzw@mail.gmail.com> <05f4711f-4f9f-7bb6-e04f-b3c9ebc73202@dfn.de> <9e24bb0f-b12b-8235-3e88-65d4c59f205c@newtoncomputing.co.uk> <e94b8273-6189-efc4-dfa5-3ab3bacbdac6@dfn.de> <7cdb23d1-1d91-71ed-14ee-157315beb278@newtoncomputing.co.uk> <7604703a-075f-7ad6-9c85-24e9a0f845fb@dfn.de> <CAA7Lko9wSP0E8tSQwQ4uhud-f+OBZf6Nw-EGf0XqLPkg8vpN8A@mail.gmail.com> <6D8C428B-D837-4FFE-9739-99C7C20FF64D@deployingradius.com> <CAOW+2dvxo0cpg5+1W-Tyo=s3Ee7EGWFnn+GgW6juEous+6+dug@mail.gmail.com> <9388DD9A-7E92-4C52-8ED8-C36B6282820F@deployingradius.com> <CAOW+2dvc7mKbtzXb_SxBQDarTP_=GrOATvi-dui=giN6jn=ffA@mail.gmail.com> <A4EE4471-92C9-4A7A-AD0B-E2C56EFF8249@deployingradius.com> <cc61da67-e756-de20-aafa-e9485ae9ef57@uni -bremen.de> <CAA7Lko_bbpdVnfS6x3k56W0MnfQkfBxGTbVrViw4Td2J-0H_Nw@mail.gmail.com> <9A56812C-E840-4DF6-9D28-18EF528E79F2@deployingradius.com> <CAOW+2ds6Q=1=9vtWK4oGttWDWg6Su4Lemq+nMugZdx29NdEgGw@mail.gmail.com> <502C4ADE-C881-43BF-8708-E7232C7A3F01@deployingradius.com>
In-Reply-To: <502C4ADE-C881-43BF-8708-E7232C7A3F01@deployingradius.com>
Date: Wed, 30 Nov 2022 09:22:03 -0000
Message-ID: <08b301d9049d$35b0b510$a1121f30$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQL/kPjk7coizjyX/7NgPnHPH1uiQgIjvgweAi9f+MAB0MRL4wK9UhFAAk3C6PICDaar2gF7Eb8CAbub/gcDOuFbcwIZmoJ2AW/vOH8BfzPGWwLpFO3kAQKS2LgBJRMWTwI/QFBcAbbTwjEBzpwHdAGbpbBQAb1/fGuq0unqAA==
Content-Language: en-gb
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/ztx9c2_Un1UrdS1doU5vJ1tXwRA>
Subject: Re: [radext] Proposed charter text based on IETF-115 BoF
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Nov 2022 09:22:06 -0000

>   Perhaps these issues are best left for a RADIUS routing protocol.  In
the
> venerable RADIUS tradition, just run away from problems and ignore them.

+1

IMO the main goal of a RADIUS routing protocol should be to minimise (and
ideally remove) the number of hops between domains sharing similar policies.
Intermediaries having conflicting policies introduce ambiguities that
degrade enforceable policy to the lowest common denominator.

The routing later can then manage policy semantics (such as E2E security),
informing RADIUS which connections are policy compliant (or not).

Josh

v2.23.0 | Report a Bug | By Email