From nobody Sat Mar 1 17:39:27 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFBA41A032E for ; Sat, 1 Mar 2014 17:39:24 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.151 X-Spam-Level: X-Spam-Status: No, score=0.151 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001, TVD_SPACE_RATIO=0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yN2AY7q0OIaK for ; Sat, 1 Mar 2014 17:39:23 -0800 (PST) Received: from mail-lb0-x243.google.com (mail-lb0-x243.google.com [IPv6:2a00:1450:4010:c04::243]) by ietfa.amsl.com (Postfix) with ESMTP id 364CE1A0296 for ; Sat, 1 Mar 2014 17:39:22 -0800 (PST) Received: by mail-lb0-f195.google.com with SMTP id w7so1382662lbi.6 for ; Sat, 01 Mar 2014 17:39:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=JgOgIRwmkDkKEMAOJ59LL7MiArLLJ+14G11OKx80MTM=; b=SMUOrggKeqoYrTMWRoUopc0JNHGMOxY8TVnYxirEWQqYiFRO8peieH2JjqvQZ7ZmFi PttMzgW9BRIcEvVoqaZKvPtOU4OkXItBqhdLXuot/CgqwMKX7+Cg+c0eWX2cmvQFcxx5 nRBXMd8upbJ2Rra3RA7tvbyaj8BYh6RGyDzgj1ijViaaV0y5OWGTvZN8HHC3gkTL4P2a 6vy9FVV4CkEjo/2SZP0a1k++nMU3bxiBS1Z8Yi2C+1xNju6j1gg65AGbgIvQ8EsVjEPS 5x0vkOBq3Qi5XfPyL+JkMjkn2n4GtVmktpu8YO8FmDj0HuRNCt/EvnZzltiIZlYkzko+ CNhQ== MIME-Version: 1.0 X-Received: by 10.152.242.165 with SMTP id wr5mr83210lac.47.1393724360005; Sat, 01 Mar 2014 17:39:20 -0800 (PST) Received: by 10.112.172.130 with HTTP; Sat, 1 Mar 2014 17:39:19 -0800 (PST) Received: by 10.112.172.130 with HTTP; Sat, 1 Mar 2014 17:39:19 -0800 (PST) In-Reply-To: References: Date: Sat, 1 Mar 2014 19:39:19 -0600 Message-ID: From: Holly Foulk To: radext@ietf.org Content-Type: multipart/alternative; boundary=001a11344250649c1104f395bda3 Archived-At: http://mailarchive.ietf.org/arch/msg/radext/tCSTA6DSQegB7pjuw8VGHxG9K4E Subject: [radext] http://www.youtube.com/watch?v=MiKRaoV64do&feature=youtube_gdata_player X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Mar 2014 01:39:25 -0000 --001a11344250649c1104f395bda3 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable http://www.youtube.com/watch?v=3DMiKRaoV64do&feature=3Dyoutube_gdata_player http://www.youtube.com/watch?v=3DMiKRaoV64do&feature=3Dyoutube_gdata_player Jara=EDz --001a11344250649c1104f395bda3 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable


http://www.youtube.com/watch?v=3DMiKRaoV64do&feature= =3Dyoutube_gdata_player http://www.youtube.com/watch?v= =3DMiKRaoV64do&feature=3Dyoutube_gdata_player
=A0 Jara=EDz

--001a11344250649c1104f395bda3-- From nobody Sun Mar 2 07:25:38 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 733141A07BA for ; Sun, 2 Mar 2014 07:25:37 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.446 X-Spam-Level: X-Spam-Status: No, score=-2.446 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.547] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KOZ5srpaUOkp for ; Sun, 2 Mar 2014 07:25:34 -0800 (PST) Received: from smtp.restena.lu (legolas.restena.lu [IPv6:2001:a18:1::34]) by ietfa.amsl.com (Postfix) with ESMTP id AB8381A07C6 for ; Sun, 2 Mar 2014 07:25:33 -0800 (PST) Received: from smtp.restena.lu (localhost [127.0.0.1]) by smtp.restena.lu (Postfix) with ESMTP id F008E1486FD; Sun, 2 Mar 2014 16:25:29 +0100 (CET) Received: from viper.local (unknown [158.64.15.194]) by smtp.restena.lu (Postfix) with ESMTPSA id C34B21486F5; Sun, 2 Mar 2014 16:25:29 +0100 (CET) Message-ID: <53134D64.7080304@restena.lu> Date: Sun, 02 Mar 2014 16:25:24 +0100 From: Stefan Winter User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Alejandro Perez Mendez , "radext@ietf.org" References: <53107CBB.3020407@um.es> In-Reply-To: <53107CBB.3020407@um.es> X-Enigmail-Version: 1.6 OpenPGP: id=8A39DC66 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="02PINPucxcC9VxqaDeTnCwN8WcxJXtl88" X-Virus-Scanned: ClamAV Archived-At: http://mailarchive.ietf.org/arch/msg/radext/BE119O8UsHncwsSA8gtcXosuHjs Subject: Re: [radext] Issue with draft-ietf-radext-radius-fragmentation, pre-authorization phase and authentication attributes. X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Mar 2014 15:25:37 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --02PINPucxcC9VxqaDeTnCwN8WcxJXtl88 Content-Type: multipart/mixed; boundary="------------040901060107070808000403" This is a multi-part message in MIME format. --------------040901060107070808000403 Content-Type: multipart/alternative; boundary="------------060606080905000701090800" --------------060606080905000701090800 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hi, > However, in draft-ietf-radext-radius-fragmentation, the first chunk of > the pre-authorization phase may not contain any of these attributes, > as it would depend on the type of the attributes being transported, as > well as the specific distribution of these attributes along the > different chunks. This issue would be circumscribed to this first > chunk, as the rest will contain a State attribute, accepted by RFC 2865= =2E > > draft-ietf-radext-radius-fragmentation already states that compliant > servers will postpone all authorization and authentication handling > until all of the chunks have been received. We have added (for version > 04, that will be uploaded next Monday when the submission process > reopen) some lines clarifying that this postponement also includes > disabling the verification of the inclusion of authentication > attributes until the original large packet has been rebuilt. Hence, > any server implementing draft-ietf-radext-radius-fragmentation would > not fail if the first chunk does not contain any authentication > attribute. > > We expect that proxies will not drop these packets either, as > otherwise they will be precluding any future extension foreseen by RFC > 2865. Which they are allowed to do. It's very arguable whether a proxy should police this particular RFC constraint at all; but if it does, the fragmentation process will be permanently DoSed. > In our opinion, these lines are sufficient to overcome RFC2865's > restriction. However, if the WG members think they are not, then we > might need to include some kind of phony authentication attribute on > this first chunk, just to make it compliant with what it would be > generally expected. For example, an empty EAP-Message attribute > (called EAP-Start in RFC 3579), or a phony CHAP-Password. I would be against phony authentication attributes - especially since the frag draft is very explicitly stating that it does not do any authentication at all. Omitting authentication attributes makes it easy to spot that this is an authorization exchange; adding a "CHAP-Password" makes it unnecessarily hard. I don't understand yet what the issue is that prevents adding a phony *State* though. Couldn't you just state that a first-fragment gets two new attributes? One being Frag-Status; the other one being a State attribute which could be a fixed 0x0 (or allow arbitrary values and simply discard server-side). State shouldn't be in the original Access-Request before splitting (because State is used in echoing a *server's* State attribute back, and has no reason for existence in the first Access-Request); so if you add one together with Frag-Status, it would be the only one; so there should be no ambiguity... Greetings, Stefan Winter --------------060606080905000701090800 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
Hi,

However, in draft-ietf-radext-radius-fragmentation, the first chunk of the pre-authorization phase may not contain any of these attributes, as it would depend on the type of the attributes being transported, as well as the specific distribution of these attributes along the different chunks. This issue would be circumscribed to this first chunk, as the rest will contain a State attribute, accepted by RFC 2865.

draft-ietf-radext-radius-fragmentation already states that compliant servers will postpone all authorization and authentication handling until all of the chunks have been received. We have added (for version 04, that will be uploaded next Monday when the submission process reopen) some lines clarifying that this postponement also includes disabling the verification of the inclusion of authentication attributes until the original large packet has been rebuilt. Hence, any server implementing draft-ietf-radext-radius-fragmentation would not fail if the first chunk does not contain any authentication attribute.

We expect that proxies will not drop these packets either, as otherwise they will be precluding any future extension foreseen by RFC 2865.

Which they are allowed to do. It's very arguable whether a proxy should police this particular RFC constraint at all; but if it does, the fragmentation process will be permanently DoSed.

In our= opinion, these lines are sufficient to overcome RFC2865's restriction. However, if the WG members think they are not, then we might need to include some kind of phony authentication attribute on this first chunk, just to make it compliant with what it would be generally expected. For example, an empty EAP-Message attribute (called EAP-Start in RFC 3579), or a phony CHAP-Password.

I would be against phony authentication attributes - especially since the frag draft is very explicitly stating that it does not do any authentication at all. Omitting authentication attributes makes it easy to spot that this is an authorization exchange; adding a "CHAP-Password" makes it unnecessarily hard.

I don't understand yet what the issue is that prevents adding a phony *State* though. Couldn't you just state that a first-fragment gets two new attributes? One being Frag-Status; the other one being a State attribute which could be a fixed 0x0 (or allow arbitrary values and simply discard server-side).

State shouldn't be in the original Access-Request before splitting (because State is used in echoing a *server's* State attribute back, and has no reason for existence in the first Access-Request); so if you add one together with Frag-Status, it would be the only one; so there should be no ambiguity...

Greetings,

Stefan Winter
--------------060606080905000701090800-- --------------040901060107070808000403 Content-Type: application/pgp-keys; name="0x8A39DC66.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x8A39DC66.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org mQINBFIplEwBEADTSz+DS8nio+RSvfSLLfaOnCGi1nqpn8Pb1laVUyEvnAAzZ5je miS88GxfiDH6hUGlWzcaW0hCfUHGiohr485adbjxRksPngWgAt/1bRxpifsW3zOb Fjgog01WWQV5Sihlwc4zr8zvYbFA5BJZ6YdkR9C5J015riv5OS30WTjA65SSXgYr b7zJWPwmegTFwE093uBFvC39waz3xYpVu5j87nO6w2MVQt/8sY2/2BFPEq+xfOaj l18UEwc7w8SCgnZdlVNcmEK4UBvJuwS/1lsR2JeQa8Gu1EDxC7PRgMgNXsDSWnnB e9aVmfG54+6ILe1QH2dwk9sPBQT5w2+vjijrb3Dv9ur+1kN+TNU2XE436jVpnnY/ 3OsLdix30STQn4Q/XOm7YoVMeDwwviefilRxzK0dXA+wKj92T68Od82CFxuZqPAg BCVmWfQM91iK9piqFK+QP+R3vF6+NGDBdwbe68iVKs0v5L8XmbxBQndjpmo+lo2a smBR2TAIfZHaKdgtBw13u3GPVVKlg/Mpko8ki9JOSem2aFyi3kQEVKptWgXT3POl 97DWJzsR5VyKz6GOx9kJAEISRyLZwm0wqh8+9LCza5oeIKW381lzq1b9x30vOh8C BSQQJ+cG9ko0yPHAj7Suw2TmPXx1qMctmE6Ahq82ZW30SljdZby8WQuR2wARAQAB tDxTdGVmYW4gV2ludGVyIChSRVNURU5BIGtleSAyMDEzKykgPHN0ZWZhbi53aW50 ZXJAcmVzdGVuYS5sdT6JAjkEEwECACMFAlIplEwCGwMHCwkIBwMCAQYVCAIJCgsE FgIDAQIeAQIXgAAKCRDA3mo1ijncZj7/D/99hVS+mJr8dSPCaDaUFFxBiT2eI1Lo R8VKEerTCRw5BsdL6pN2eRJZ9NmsqWo1ynWVHEzO91bNZ+oZGgyoNohcBAI7p+r0 qUTzkyqwdZO4kMm0pqKoM9xkP3tf2mjGujKjOz4Y7S7wnz2ZFokeUsecoRVJF/++ /qHnmeWLn44J1HUKLHYCjMu+QXGOgGXgz024jQ5eUrnPwzNp0Z90AFVHlWC+bymt y/ToIUUCQqS5Ff0jzdWLd8U695OG9iGvjBQT1LdEjsfbAwuKV5UcnpxNqUpUwKa5 9hdX5/2cMZP07FI1UXwnBlxa8rJfdb13FLjSKX4vUUHedYUZMjMPgcwl1a+zGE22 lHiSQWgP8QLA/W3BLsi22ERCEPZBfexOeOtaWIItDIz18fIaQoMDoRPshzar0JI2 CzLYsyeKySAtYJEHFVoLmMvhkwzBmgqA/BEswUA67CfCr1jFHRXdpmWM7YkyAmMa 9q6LwquWKS5+MXlUXe/3oZUcgpw/T9Uuy3Jo3RdS7B3jFcWaVr6KsO/A9u1gr/aY n5M+iJTQSj4vzqtkQaJTpSspRZoKa66HZt3IwSYiDiYZqtM83ynuj9kjnZzGfnuT aNIi996q6Mptr33mOzIE1wmMqnJYwTr3EcNtf483q/qrJwh5ES8Q9xY7aat/ZcSl 8fKubW4TlfVr8YhGBBARAgAGBQJSKZUGAAoJEPo5vdH/HhVmYTgAn24eoqO/O98o vNpt08Uab/+/tmYKAJ9kjXm9Njz5h33efzeelZUa484rr7kCDQRSKZRMARAAvBPp n7FQq7LQ5glohtbL6XIEo1U4X67S0TzUYieENSWSVYuWYIhCBldmWdmH8Bpj/qHe qdon7v+SLtR4WngzMR9toupKcFfHnbP9kpazTSB2ySHxXWGX1gJOpPXdCcg9iveK BHEsDn00ThTcPsvtXpnnzET16pXIvOXO0bxTmVZ4INIF1SWgvYma/g8kBbgXLpkj 8tOywBqFiiYPEZlDeCxDHiMgUDh6olda9K/0TZFTdMPUgjKuubfAeaDNCOrVt4Rj mFOaRLikcZocmgJhm3z/j25x7/mnNu+0di1H/S67YGQJ+pqCFInzIXDx7aRW2+JC iqsY2X3xOPWZZzjyis5SNnfOcPH3gt2hYz1fy+thsBGf4NgCN01JRqIJ2/MOQCgU dwh+9l8xqaJvCkUHM4hVh4W62MAe1u7UEqQbvvNEqxM5034vcvlE+/LRkrDCspw+ 2YJ9QyroLerVRwW5DVleP8Ifi8VB3yD80nqXYs9aqRy0BkDNIQ43ERhESMt8dJqr NkxgC6pemZrhNwyDh+hy2kPNGQh/iBpdKuH1o3E24TIZoV2v3YHvzob7aAYHddE/ PofAXhJW7I9mAs+HdWDmnI8ckuPDFpFH+Y/BFGvEXgcnJAJ1wEvf+4LuiIi0MHjR 4EWFn9vvoFDAIqD10h3FSd3D59HGtdSsNn4XaCsAEQEAAYkCHwQYAQIACQUCUimU TAIbDAAKCRDA3mo1ijncZhBtEACL036ddjc5pFoYIdoUY1vT8SMXJNquewCnL1qu DADzqDZFU5GNlQEy10krSfBwlTb9ahTtE0JFrOdZwUZtoa1Pgfr8nU6KOgrXPHbN jS/9dyc5CwGVVIpOavIm2CsMVDJ9LCF/NT+u/t1k6eGfHhPVl3dUQyDa/lzc1chK UIVQYQkFmr0A/iXP+29lFCaI+IeyU0bSdZhezDwUROn5vEx+fiPZyHDShCb+BxJv /o2LQp9JHenCiSbO+ioRZdxgbWfoKBuXOfmSStqMWXas/gZ5vS3xq72LNtKPRxgp jX3P8Zml1XDqpcBau7eK75VKE0Yd06YxnUIsbcEzInUc3uzW/u0DFpXYkMJb0XIv JyUt5yYPKfV13N8kSkPi5pLxm8yuftXMzfgeFMR7nafY3glTVj/TxElzg6xeZNqf C2ZjIbBtZg9ylHU8u8wwB+dX282crs0R3N9A064C71/cXlBqcjzjlKH2NUIWGxr+ od3TXFIFjszSU3NgMPKrWNhFLLwS81MpbkOe73s6aDhS8RDyNucoxtKXriLR+4Xi u4+pyj5ukYP1JqpB3ZobY/XZgCnJMye+7xeTpIDJ1LPORxM3NNAElyb26lxAK2P+ km+EpI0Zzz6rNSCfg5jYQ474+e/GBgaSG4MlaPoZ+XAfN46u1Xjjv1/AkkA4IA6m 5zP5og=3D=3D =3D3NUt -----END PGP PUBLIC KEY BLOCK----- --------------040901060107070808000403-- --02PINPucxcC9VxqaDeTnCwN8WcxJXtl88 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCgAGBQJTE01pAAoJEMDeajWKOdxmS0MQALfyqYlEAC5aWHVSfPCMyTzP ha61PKfNdOCFMKL/SbAUa6hpJipoLvu30FbGoYjDXKmYA5GqVdqH161GLNgCfdlZ +dxrQTAjchMXaiqqC25cPxElKjOh7j/DiMjUa7lRGXlZCR171q1eQd1H8FmVBCzl YHdZYndiXY4/2mCeznAtdzv/uwtuDayOL14OR3DAi/bQC/SSWz+NE6EGcJsuy7Wr CDXww+02xka9+N23eOYLqQKcnt9tEVqSlaBkwhNDaEIDm1CbRiJSZfrjDENzEd1K usSI8LEM+XQLlaHp5xgyRJKfNZ28MzXiUy166RE7iymL9bqW2aUmBFvmXEqxe4VQ 5YcffQBoqFQlC7nnzF22PwH0jwSraij+k1cG4ig+be6CUjfAnPl0sEtI1Hb68SLK aPo8MEC6i7iP4j5vjwC+/iglb+CYadZQqZrrjhTxPFQiRaJfqJvLd+ka0XaxWgpt B0Fs4nCOnFJOrVEhSb4bwRvbcYpbjqNX1PIpYYZOppI6kGvOSDSjmV62h3eo0rze 8+qiafZEb+tTcieyd0j6/XnzXuHhTsXe2ZBCczSfnD/0KOYlgofJ8F928RuVyeCb Iitjq/YzsnIJ+eJnb9G/P8woxlVI7rXFAa9Z+/rh7OZXsHQgXYY93UXx90iaIwAm tN8+o0+afsuxSQWLfKJd =c1ZE -----END PGP SIGNATURE----- --02PINPucxcC9VxqaDeTnCwN8WcxJXtl88-- From nobody Sun Mar 2 23:46:58 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D76531A078B for ; Sun, 2 Mar 2014 23:46:56 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.747 X-Spam-Level: X-Spam-Status: No, score=-4.747 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TyYs1GVdqU_p for ; Sun, 2 Mar 2014 23:46:53 -0800 (PST) Received: from xenon23.um.es (xenon23.um.es [155.54.212.163]) by ietfa.amsl.com (Postfix) with ESMTP id 9D7801A0349 for ; Sun, 2 Mar 2014 23:46:52 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by xenon23.um.es (Postfix) with ESMTP id C72B0F046; Mon, 3 Mar 2014 08:46:48 +0100 (CET) X-Virus-Scanned: by antispam in UMU at xenon23.um.es Received: from xenon23.um.es ([127.0.0.1]) by localhost (xenon23.um.es [127.0.0.1]) (amavisd-new, port 10024) with LMTP id xoERZ9n8wVOs; Mon, 3 Mar 2014 08:46:48 +0100 (CET) Received: from [155.54.205.49] (inf-205-49.inf.um.es [155.54.205.49]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: alex) by xenon23.um.es (Postfix) with ESMTPSA id 56299EFF6; Mon, 3 Mar 2014 08:46:47 +0100 (CET) Message-ID: <53143367.6090001@um.es> Date: Mon, 03 Mar 2014 08:46:47 +0100 From: Alejandro Perez Mendez User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Stefan Winter , "radext@ietf.org" References: <53107CBB.3020407@um.es> <53134D64.7080304@restena.lu> In-Reply-To: <53134D64.7080304@restena.lu> Content-Type: multipart/alternative; boundary="------------080408040002020103010502" Archived-At: http://mailarchive.ietf.org/arch/msg/radext/2kf_ehjHQZtfoyuJ7ohpU28GPeY Subject: Re: [radext] Issue with draft-ietf-radext-radius-fragmentation, pre-authorization phase and authentication attributes. X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Mar 2014 07:46:57 -0000 This is a multi-part message in MIME format. --------------080408040002020103010502 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Hi Stefan, El 02/03/14 16:25, Stefan Winter escribió: > Hi, > >> However, in draft-ietf-radext-radius-fragmentation, the first chunk >> of the pre-authorization phase may not contain any of these >> attributes, as it would depend on the type of the attributes being >> transported, as well as the specific distribution of these attributes >> along the different chunks. This issue would be circumscribed to this >> first chunk, as the rest will contain a State attribute, accepted by >> RFC 2865. >> >> draft-ietf-radext-radius-fragmentation already states that compliant >> servers will postpone all authorization and authentication handling >> until all of the chunks have been received. We have added (for >> version 04, that will be uploaded next Monday when the submission >> process reopen) some lines clarifying that this postponement also >> includes disabling the verification of the inclusion of >> authentication attributes until the original large packet has been >> rebuilt. Hence, any server implementing >> draft-ietf-radext-radius-fragmentation would not fail if the first >> chunk does not contain any authentication attribute. >> >> We expect that proxies will not drop these packets either, as >> otherwise they will be precluding any future extension foreseen by >> RFC 2865. > > Which they are allowed to do. It's very arguable whether a proxy > should police this particular RFC constraint at all; but if it does, > the fragmentation process will be permanently DoSed. That's right. But they could also drop other parts of fragmented packets. They could even drop parts of "regular" packets with no fragmentation at all. But we expect from proxies that they do proxy, and they do not anticipate any end-to-end verification in conversations they are not involved at all. > >> In our opinion, these lines are sufficient to overcome RFC2865's >> restriction. However, if the WG members think they are not, then we >> might need to include some kind of phony authentication attribute on >> this first chunk, just to make it compliant with what it would be >> generally expected. For example, an empty EAP-Message attribute >> (called EAP-Start in RFC 3579), or a phony CHAP-Password. > > I would be against phony authentication attributes - especially since > the frag draft is very explicitly stating that it does not do any > authentication at all. Omitting authentication attributes makes it > easy to spot that this is an authorization exchange; adding a > "CHAP-Password" makes it unnecessarily hard. I agree. > > I don't understand yet what the issue is that prevents adding a phony > *State* though. Couldn't you just state that a first-fragment gets two > new attributes? One being Frag-Status; the other one being a State > attribute which could be a fixed 0x0 (or allow arbitrary values and > simply discard server-side). When I said phony authentication attributes, I was referring to any attribute RADIUS considers enough to make Access-Request packet valid. That includes State attribute as well, as described in RFC 2865. I agree than CHAP-Password would be harder then a State attribute, or an EAP-Start attribute. > > State shouldn't be in the original Access-Request before splitting > (because State is used in echoing a *server's* State attribute back, > and has no reason for existence in the first Access-Request); so if > you add one together with Frag-Status, it would be the only one; so > there should be no ambiguity... I think it would be a valid solution, but I'd still prefer not having to send any phony attribute at all. Regards, Alejandro > > Greetings, > > Stefan Winter > > > _______________________________________________ > radext mailing list > radext@ietf.org > https://www.ietf.org/mailman/listinfo/radext --------------080408040002020103010502 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit Hi Stefan,

El 02/03/14 16:25, Stefan Winter escribió:
Hi,

However, in draft-ietf-radext-radius-fragmentation, the first chunk of the pre-authorization phase may not contain any of these attributes, as it would depend on the type of the attributes being transported, as well as the specific distribution of these attributes along the different chunks. This issue would be circumscribed to this first chunk, as the rest will contain a State attribute, accepted by RFC 2865.

draft-ietf-radext-radius-fragmentation already states that compliant servers will postpone all authorization and authentication handling until all of the chunks have been received. We have added (for version 04, that will be uploaded next Monday when the submission process reopen) some lines clarifying that this postponement also includes disabling the verification of the inclusion of authentication attributes until the original large packet has been rebuilt. Hence, any server implementing draft-ietf-radext-radius-fragmentation would not fail if the first chunk does not contain any authentication attribute.

We expect that proxies will not drop these packets either, as otherwise they will be precluding any future extension foreseen by RFC 2865.

Which they are allowed to do. It's very arguable whether a proxy should police this particular RFC constraint at all; but if it does, the fragmentation process will be permanently DoSed.

That's right. But they could also drop other parts of fragmented packets. They could even drop parts of "regular" packets with no fragmentation at all. But we expect from proxies that they do proxy, and they do not anticipate any end-to-end verification in conversations they are not involved at all.


In our opinion, these lines are sufficient to overcome RFC2865's restriction. However, if the WG members think they are not, then we might need to include some kind of phony authentication attribute on this first chunk, just to make it compliant with what it would be generally expected. For example, an empty EAP-Message attribute (called EAP-Start in RFC 3579), or a phony CHAP-Password.

I would be against phony authentication attributes - especially since the frag draft is very explicitly stating that it does not do any authentication at all. Omitting authentication attributes makes it easy to spot that this is an authorization exchange; adding a "CHAP-Password" makes it unnecessarily hard.

I agree.


I don't understand yet what the issue is that prevents adding a phony *State* though. Couldn't you just state that a first-fragment gets two new attributes? One being Frag-Status; the other one being a State attribute which could be a fixed 0x0 (or allow arbitrary values and simply discard server-side).

When I said phony authentication attributes, I was referring to any attribute RADIUS considers enough to make Access-Request packet valid. That includes State attribute as well, as described in RFC 2865. I agree than CHAP-Password would be harder then a State attribute, or an EAP-Start attribute.


State shouldn't be in the original Access-Request before splitting (because State is used in echoing a *server's* State attribute back, and has no reason for existence in the first Access-Request); so if you add one together with Frag-Status, it would be the only one; so there should be no ambiguity...

I think it would be a valid solution, but I'd still prefer not having to send any phony attribute at all.

Regards,
Alejandro


Greetings,

Stefan Winter


_______________________________________________
radext mailing list
radext@ietf.org
https://www.ietf.org/mailman/listinfo/radext

--------------080408040002020103010502-- From nobody Mon Mar 3 01:21:46 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 004461A03FC; Mon, 3 Mar 2014 01:21:37 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fMBbzEPp-W8M; Mon, 3 Mar 2014 01:21:35 -0800 (PST) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A05621A0BF3; Mon, 3 Mar 2014 01:21:32 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 5.0.2 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <20140303092132.24061.52519.idtracker@ietfa.amsl.com> Date: Mon, 03 Mar 2014 01:21:32 -0800 Archived-At: http://mailarchive.ietf.org/arch/msg/radext/UVfompNVh2pwR4i6daaw8AOda3k Cc: radext@ietf.org Subject: [radext] I-D Action: draft-ietf-radext-radius-fragmentation-04.txt X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Mar 2014 09:21:37 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the RADIUS EXTensions Working Group of the IETF. Title : Support of fragmentation of RADIUS packets Authors : Alejandro Perez-Mendez Rafa Marin-Lopez Fernando Pereniguez-Garcia Gabriel Lopez-Millan Diego R. Lopez Alan DeKok Filename : draft-ietf-radext-radius-fragmentation-04.txt Pages : 28 Date : 2014-03-03 Abstract: The Remote Authentication Dial-In User Service (RADIUS) protocol is limited to a total packet size of 4096 octets. Provisions exist for fragmenting large amounts of authentication data across multiple packets, via Access-Challenge. No similar provisions exist for fragmenting large amounts of authorization data. This document specifies how existing RADIUS mechanisms can be leveraged to provide that functionality. These mechanisms are largely compatible with existing implementations, and are designed to be invisible to proxies, and "fail-safe" to legacy clients and servers. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-radext-radius-fragmentation/ There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-radext-radius-fragmentation-04 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=draft-ietf-radext-radius-fragmentation-04 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Mon Mar 3 01:42:01 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E8C41A0D99 for ; Mon, 3 Mar 2014 01:41:58 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.447 X-Spam-Level: X-Spam-Status: No, score=-2.447 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.547] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HYmXaIp3zAHJ for ; Mon, 3 Mar 2014 01:41:54 -0800 (PST) Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) by ietfa.amsl.com (Postfix) with ESMTP id E1D331A0DA0 for ; Mon, 3 Mar 2014 01:41:53 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail.painless-security.com (Postfix) with ESMTP id 543DC206A3; Mon, 3 Mar 2014 04:37:28 -0500 (EST) Received: from mail.painless-security.com ([127.0.0.1]) by localhost (mail.suchdamage.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YTWlXE0UU_Jh; Mon, 3 Mar 2014 04:37:28 -0500 (EST) Received: from carter-zimmerman.suchdamage.org (dhcp-9ca7.meeting.ietf.org [31.133.156.167]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS; Mon, 3 Mar 2014 04:37:28 -0500 (EST) Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id AA72483E07; Mon, 3 Mar 2014 04:41:49 -0500 (EST) From: Sam Hartman To: Alejandro Perez Mendez References: <53107CBB.3020407@um.es> <53134D64.7080304@restena.lu> <53143367.6090001@um.es> Date: Mon, 03 Mar 2014 04:41:49 -0500 In-Reply-To: <53143367.6090001@um.es> (Alejandro Perez Mendez's message of "Mon, 03 Mar 2014 08:46:47 +0100") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Archived-At: http://mailarchive.ietf.org/arch/msg/radext/NAw4L2uJ9K-VQ5nreTpeh1TOUJA Cc: Stefan Winter , "radext@ietf.org" Subject: Re: [radext] Issue with draft-ietf-radext-radius-fragmentation, pre-authorization phase and authentication attributes. X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Mar 2014 09:41:58 -0000 I don't support adding phony state attributes in the first packet of fragmentation. Presence or absence of state should be an indicator to everyone involved (proxies, end servers) that this is an ongoing conversation. --Sam From nobody Mon Mar 3 01:51:01 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 900C61A0974 for ; Mon, 3 Mar 2014 01:51:00 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yHmIV7WRGgkc for ; Mon, 3 Mar 2014 01:50:57 -0800 (PST) Received: from power.freeradius.org (power.freeradius.org [88.190.25.44]) by ietfa.amsl.com (Postfix) with ESMTP id C4BB71A0C0A for ; Mon, 3 Mar 2014 01:50:56 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by power.freeradius.org (Postfix) with ESMTP id 4551B2240223; Mon, 3 Mar 2014 10:50:23 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at power.freeradius.org Received: from power.freeradius.org ([127.0.0.1]) by localhost (power.freeradius.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zaDEZqBzNdRZ; Mon, 3 Mar 2014 10:50:23 +0100 (CET) Received: from dhcp-hotel-wifi-156-fc.meeting.ietf.org (unknown [130.129.156.252]) by power.freeradius.org (Postfix) with ESMTPSA id EF8AB22400C6; Mon, 3 Mar 2014 10:50:22 +0100 (CET) Message-ID: <5314505E.3010200@deployingradius.com> Date: Mon, 03 Mar 2014 09:50:22 +0000 From: Alan DeKok User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228) MIME-Version: 1.0 To: Sam Hartman References: <53107CBB.3020407@um.es> <53134D64.7080304@restena.lu> <53143367.6090001@um.es> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/radext/yoUkbqCHyU7xe85DPaq0BBcMSEk Cc: Stefan Winter , Alejandro Perez Mendez , "radext@ietf.org" Subject: Re: [radext] Issue with draft-ietf-radext-radius-fragmentation, pre-authorization phase and authentication attributes. X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Mar 2014 09:51:00 -0000 An alternative would be to send an EAP-Message containing a NAK containing no data. i.e. 0x02000403 It's EAP-Message, which satisfies the existing requirements. An intermediate proxy shouldn't really be snooping on the EAP conversation, so it shouldn't care about the contents of EAP-Message. Anyone else looking at the contents should be clear that it's not a working EAP session. Alan DeKok. From nobody Mon Mar 3 02:01:43 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05E1C1A0DDE for ; Mon, 3 Mar 2014 02:01:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.148 X-Spam-Level: X-Spam-Status: No, score=-3.148 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RaOMOo02_Xy8 for ; Mon, 3 Mar 2014 02:01:38 -0800 (PST) Received: from xenon21.um.es (xenon21.um.es [155.54.212.161]) by ietfa.amsl.com (Postfix) with ESMTP id 70AEC1A0DD2 for ; Mon, 3 Mar 2014 02:01:38 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by xenon21.um.es (Postfix) with ESMTP id A77743F8C8; Mon, 3 Mar 2014 11:01:34 +0100 (CET) X-Virus-Scanned: by antispam in UMU at xenon21.um.es Received: from xenon21.um.es ([127.0.0.1]) by localhost (xenon21.um.es [127.0.0.1]) (amavisd-new, port 10024) with LMTP id AdoMXlqwQEHn; Mon, 3 Mar 2014 11:01:34 +0100 (CET) Received: from [155.54.205.49] (inf-205-49.inf.um.es [155.54.205.49]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: alex) by xenon21.um.es (Postfix) with ESMTPSA id 2DE653F8C7; Mon, 3 Mar 2014 11:01:32 +0100 (CET) Message-ID: <531452FC.6090704@um.es> Date: Mon, 03 Mar 2014 11:01:32 +0100 From: Alejandro Perez Mendez User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Alan DeKok , Sam Hartman References: <53107CBB.3020407@um.es> <53134D64.7080304@restena.lu> <53143367.6090001@um.es> <5314505E.3010200@deployingradius.com> In-Reply-To: <5314505E.3010200@deployingradius.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Archived-At: http://mailarchive.ietf.org/arch/msg/radext/K_bF3SVbR7vrkt3WmWU3i7p5Phc Cc: Stefan Winter , "radext@ietf.org" Subject: Re: [radext] Issue with draft-ietf-radext-radius-fragmentation, pre-authorization phase and authentication attributes. X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Mar 2014 10:01:42 -0000 El 03/03/14 10:50, Alan DeKok escribió: > An alternative would be to send an EAP-Message containing a NAK > containing no data. > > i.e. 0x02000403 > > It's EAP-Message, which satisfies the existing requirements. An > intermediate proxy shouldn't really be snooping on the EAP conversation, > so it shouldn't care about the contents of EAP-Message. > > Anyone else looking at the contents should be clear that it's not a > working EAP session. What would be wrong with using EAP-Start message (i.e. empty EAP-Message attribute). > Alan DeKok. From nobody Mon Mar 3 02:06:37 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBBCD1A0DE8 for ; Mon, 3 Mar 2014 02:06:35 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.447 X-Spam-Level: X-Spam-Status: No, score=-2.447 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.547] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZcBaQ94clfNt for ; Mon, 3 Mar 2014 02:06:34 -0800 (PST) Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) by ietfa.amsl.com (Postfix) with ESMTP id A8DB51A0D69 for ; Mon, 3 Mar 2014 02:06:34 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail.painless-security.com (Postfix) with ESMTP id 156C6206A4; Mon, 3 Mar 2014 05:02:09 -0500 (EST) Received: from mail.painless-security.com ([127.0.0.1]) by localhost (mail.suchdamage.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2GW8mmsgE8lw; Mon, 3 Mar 2014 05:02:08 -0500 (EST) Received: from carter-zimmerman.suchdamage.org (dhcp-9ca7.meeting.ietf.org [31.133.156.167]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS; Mon, 3 Mar 2014 05:02:08 -0500 (EST) Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id E522F83E07; Mon, 3 Mar 2014 05:06:29 -0500 (EST) From: Sam Hartman To: Alejandro Perez Mendez References: <53107CBB.3020407@um.es> <53134D64.7080304@restena.lu> <53143367.6090001@um.es> <5314505E.3010200@deployingradius.com> <531452FC.6090704@um.es> Date: Mon, 03 Mar 2014 05:06:29 -0500 In-Reply-To: <531452FC.6090704@um.es> (Alejandro Perez Mendez's message of "Mon, 03 Mar 2014 11:01:32 +0100") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Archived-At: http://mailarchive.ietf.org/arch/msg/radext/tFgheL9UShyCaxhxCKMQ2EnR3Ok Cc: Stefan Winter , "radext@ietf.org" , Alan DeKok Subject: Re: [radext] Issue with draft-ietf-radext-radius-fragmentation, pre-authorization phase and authentication attributes. X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Mar 2014 10:06:36 -0000 Is anyone proposing we solve this problem? That is, is anyone unhappy with 04? From nobody Mon Mar 3 10:13:36 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5A5F1A02BB for ; Mon, 3 Mar 2014 10:13:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CbBK4x_yPD01 for ; Mon, 3 Mar 2014 10:13:25 -0800 (PST) Received: from power.freeradius.org (power.freeradius.org [88.190.25.44]) by ietfa.amsl.com (Postfix) with ESMTP id 6FEF11A02C3 for ; Mon, 3 Mar 2014 10:12:20 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by power.freeradius.org (Postfix) with ESMTP id 0F2302240250; Mon, 3 Mar 2014 19:12:17 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at power.freeradius.org Received: from power.freeradius.org ([127.0.0.1]) by localhost (power.freeradius.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lSezYT9eexPG; Mon, 3 Mar 2014 19:12:15 +0100 (CET) Received: from dhcp-bc84.meeting.ietf.org (dhcp-bc84.meeting.ietf.org [31.133.188.132]) by power.freeradius.org (Postfix) with ESMTPSA id 4358C2240223; Mon, 3 Mar 2014 19:12:15 +0100 (CET) Message-ID: <5314C5FE.3070403@deployingradius.com> Date: Mon, 03 Mar 2014 18:12:14 +0000 From: Alan DeKok User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228) MIME-Version: 1.0 To: Alejandro Perez Mendez References: <53107CBB.3020407@um.es> <53134D64.7080304@restena.lu> <53143367.6090001@um.es> <5314505E.3010200@deployingradius.com> <531452FC.6090704@um.es> In-Reply-To: <531452FC.6090704@um.es> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/radext/5xahRZ0IZlNJprZq9KJFq4_CP7M Cc: Sam Hartman , "radext@ietf.org" , Stefan Winter Subject: Re: [radext] Issue with draft-ietf-radext-radius-fragmentation, pre-authorization phase and authentication attributes. X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Mar 2014 18:13:29 -0000 Alejandro Perez Mendez wrote: > What would be wrong with using EAP-Start message (i.e. empty EAP-Message > attribute). Nothing, really. Just people who look at it but shouldn't be looking at it.. .might get confused. Alan DeKok. From nobody Tue Mar 4 00:40:30 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20F981A0412 for ; Tue, 4 Mar 2014 00:40:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.445 X-Spam-Level: X-Spam-Status: No, score=-2.445 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.547] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZBfctEnTJG6A for ; Tue, 4 Mar 2014 00:40:19 -0800 (PST) Received: from g6t1525.atlanta.hp.com (g6t1525.atlanta.hp.com [15.193.200.68]) by ietfa.amsl.com (Postfix) with ESMTP id BB2D41A0416 for ; Tue, 4 Mar 2014 00:40:19 -0800 (PST) Received: from G6W4001.americas.hpqcorp.net (g6w4001.atlanta.hp.com [16.205.80.210]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by g6t1525.atlanta.hp.com (Postfix) with ESMTPS id 80CEE186 for ; Tue, 4 Mar 2014 08:40:16 +0000 (UTC) Received: from G6W3996.americas.hpqcorp.net (16.205.80.211) by G6W4001.americas.hpqcorp.net (16.205.80.210) with Microsoft SMTP Server (TLS) id 14.3.123.3; Tue, 4 Mar 2014 08:39:42 +0000 Received: from G6W2505.americas.hpqcorp.net ([169.254.12.119]) by G6W3996.americas.hpqcorp.net ([16.205.80.211]) with mapi id 14.03.0123.003; Tue, 4 Mar 2014 08:39:42 +0000 From: "Sanchez, Mauricio" To: "radext@ietf.org" Thread-Topic: IETF 89 - Last call for presentation materials Thread-Index: AQHPN4VInAn10Xz+SES6G5eJ7Bnokw== Date: Tue, 4 Mar 2014 08:39:40 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.3.9.131030 x-originating-ip: [15.193.49.24] Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha256; boundary="B_3476767179_23634539" MIME-Version: 1.0 Archived-At: http://mailarchive.ietf.org/arch/msg/radext/yg02Epe1za44feUTnneZnVOFiYE Subject: [radext] IETF 89 - Last call for presentation materials X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Mar 2014 08:40:28 -0000 --B_3476767179_23634539 Content-type: multipart/alternative; boundary="B_3476767178_23658988" --B_3476767178_23658988 Content-type: text/plain; charset="ISO-8859-1" Content-transfer-encoding: quoted-printable The RADEXT WG is schedule to meet today from 1420-1550. For those that have already sent in their slides, thank you. If you haven=B9t, please submit ASAP. We have a tight agenda for today and getting slides in place will help us move along efficiently. Thanks, Jouni & Mauricio=20 =8B=8B=8B=8B=8B=8B=8B=8B=8B=8B=8B=8B RADEXT WG IETF 89 Agenda Chairs: Jouni Korhonen Mauricio Sanchez Jabber room: radext at jabber.ietf.org (Please join) TUESDAY, March 4, 2014 1420-1550 Afternoon Session II (90 mins) Richmond/Chelsea/Tower 14:20 - 14:30, Preliminaries (5 minutes) ------------------------------------------ Audio/Video & Remote Presentation Debugging Note Well Note Takers Jabber scribe Agenda bash Document Status Note Well ------------------------------------------- Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made within the context of an IETF activity is considered an "IETF Contribution". Such statements include oral statements in IETF sessions, as well as written and electronic communications made at any time or place, which are addressed to= : o The IETF plenary session o The IESG, or any member thereof on behalf of the IESG o Any IETF mailing list, including the IETF list itself, any working group or design team list, or any other list functioning under IETF auspices o Any IETF working group or portion thereof o Any Birds of a Feather (BOF) session o The IAB or any member thereof on behalf of the IAB o The RFC Editor or the Internet-Drafts function All IETF Contributions are subject to the rules of RFC 5378 and RFC 3979 (updated by RFC 4879). Statements made outside of an IETF session, mailing list or other function, that are clearly not intended to be input to an IETF activity, group or function, are not IETF Contributions in the context of this notice. Please consult RFC 5378 and RFC 3979 for details. A participant in any IETF activity is deemed to accept all IETF rules of process, as documented in Best Current Practices RFCs and IESG Statements. A participant in any IETF activity acknowledges that written, audio and video records of meetings may be made and may be available to the public.=0B Document Status ------------------------------------------- * All RADEXT I-Ds are either past WGLC or in publication process. o draft-ietf-radext-ieee802ext -> IESG o draft-ietf-radext-dtls -> pending ACK -> proto write-up o draft-ietf-radext-nai -> proto write-up o draft-ietf-radext-dynamic-discovery -> pending ACK -> proto write-up o draft-ietf-radext-radius-fragmentation -> short WGLC -> proto write-up Working group draft discussion (20 minutes) ------------------------------------------- 14:25 - 14:35 RADIUS dynamic discovery, Stefan Winter (10 minutes) http://tools.ietf.org/html/draft-ietf-radext-dynamic-discovery 14:35 - 14:45 Support of fragmentation of RADIUS packets, Diego Lopez (10 minutes) http://tools.ietf.org/html/draft-perez-radext-radius-fragmentation Chartered individual draft discussion (15 minutes) -------------------------------------------------- 14:45 - 15:00 Larger Packets for Remote RADIUS over TCP, Sam Hartman (15 minutes) http://tools.ietf.org/html/draft-hartman-radext-bigger-packets Individual draft discussion (40 minutes) ---------------------------------------- 15:00 - 15:15 RADIUS Extensions for Port Set Configuration and Reporting, Jaqueline (15 minutes) http://datatracker.ietf.org/doc/draft-cheng-behave-cgn-cfg-radius-ext/ 15:15 - 15:25 CoA Proxying, Alan (10 minutes) Presentation 15:25 - 15:40 RADIUS Extensions for Key Management in WLAN network, Li (15 minutes) https://datatracker.ietf.org/doc/draft-xue-radext-key-management/ Wrap-up (10 minutes) -------------------- 15:40 - 15:50 Next Steps: WG Chairs & ADs (10 minutes) WG Goals/Milestones status, next steps --B_3476767178_23658988 Content-type: text/html; charset="ISO-8859-1" Content-transfer-encoding: quoted-printable
The RADEXT WG is schedul= e to meet today from 1420-1550.

For those that have= already sent in their slides, thank you.  If you haven’t, please= submit ASAP.   We have a tight agenda for today and getting slides in = place will help us move along efficiently. 

Th= anks,
Jouni & Mauricio 

&#= 8212;——————————&= #8212;
=
RADEXT WG IETF 89 Agenda  

Chairs:
Jouni Korhonen <jouni.korhonen at broadcom.com>
Mauricio Sanchez <mauricio.sanchez at hp.com>

Jabber room: radext at jabber.ietf.org (Please join)
TUESDAY, March 4, 2014
1420-1550  Afternoon Session II (90 mins)
Richmond/Chelsea/Tower

14:20 - 14:30, Preliminaries (5 minutes)
------------------------------------------
Audio/Video & Remote Presentation Debugging
Note Well
Note Takers
Jabber scribe
Agenda bash
Document Status

Note Well
-------------------------------------------

Any submission to the IETF intended by the Contributor for publication as a=
ll
or part of an IETF Internet-Draft or RFC and any statement made within the
context of an IETF activity is considered an "IETF Contribution". Such
statements include oral statements in IETF sessions, as well as written and=

electronic communications made at any time or place, which are addressed to=
:

 o The IETF plenary session
 o The IESG, or any member thereof on behalf of the IESG
 o Any IETF mailing list, including the IETF list itself, any working group=

   or design team list, or any other list functioning under IETF auspices
 o Any IETF working group or portion thereof
 o Any Birds of a Feather (BOF) session
 o The IAB or any member thereof on behalf of the IAB
 o The RFC Editor or the Internet-Drafts function

All IETF Contributions are subject to the rules of RFC 5378 and RFC 3979
(updated by RFC 4879).

Statements made outside of an IETF session, mailing list or other function,=

that are clearly not intended to be input to an IETF activity, group or
function, are not IETF Contributions in the context of this notice.  Please=

consult RFC 5378 and RFC 3979 for details.

A participant in any IETF activity is deemed to accept all IETF rules of
process, as documented in Best Current Practices RFCs and IESG Statements.

A participant in any IETF activity acknowledges that written, audio and
video records of meetings may be made and may be available to the public.=0B


Document Status
-------------------------------------------
 * All RADEXT I-Ds are either past WGLC or in publication process.

 o draft-ietf-radext-ieee802ext -> IESG
 o draft-ietf-radext-dtls       -> pending ACK -> proto write-up
 o draft-ietf-radext-nai        -> proto write-up
 o draft-ietf-radext-dynamic-discovery -> pending ACK -> proto write-=
up
 o draft-ietf-radext-radius-fragmentation -> short WGLC -> proto writ=
e-up

Working group draft discussion (20 minutes)
-------------------------------------------

14:25 - 14:35 RADIUS dynamic discovery, Stefan Winter (10 minutes)
http://tools.ietf.org/html/draft-ietf-radext-dynamic-discovery

14:35 - 14:45 Support of fragmentation of RADIUS packets, Diego Lopez (10 m=
inutes)
http://tools.ietf.org/html/draft-perez-radext-radius-fragmentation

Chartered individual draft discussion (15 minutes)
--------------------------------------------------

14:45 - 15:00 Larger Packets for Remote RADIUS over TCP, Sam  Hartman (15 m=
inutes)
http://tools.ietf.org/html/draft-hartman-radext-bigger-packets

Individual draft discussion (40 minutes)
----------------------------------------

15:00 - 15:15 RADIUS Extensions for Port Set Configuration and Reporting, J=
aqueline (15 minutes)
http://datatracker.ietf.org/doc/draft-cheng-behave-cgn-cfg-radius-ext/

15:15 - 15:25 CoA Proxying, Alan (10 minutes)
Presentation

15:25 - 15:40 RADIUS Extensions for Key Management in WLAN network, Li (15 =
minutes)
https://datatracker.ietf.org/doc/draft-xue-radext-key-management/


Wrap-up (10 minutes)
--------------------
15:40 - 15:50 Next Steps: WG Chairs & ADs (10 minutes) 
WG Goals/Milestones status, next steps

--B_3476767178_23658988-- --B_3476767179_23634539 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIIVXwYJKoZIhvcNAQcCoIIVUDCCFUwCAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0B BwGgghJ/MIIH+TCCBuGgAwIBAgIQW4k5wUL7YloEpOVNCxcNjjANBgkqhkiG9w0BAQUFADCB 9zELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF0hld2xldHQtUGFja2FyZCBDb21wYW55MR8wHQYD VQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwOTE1MDMGA1UECxMsQ2xhc3MgMiBN YW5hZ2VkIFBLSSBJbmRpdmlkdWFsIFN1YnNjcmliZXIgQ0ExMTAvBgNVBAMTKENvbGxhYm9y YXRpb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgRzIwHhcNMTIwOTI2MDAwMDAwWhcNMTQw OTI2MjM1OTU5WjCBnjEgMB4GA1UEChQXSGV3bGV0dC1QYWNrYXJkIENvbXBhbnkxJjAkBgNV BAsUHUVtcGxveW1lbnQgU3RhdHVzIC0gRW1wbG95ZWVzMQ8wDQYDVQQLEwZTL01JTUUxGTAX BgNVBAMTEE1hdXJpY2lvIFNhbmNoZXoxJjAkBgkqhkiG9w0BCQEWF21hdXJpY2lvLnNhbmNo ZXpAaHAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAloXM4DJlquSNxT+X mgHkZBI15A2U8R9K0nRaXPMi7fxOzKJBFyLo3FIYQqhrbSaFFliRgRqx9AFqICnM063baYtG DT7ySQ2u9Ewm54kNxAJBR/+EJVoR+/MEq5u/N9FDd3wB5PnFUdfnJ56jsZNhAhUcILwoWxcv fp3hCI7r92O/y2Qmz0PrVf5d+0y0OiJqH7/Pf/uy8D0IivgEUnyKC+VO9MwUwXWzxA1rF1+z +czuQnuWO8nKUHl3EySJL97mM9fm8MCYQrTIBKKf0XpIpzQ+5QQorSHdJKoWVcMMWLtaJY9J A5DWMjKJA0cjD6cSEV8iwN+V58lnKXFGcRyETwIDAQABo4ID1jCCA9IwOwYDVR0RBDQwMoEX bWF1cmljaW8uc2FuY2hlekBocC5jb22BF21hdXJpY2lvX3NhbmNoZXpAaHAuY29tMAwGA1Ud EwEB/wQCMAAwDgYDVR0PAQH/BAQDAgWgMFkGA1UdHwRSMFAwTqBMoEqGSGh0dHA6Ly9vbnNp dGVjcmwudmVyaXNpZ24uY29tL0hld2xldHRQYWNrYXJkQ29tcGFueVNNSU1FRzIvTGF0ZXN0 Q1JMLmNybDAfBgNVHSMEGDAWgBQifdOkq1esVn+pf0FEGpW8W/ir7jAdBgNVHQ4EFgQUYP/x peEEwA0JEKvMwMyDDurpqCowggEyBggrBgEFBQcBAQSCASQwggEgMCcGCCsGAQUFBzABhhto dHRwOi8vaHAtb2NzcC52ZXJpc2lnbi5jb20wgfQGCCsGAQUFBzACpIHnMIHkMTEwLwYDVQQD EyhDb2xsYWJvcmF0aW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEcyMTAwLgYDVQQLEydD bGFzcyAyIE9uU2l0ZSBJbmRpdmlkdWFsIFN1YnNjcmliZXIgQ0ExOjA4BgNVBAsTMVRlcm1z IG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhKGMpMDkxHzAdBgNVBAsT FlZlcmlTaWduIFRydXN0IE5ldHdvcmsxIDAeBgNVBAoTF0hld2xldHQtUGFja2FyZCBDb21w YW55MIIBPQYDVR0gBIIBNDCCATAwggEsBgtghkgBhvhFAQcXAjCCARswKAYIKwYBBQUHAgEW HGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwge4GCCsGAQUFBwICMIHhMB4WF0hld2xl dHQtUGFja2FyZCBDb21wYW55MAMCAQIagb5BdXRob3JpdHkgdG8gYmluZCBIUCBkb2VzIG5v dCBjb3JyZXNwb25kIHdpdGggdXNlIG9yIHBvc3Nlc3Npb24gb2YgdGhpcyBjZXJ0aWZpY2F0 ZS4gSXNzdWVkIHRvIGZhY2lsaXRhdGUgY29tbXVuaWNhdGlvbiB3aXRoIEhQLiBWZXJpU2ln bidzIENQUyBpbmNvcnAuIEJ5IHJlZmVyZW5jZSBsaWFiLiBsdGQuIChjKTk3IFZlcmlTaWdu MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMEMEsGCSqGSIb3DQEJDwQ+MDwwDgYIKoZIhvcNAwIC AgCAMA4GCCqGSIb3DQMCAgIAQDAOBggqhkiG9w0DBAICAIAwCgYIKoZIhvcNAwcwDQYJKoZI hvcNAQEFBQADggEBAHWuCgf6c4Dj8NT1yYJpcuw18irgCh6aSdvVPwUroQwgZYcsCG9OqsVf /2H6zrefDswtfKHDK6jhy2MmL+Ohhdkzl+i9vXJw1ZtnoiRQdhjQs2sAqwI8N/aQ56hogrU9 754lDYZzesp6OabKBj9+t+XVX/lBovsme59hUlwmgOuG4AVfLf0N2CftTwdD5kDCx2aAnlG0 FdYOC/Cdf/tk4c89GogQPwQpNNjw+M6cJX9OWhUGVQ2jI/PuJvlPlP+oyXzAtS3sEejaxBPI h5nQCwseT7DQm2rbCSa1dc0h8ScezllGSZHca/ySZbJcf8vSRbk3tBsPKHbqNZqzEqfERVQw ggZhMIIFSaADAgECAhA7VxO2sCE1+15GdcpsssThMA0GCSqGSIb3DQEBBQUAMIHKMQswCQYD VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy dXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1 dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDIgUHVibGljIFBy aW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzAeFw0wOTA5MDIwMDAwMDBaFw0x OTA5MDEyMzU5NTlaMIH3MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXSGV3bGV0dC1QYWNrYXJk IENvbXBhbnkxHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOzA5BgNVBAsTMlRl cm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhIChjKTA5MTUwMwYD VQQLEyxDbGFzcyAyIE1hbmFnZWQgUEtJIEluZGl2aWR1YWwgU3Vic2NyaWJlciBDQTExMC8G A1UEAxMoQ29sbGFib3JhdGlvbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBHMjCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKdha2jarqqFZAxLy1DLMOhzIY6J/sotb/5GowNu 4yK3coUTI+IPjwb3gUx67QO8Pe0cdVCjz+grzmgBOcVLaFvWo2GbTuZHYlBcs1h7G1IEoysv sjTuEKB3hM2kIvyVlDmHr/wFeWGCaBAyMrKLBBC0tfzOuIhNlLc6/i8YloXWqkkROI4oG5uA 8uGsi86gL+X+6CC6yTWekoai4hhgqT/u63pU8kYBV5hF/0ijf2t/ScGaCkjVHSJGMq+8JjSP fs8pYXgyYIbpPpGQwA9zV7+BBlTFHzoOVBHYQCdC8ONA+Kaimtno9R9FIqStRBHUU5veEc3x PM/Lwz/PnXIDqgsCAwEAAaOCAhIwggIOMBIGA1UdEwEB/wQIMAYBAf8CAQAwcAYDVR0gBGkw ZzBlBgtghkgBhvhFAQcXAjBWMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5j b20vY3BzMCoGCCsGAQUFBwICMB4aHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwNAYD VR0fBC0wKzApoCegJYYjaHR0cDovL2NybC52ZXJpc2lnbi5jb20vcGNhMi1nMy5jcmwwDgYD VR0PAQH/BAQDAgEGMC4GA1UdEQQnMCWkIzAhMR8wHQYDVQQDExZQcml2YXRlTGFiZWw0LTIw NDgtMTQyMB0GA1UdDgQWBBQifdOkq1esVn+pf0FEGpW8W/ir7jCB8AYDVR0jBIHoMIHloYHQ pIHNMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsT FlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNz IDIgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHM4IQYXDLSYxf mEUp57Cm2VBbejANBgkqhkiG9w0BAQUFAAOCAQEAdoqZeNFwhaMs169I9T6WV8Ogu0yXxIYR BUkixQrPwW9OtXymgDUb8uKPHDhicfM8vgAlSh6hEMmWO017rCZoo57pWaN4xkebP44wlsqo 1ig5VcfN7cnrspDklTA+tP3v8afJxuE2bChgVCeet6BxOr2rvNB1ItdT87KcWxV1COpJqzQu U8N8BhR7oPEUiCRtXpFrfmTrYewl1xm1bZk3cAp9CKjDYClVJEwZIgD67DezmWQK+VBk+ofE VAv9CNB/TFwrUpV7inKrSbf7FqkIIbwzvIR1If11NWxDmtioyQsoFnO5/5wLQTSsO17YBYLo boLVLG3RgY7bX5288HU2WDCCBBkwggMBAhBhcMtJjF+YRSnnsKbZUFt6MA0GCSqGSIb3DQEB BQUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsT FlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNz IDIgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzAeFw05OTEw MDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVy aVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsT MShjKSAxOTk5IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBD BgNVBAMTPFZlcmlTaWduIENsYXNzIDIgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBB dXRob3JpdHkgLSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK8KDcLVLNtn uS3llCfdpb7gsE2Ps2FWPNZ8w/TNPobLooji4dikacW14r/BpkdQXkY5i9WWurVvFL8QzicT ngVHmzF6E9gf2dMCN4utLEfwjoEGpw0wDOv3PA8gHdxyRu6lAshbw8lWaUzFGMGRewvVEwCb vO/DSD5GYCCFKtWQts2LoMwy3bf9QFWyUBxWrsyNd03HIE2nMXbvaJKKkB4IgVayrWmjUtDL HMQjPR+Z/kzoFmOOxgiO9jH20vrldt21HJKjSc3NAc1ozalpuqPrHQ2cpCCmwaDF0UZMF23S rGY/lozghNQ2/yJZxfkRYKhfBH3yGvYlQmEPxEq4PokCAwEAATANBgkqhkiG9w0BAQUFAAOC AQEANCYVPMCNTUNJHb3pIZLXZpy33sW40ORdX3YiwCb5hDo6+Yy1++xg8ejOBLDI3acDjzDz mN+k5qQx39McC0bcciA/ru4FPKQzPws5rHB4c0uZK98wwlSwqDtVof4WKM1CvXRugNsnRKfO RF3UG5CYDR5ClLEALATQdKMCBSJjY82DtfvBbWJraXX9XXBBufW/fN++wTJzIiGLWIF7FZF6 uuNkSLB/+zYl2pXQ8SQUF90YgGtGIzlU9Y5iCQQdlJCmm+Yl4kJFqriQrb4Ij6kLQhiUz3I5 4bFD4CjPt+dabBNrSbP/4xh8iYszXawz16f52jpVyVgQ+arvWrbPS0vfKjGCAqQwggKgAgEB MIIBDDCB9zELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF0hld2xldHQtUGFja2FyZCBDb21wYW55 MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1 c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwOTE1MDMGA1UECxMsQ2xh c3MgMiBNYW5hZ2VkIFBLSSBJbmRpdmlkdWFsIFN1YnNjcmliZXIgQ0ExMTAvBgNVBAMTKENv bGxhYm9yYXRpb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgRzICEFuJOcFC+2JaBKTlTQsX DY4wDQYJYIZIAWUDBAIBBQCgaTAvBgkqhkiG9w0BCQQxIgQgetX5x9K0fqrhP4GfR5fhamE5 v8sGSKT6pQhTIpn4RK0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUx DxcNMTQwMzA0MDgzOTM4WjANBgkqhkiG9w0BAQEFAASCAQAsNI/wVemqyQQ+8Imi8d/rT931 CqPakmSHE46hpR/lLfzRik7l21Iq89r4Sd4RnKVsGkaBOpTOiXFpm2LN9ID7PyuUQsthWXcA 0vEDmvOUxZOH2lzWzBc1nO6e3woeKhHKIi9KMCkzSSzrUtByGJHqp6T1dGzt8cpAAHNz9+wN Uo6gZhatrbtyS3BghPNKirh9PiSC2soLynpN35pJL+6t3YcJejTGR3F6ZtCMpBX5yXVujX88 o813GU/f++Q9zPS0eF3sT5mUcOgq+hk/0IdFb9QmKsb4rEPQ4APx6qqJITE5PhLkP4QrafBL wQezZZhAGcWd8BPGNUGnv4Ers9xl --B_3476767179_23634539-- From nobody Tue Mar 4 01:50:39 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DACA1A03E8 for ; Tue, 4 Mar 2014 01:50:33 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bs36w3Xgstt1 for ; Tue, 4 Mar 2014 01:50:29 -0800 (PST) Received: from power.freeradius.org (power.freeradius.org [88.190.25.44]) by ietfa.amsl.com (Postfix) with ESMTP id 935B51A0175 for ; Tue, 4 Mar 2014 01:50:29 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by power.freeradius.org (Postfix) with ESMTP id C1F2922400AD for ; Tue, 4 Mar 2014 10:50:25 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at power.freeradius.org Received: from power.freeradius.org ([127.0.0.1]) by localhost (power.freeradius.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7h0qV7Qu85C3 for ; Tue, 4 Mar 2014 10:50:25 +0100 (CET) Received: from dhcp-b41d.meeting.ietf.org (dhcp-b41d.meeting.ietf.org [31.133.180.29]) by power.freeradius.org (Postfix) with ESMTPSA id 62D4622400A9 for ; Tue, 4 Mar 2014 10:50:25 +0100 (CET) Message-ID: <5315A1E1.2040405@deployingradius.com> Date: Tue, 04 Mar 2014 09:50:25 +0000 From: Alan DeKok User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228) MIME-Version: 1.0 To: "radext@ietf.org" Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/radext/FC1RpemdyCpWSgk9TDucwST3ICo Subject: [radext] Review of draft-cheng-behave-cgn-cfg-radius-ext X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Mar 2014 09:50:33 -0000 This is a quick review of the document prior to RADEXT WG meeting. This document proposes three new RADIUS attributes as RADIUS protocol's extensions, and they are used for separate purposes as follows: Any draft is a RADIUS protocol extension. I'd suggest changing this text to: This document proposes three new attributes as follows: The following paragraphs could be re-organized. They currently give a description first, followed by the attribute name. The text also seems redundant: The session limit is carried by a new RADIUS attribute ... Yes, most drafts define a new attribute. I would just say: o Port-Session-Limit Sent in Access-Accept or CoA-Request. Limits the of total number of TCP/UDP ports and/or ICMP identifiers which a subscriber can use. i.e. give the name, which packets it can occur in, and a short description of its meaning. The later sections will expand on these descriptions, so there's no need to give complicated definitions here. o Session Limit - This is the maximum number of TCP ports, or UDP Is this the same as "Port-Session-Limit" above? If so, I suggest using the same name. Also, all authorization attributes in RADIUS are for a particular session. So there's no need to call them "Session" limits. By definition, they're for one session, and only one session. [Discussion: should these attributes be allocated from the extended RADIUS attribute code space?] I don't think it matters. They could be allocated from the standard space. 3.1 Port-Session-Limit This attribute is of type complex [RFC6158] ... There is no reason to make these attributes type "complex". Everyone would be better served by using TLVs, as defined in RFC 6929. 3.2 Port-Session-Range ... The port range follows the encoding specified in [RFC6431]; RFC 6431 defines a data structure of 4 fields. This attribute re-uses that, but inserts it in the middle of other complex fields. So it does not appear to follow the requirements to be an "opaque data type" as given in RFC 6158 Section A.1.3. 3.3. Port-Forwarding-Map Attribute ... In addition, the attribute may contain a 32-bit IPv4 address or a 128-bit IPv6 address, respectively, as their respective NAT mappings internal IP address. This definition violates RFC 6158 Section 3.4, which prohibits polymorphic attributes. 7.2. Name Spaces This document establishes a new name space for Session Type (see Section 3.1 for the initial reservation of values. The allocation of future values is according to RFC Required policy [RFC5226] I don't think any previous RADIUS specification defined an IANA name space for sub-fields of an attribute. All of the existing enumerated types are of data type "integer". Over all, the goal of the document seems reasonable. But the encoding of the attributes violates most of RFC 6158, without giving any reason as to why. Implementing it as-is would impose undue burden on implementors. I suggest using TLVs instead of these complex data types. That would avoid the need for polymorphic attributes, too. Alan DeKok. From nobody Tue Mar 4 05:42:58 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E82CB1A0203; Tue, 4 Mar 2014 05:42:51 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zkr5fShWvH1r; Tue, 4 Mar 2014 05:42:50 -0800 (PST) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A86E1A0170; Tue, 4 Mar 2014 05:42:50 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 5.0.2 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <20140304134250.8414.93624.idtracker@ietfa.amsl.com> Date: Tue, 04 Mar 2014 05:42:50 -0800 Archived-At: http://mailarchive.ietf.org/arch/msg/radext/2zxfGOMrupKClErmOSwjMhxOYqY Cc: radext@ietf.org Subject: [radext] I-D Action: draft-ietf-radext-dynamic-discovery-11.txt X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Mar 2014 13:42:52 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the RADIUS EXTensions Working Group of the IETF. Title : NAI-based Dynamic Peer Discovery for RADIUS/TLS and RADIUS/DTLS Authors : Stefan Winter Mike McCauley Filename : draft-ietf-radext-dynamic-discovery-11.txt Pages : 28 Date : 2014-03-04 Abstract: This document specifies a means to find authoritative RADIUS servers for a given realm. It is used in conjunction with either RADIUS/TLS and RADIUS/DTLS. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-radext-dynamic-discovery/ There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-radext-dynamic-discovery-11 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=draft-ietf-radext-dynamic-discovery-11 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Tue Mar 4 05:45:27 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B7FA1A0176 for ; Tue, 4 Mar 2014 05:45:20 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 3.701 X-Spam-Level: *** X-Spam-Status: No, score=3.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, GB_SUMOF=5, J_CHICKENPOX_74=0.6, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xmPZIjmscqXA for ; Tue, 4 Mar 2014 05:45:18 -0800 (PST) Received: from relais-inet.francetelecom.com (relais-ias244.francetelecom.com [80.12.204.244]) by ietfa.amsl.com (Postfix) with ESMTP id F39B91A0170 for ; Tue, 4 Mar 2014 05:45:17 -0800 (PST) Received: from omfeda06.si.francetelecom.fr (unknown [xx.xx.xx.199]) by omfeda14.si.francetelecom.fr (ESMTP service) with ESMTP id E73B42AC704; Tue, 4 Mar 2014 14:45:13 +0100 (CET) Received: from Exchangemail-eme1.itn.ftgroup (unknown [10.114.1.183]) by omfeda06.si.francetelecom.fr (ESMTP service) with ESMTP id CA9D124C0EE; Tue, 4 Mar 2014 14:45:13 +0100 (CET) Received: from PEXCVZYM13.corporate.adroot.infra.ftgroup ([fe80::cc7e:e40b:42ef:164e]) by PEXCVZYH02.corporate.adroot.infra.ftgroup ([::1]) with mapi id 14.03.0174.001; Tue, 4 Mar 2014 14:45:13 +0100 From: To: Alan DeKok , "radext@ietf.org" Thread-Topic: [radext] Review of draft-cheng-behave-cgn-cfg-radius-ext Thread-Index: AQHPN48xEhgtIM4AIE6ZueLablyDkZrQv75Q Date: Tue, 4 Mar 2014 13:45:12 +0000 Message-ID: <30324_1393940713_5315D8E9_30324_2050_1_6B7134B31289DC4FAF731D844122B36E4DF2BC@PEXCVZYM13.corporate.adroot.infra.ftgroup> References: <5315A1E1.2040405@deployingradius.com> In-Reply-To: <5315A1E1.2040405@deployingradius.com> Accept-Language: fr-FR, en-US Content-Language: fr-FR X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.197.38.3] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-PMX-Version: 6.0.3.2322014, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2014.3.4.80315 Archived-At: http://mailarchive.ietf.org/arch/msg/radext/jiI_0aloP7ajMSqPwxrNR6Db9cw Subject: Re: [radext] Review of draft-cheng-behave-cgn-cfg-radius-ext X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Mar 2014 13:45:20 -0000 The Port-Session-Limit Attribute is defined as follow: This attribute is of type complex [RFC6158] and specifies the limit of TCP ports, or UDP ports, or the sum of the two, or ICMP identifiers, or the sum of the three, which is configured on a device supporting port ranges corresponding to a specific subscriber. Isn't it the same purpose than the Port-Limit defined in RFC 2865? Port-Limit This Attribute sets the maximum number of ports to be provided to the user by the NAS. This Attribute MAY be sent by the server to the client in an Access-Accept packet. It is intended for use in conjunction with Multilink PPP [12] or similar uses. It MAY also be sent by the NAS to the server as a hint that that many ports are desired for use, but the server is not required to honor the hint. By the way, I share the comment on Alan about avoiding polymorphic attribut= es and recommend the use of TLV. I guess that two different TLV-types will have to be defined, one for exter= nal/public address+port (NAT assigned) and the other for internal/private a= ddress+port, and both TLV consisting in two sub-attributes, one in the form= at of "Framed-IP-address" and one ine the format of "Port". Lionel -----Message d'origine----- De=A0: radext [mailto:radext-bounces@ietf.org] De la part de Alan DeKok Envoy=E9=A0: mardi 4 mars 2014 10:50 =C0=A0: radext@ietf.org Objet=A0: [radext] Review of draft-cheng-behave-cgn-cfg-radius-ext This is a quick review of the document prior to RADEXT WG meeting. This document proposes three new RADIUS attributes as RADIUS protocol's extensions, and they are used for separate purposes as follows: Any draft is a RADIUS protocol extension. I'd suggest changing this text to: This document proposes three new attributes as follows: The following paragraphs could be re-organized. They currently give a description first, followed by the attribute name. The text also seems redundant: The session limit is carried by a new RADIUS attribute ... Yes, most drafts define a new attribute. I would just say: o Port-Session-Limit Sent in Access-Accept or CoA-Request. Limits the of total number of TCP/UDP ports and/or ICMP identifiers which a subscriber can use. i.e. give the name, which packets it can occur in, and a short description of its meaning. The later sections will expand on these descriptions, so there's no need to give complicated definitions here. o Session Limit - This is the maximum number of TCP ports, or UDP Is this the same as "Port-Session-Limit" above? If so, I suggest using the same name. Also, all authorization attributes in RADIUS are for a particular session. So there's no need to call them "Session" limits. By definition, they're for one session, and only one session. [Discussion: should these attributes be allocated from the extended RADIUS attribute code space?] I don't think it matters. They could be allocated from the standard space. 3.1 Port-Session-Limit This attribute is of type complex [RFC6158] ... There is no reason to make these attributes type "complex". Everyone would be better served by using TLVs, as defined in RFC 6929. 3.2 Port-Session-Range ... The port range follows the encoding specified in [RFC6431]; RFC 6431 defines a data structure of 4 fields. This attribute re-uses that, but inserts it in the middle of other complex fields. So it does not appear to follow the requirements to be an "opaque data type" as given in RFC 6158 Section A.1.3. 3.3. Port-Forwarding-Map Attribute ... In addition, the attribute may contain a 32-bit IPv4 address or a 128-bit IPv6 address, respectively, as their respective NAT mappings internal IP address. This definition violates RFC 6158 Section 3.4, which prohibits polymorphic attributes. 7.2. Name Spaces This document establishes a new name space for Session Type (see Section 3.1 for the initial reservation of values. The allocation of future values is according to RFC Required policy [RFC5226] I don't think any previous RADIUS specification defined an IANA name space for sub-fields of an attribute. All of the existing enumerated types are of data type "integer". Over all, the goal of the document seems reasonable. But the encoding of the attributes violates most of RFC 6158, without giving any reason as to why. Implementing it as-is would impose undue burden on implementors. I suggest using TLVs instead of these complex data types. That would avoid the need for polymorphic attributes, too. Alan DeKok. _______________________________________________ radext mailing list radext@ietf.org https://www.ietf.org/mailman/listinfo/radext ___________________________________________________________________________= ______________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confiden= tielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu= ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages el= ectroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou = falsifie. Merci. This message and its attachments may contain confidential or privileged inf= ormation that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and dele= te this message and its attachments. As emails may be altered, Orange is not liable for messages that have been = modified, changed or falsified. Thank you. From nobody Tue Mar 4 07:22:44 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 697541A0085 for ; Tue, 4 Mar 2014 07:22:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EYnJPCfQBDzm for ; Tue, 4 Mar 2014 07:22:37 -0800 (PST) Received: from relais-inet.francetelecom.com (relais-ias244.francetelecom.com [80.12.204.244]) by ietfa.amsl.com (Postfix) with ESMTP id 708EE1A005E for ; Tue, 4 Mar 2014 07:22:37 -0800 (PST) Received: from omfeda08.si.francetelecom.fr (unknown [xx.xx.xx.201]) by omfeda11.si.francetelecom.fr (ESMTP service) with ESMTP id B2DD71B8185; Tue, 4 Mar 2014 16:22:33 +0100 (CET) Received: from Exchangemail-eme1.itn.ftgroup (unknown [10.114.1.186]) by omfeda08.si.francetelecom.fr (ESMTP service) with ESMTP id 8E41338412D; Tue, 4 Mar 2014 16:22:33 +0100 (CET) Received: from PEXCVZYM13.corporate.adroot.infra.ftgroup ([fe80::cc7e:e40b:42ef:164e]) by PEXCVZYH01.corporate.adroot.infra.ftgroup ([::1]) with mapi id 14.03.0174.001; Tue, 4 Mar 2014 16:22:33 +0100 From: To: Alan DeKok , Alejandro Perez Mendez Thread-Topic: [radext] radius-fragmentation: New flag T field for the Long Extended Type Thread-Index: AQHPNH4c8tS+HG09uUOJ1wR0Fs0aSJrN3YMAgAESMoCAADD37v//8ZAAgAADHwCAAIkaAIABb9YA Date: Tue, 4 Mar 2014 15:22:31 +0000 Message-ID: <16313_1393946553_5315EFB9_16313_924_1_6B7134B31289DC4FAF731D844122B36E4DF643@PEXCVZYM13.corporate.adroot.infra.ftgroup> References: <53107CBB.3020407@um.es> <53134D64.7080304@restena.lu> <53143367.6090001@um.es> <5314505E.3010200@deployingradius.com> <531452FC.6090704@um.es> <5314C5FE.3070403@deployingradius.com> In-Reply-To: <5314C5FE.3070403@deployingradius.com> Accept-Language: fr-FR, en-US Content-Language: fr-FR X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.197.38.3] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-PMX-Version: 6.0.3.2322014, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2013.11.19.63615 Archived-At: http://mailarchive.ietf.org/arch/msg/radext/3GCYr8sNyZA6tziiBl1N1FRdByw Cc: Sam Hartman , Stefan Winter , "radext@ietf.org" Subject: [radext] radius-fragmentation: New flag T field for the Long Extended Type X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Mar 2014 15:22:42 -0000 I repeat my comment raised during the meeting.=20 RFC6929 (Std) allocates the first bit after the Extended-Type field to the = (M)ore and the rest (7-bit) is put as reserved. But there is nothing about how to allocate the remaining reserved bits. This draft allocates the second bit to (T)runcation. The question is simple: how do we ensure that another draft will not alloca= te the same 2nd bit to another feature? It would mean that the same Long-ex= tended-type attribute would have two possible interpretations/process... Are we only relying on living memories? :) Maybe we don't care because it is an experimental document... or maybe this= doc will update the RFC6929 to indicate that the 2nd bit is used for "T". It is not an issue with the current draft. Just an administrative issue. Regards, Lionel ___________________________________________________________________________= ______________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confiden= tielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu= ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages el= ectroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou = falsifie. Merci. This message and its attachments may contain confidential or privileged inf= ormation that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and dele= te this message and its attachments. As emails may be altered, Orange is not liable for messages that have been = modified, changed or falsified. Thank you. From nobody Tue Mar 4 07:33:54 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F09D1A0194 for ; Tue, 4 Mar 2014 07:33:51 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zt_SHIOSWMt3 for ; Tue, 4 Mar 2014 07:33:47 -0800 (PST) Received: from power.freeradius.org (power.freeradius.org [88.190.25.44]) by ietfa.amsl.com (Postfix) with ESMTP id 5DC7E1A019D for ; Tue, 4 Mar 2014 07:33:47 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by power.freeradius.org (Postfix) with ESMTP id E530D22400FF; Tue, 4 Mar 2014 16:33:43 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at power.freeradius.org Received: from power.freeradius.org ([127.0.0.1]) by localhost (power.freeradius.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hQVv-dF4ZRjc; Tue, 4 Mar 2014 16:33:41 +0100 (CET) Received: from dhcp-b41d.meeting.ietf.org (dhcp-b41d.meeting.ietf.org [31.133.180.29]) by power.freeradius.org (Postfix) with ESMTPSA id D0D0622400B6; Tue, 4 Mar 2014 16:33:41 +0100 (CET) Message-ID: <5315F255.3050309@deployingradius.com> Date: Tue, 04 Mar 2014 15:33:41 +0000 From: Alan DeKok User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228) MIME-Version: 1.0 To: lionel.morand@orange.com References: <53107CBB.3020407@um.es> <53134D64.7080304@restena.lu> <53143367.6090001@um.es> <5314505E.3010200@deployingradius.com> <531452FC.6090704@um.es> <5314C5FE.3070403@deployingradius.com> <16313_1393946553_5315EFB9_16313_924_1_6B7134B31289DC4FAF731D844122B36E4DF643@PEXCVZYM13.corporate.adroot.infra.ftgroup> In-Reply-To: <16313_1393946553_5315EFB9_16313_924_1_6B7134B31289DC4FAF731D844122B36E4DF643@PEXCVZYM13.corporate.adroot.infra.ftgroup> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/radext/kZbP8qwqUhro1kFW3Sw2r9eIiAU Cc: Sam Hartman , Stefan Winter , Alejandro Perez Mendez , "radext@ietf.org" Subject: Re: [radext] radius-fragmentation: New flag T field for the Long Extended Type X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Mar 2014 15:33:51 -0000 lionel.morand@orange.com wrote: > The question is simple: how do we ensure that another draft will not allocate the same 2nd bit to another feature? It would mean that the same Long-extended-type attribute would have two possible interpretations/process... I think we're safe with manual tracking. I don't see any other draft allocating the same bit. > Are we only relying on living memories? :) The documents are available on a public web page as part of the RFC process. > Maybe we don't care because it is an experimental document... or maybe this doc will update the RFC6929 to indicate that the 2nd bit is used for "T". We can't have an experimental draft update a standards track document. Alan DeKok. From nobody Tue Mar 4 07:38:27 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BA7C1A0154 for ; Tue, 4 Mar 2014 07:38:24 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.447 X-Spam-Level: X-Spam-Status: No, score=-2.447 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.547] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KnQTSsdnp7DE for ; Tue, 4 Mar 2014 07:38:22 -0800 (PST) Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) by ietfa.amsl.com (Postfix) with ESMTP id 9157B1A005E for ; Tue, 4 Mar 2014 07:38:22 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail.painless-security.com (Postfix) with ESMTP id 8E2DD2068D for ; Tue, 4 Mar 2014 10:33:53 -0500 (EST) Received: from mail.painless-security.com ([127.0.0.1]) by localhost (mail.suchdamage.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8W66MyDa8uEK for ; Tue, 4 Mar 2014 10:33:53 -0500 (EST) Received: from carter-zimmerman.suchdamage.org (dhcp-9ca7.meeting.ietf.org [31.133.156.167]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS for ; Tue, 4 Mar 2014 10:33:53 -0500 (EST) Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 0B34083F21; Tue, 4 Mar 2014 10:38:13 -0500 (EST) From: Sam Hartman To: radext@ietf.org Date: Tue, 04 Mar 2014 10:38:13 -0500 Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Archived-At: http://mailarchive.ietf.org/arch/msg/radext/dTO98dgcX6Ct6RW2ZNCkTJOV64Y Subject: [radext] radius fragmentation: why not EAP message X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Mar 2014 15:38:24 -0000 My rationale for objecting to an EAP message is that if a proxy fails with fragmentation, it probably intends to drop new stuff. We should not standardize mechanisms designed to get around intentional proxy configuration. --Sam From nobody Tue Mar 4 07:39:55 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C17051A0154 for ; Tue, 4 Mar 2014 07:39:47 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tGHPzpqWK7cL for ; Tue, 4 Mar 2014 07:39:46 -0800 (PST) Received: from power.freeradius.org (power.freeradius.org [88.190.25.44]) by ietfa.amsl.com (Postfix) with ESMTP id 56A3F1A00F1 for ; Tue, 4 Mar 2014 07:39:46 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by power.freeradius.org (Postfix) with ESMTP id E1C7522400FF; Tue, 4 Mar 2014 16:39:42 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at power.freeradius.org Received: from power.freeradius.org ([127.0.0.1]) by localhost (power.freeradius.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kcrab7gKES0d; Tue, 4 Mar 2014 16:39:42 +0100 (CET) Received: from dhcp-b41d.meeting.ietf.org (dhcp-b41d.meeting.ietf.org [31.133.180.29]) by power.freeradius.org (Postfix) with ESMTPSA id AE78B22400AD; Tue, 4 Mar 2014 16:39:42 +0100 (CET) Message-ID: <5315F3BE.8010503@deployingradius.com> Date: Tue, 04 Mar 2014 15:39:42 +0000 From: Alan DeKok User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228) MIME-Version: 1.0 To: Sam Hartman References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/radext/62iMXgMRHWUo0aXfHzM5wyDww9I Cc: radext@ietf.org Subject: Re: [radext] radius fragmentation: why not EAP message X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Mar 2014 15:39:48 -0000 Sam Hartman wrote: > > My rationale for objecting to an EAP message is that if a proxy fails > with fragmentation, it probably intends to drop new stuff. > We should not standardize mechanisms designed to get around intentional > proxy configuration. I agree. Alan DeKok. From nobody Tue Mar 4 09:36:51 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 499E81A0280 for ; Tue, 4 Mar 2014 09:36:43 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2cucUzzLfQPm for ; Tue, 4 Mar 2014 09:36:40 -0800 (PST) Received: from smtp4.pacifier.net (smtp4.pacifier.net [64.255.237.176]) by ietfa.amsl.com (Postfix) with ESMTP id DE37A1A021C for ; Tue, 4 Mar 2014 09:36:37 -0800 (PST) Received: from Philemon (c-24-17-142-118.hsd1.wa.comcast.net [24.17.142.118]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp4.pacifier.net (Postfix) with ESMTPSA id 679EE38F5B; Tue, 4 Mar 2014 09:36:34 -0800 (PST) From: "Jim Schaad" To: , "'Alan DeKok'" , "'Alejandro Perez Mendez'" References: <53107CBB.3020407@um.es> <53134D64.7080304@restena.lu> <53143367.6090001@um.es> <5314505E.3010200@deployingradius.com> <531452FC.6090704@um.es> <5314C5FE.3070403@deployingradius.com> <16313_1393946553_5315EFB9_16313_924_1_6B7134B31289DC4FAF731D844122B36E4DF643@PEXCVZYM13.corporate.adroot.infra.ftgroup> In-Reply-To: <16313_1393946553_5315EFB9_16313_924_1_6B7134B31289DC4FAF731D844122B36E4DF643@PEXCVZYM13.corporate.adroot.infra.ftgroup> Date: Tue, 4 Mar 2014 09:34:49 -0800 Message-ID: <00c901cf37d0$0b962bf0$22c283d0$@augustcellars.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQI6l18P2VVlfJqaXuarwB9cTp47pgHJn+e/AmvLFeABBea3jAFr7drfAQvUsh4C4r+fqQGEg1obmZmeZAA= Content-Language: en-us Archived-At: http://mailarchive.ietf.org/arch/msg/radext/sG0n2KWRa5bqpqDaiPJN-_Pt8D4 Cc: 'Sam Hartman' , radext@ietf.org, 'Stefan Winter' Subject: Re: [radext] radius-fragmentation: New flag T field for the Long Extended Type X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Mar 2014 17:36:43 -0000 This is the reason why the fragmentation draft will have an update relationship on RFC 6929. This sys that anybody looking at 6929 needs to look at this draft to see what was updated. > -----Original Message----- > From: radext [mailto:radext-bounces@ietf.org] On Behalf Of > lionel.morand@orange.com > Sent: Tuesday, March 04, 2014 7:23 AM > To: Alan DeKok; Alejandro Perez Mendez > Cc: Sam Hartman; Stefan Winter; radext@ietf.org > Subject: [radext] radius-fragmentation: New flag T field for the Long > Extended Type > > I repeat my comment raised during the meeting. > > RFC6929 (Std) allocates the first bit after the Extended-Type field to the > (M)ore and the rest (7-bit) is put as reserved. > But there is nothing about how to allocate the remaining reserved bits. > > This draft allocates the second bit to (T)runcation. > > The question is simple: how do we ensure that another draft will not allocate > the same 2nd bit to another feature? It would mean that the same Long- > extended-type attribute would have two possible interpretations/process... > > Are we only relying on living memories? :) Maybe we don't care because it is > an experimental document... or maybe this doc will update the RFC6929 to > indicate that the 2nd bit is used for "T". > > It is not an issue with the current draft. Just an administrative issue. > > Regards, > > Lionel > > __________________________________________________________ > __________________________________________________________ > _____ > > Ce message et ses pieces jointes peuvent contenir des informations > confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites > ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez > le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les > messages electroniques etant susceptibles d'alteration, Orange decline toute > responsabilite si ce message a ete altere, deforme ou falsifie. Merci. > > This message and its attachments may contain confidential or privileged > information that may be protected by law; they should not be distributed, > used or copied without authorisation. > If you have received this email in error, please notify the sender and delete > this message and its attachments. > As emails may be altered, Orange is not liable for messages that have been > modified, changed or falsified. > Thank you. > > _______________________________________________ > radext mailing list > radext@ietf.org > https://www.ietf.org/mailman/listinfo/radext From nobody Tue Mar 4 09:39:29 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B18331A01FE for ; Tue, 4 Mar 2014 09:39:24 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3PL2JctH--78 for ; Tue, 4 Mar 2014 09:39:21 -0800 (PST) Received: from relais-inet.francetelecom.com (relais-ias245.francetelecom.com [80.12.204.245]) by ietfa.amsl.com (Postfix) with ESMTP id AA37E1A0227 for ; Tue, 4 Mar 2014 09:39:20 -0800 (PST) Received: from omfeda06.si.francetelecom.fr (unknown [xx.xx.xx.199]) by omfeda09.si.francetelecom.fr (ESMTP service) with ESMTP id 1F100C0997; Tue, 4 Mar 2014 18:39:16 +0100 (CET) Received: from Exchangemail-eme1.itn.ftgroup (unknown [10.114.1.186]) by omfeda06.si.francetelecom.fr (ESMTP service) with ESMTP id 0017AC80EC; Tue, 4 Mar 2014 18:39:15 +0100 (CET) Received: from PEXCVZYM13.corporate.adroot.infra.ftgroup ([fe80::cc7e:e40b:42ef:164e]) by PEXCVZYH01.corporate.adroot.infra.ftgroup ([::1]) with mapi id 14.03.0174.001; Tue, 4 Mar 2014 18:39:15 +0100 From: To: Jim Schaad , 'Alan DeKok' , 'Alejandro Perez Mendez' Thread-Topic: [radext] radius-fragmentation: New flag T field for the Long Extended Type Thread-Index: AQHPNH4c8tS+HG09uUOJ1wR0Fs0aSJrN3YMAgAESMoCAADD37v//8ZAAgAADHwCAAIkaAIABb9YAgAAYCoCAABHKgA== Date: Tue, 4 Mar 2014 17:39:14 +0000 Message-ID: <30324_1393954756_53160FC4_30324_16090_1_6B7134B31289DC4FAF731D844122B36E4DFB88@PEXCVZYM13.corporate.adroot.infra.ftgroup> References: <53107CBB.3020407@um.es> <53134D64.7080304@restena.lu> <53143367.6090001@um.es> <5314505E.3010200@deployingradius.com> <531452FC.6090704@um.es> <5314C5FE.3070403@deployingradius.com> <16313_1393946553_5315EFB9_16313_924_1_6B7134B31289DC4FAF731D844122B36E4DF643@PEXCVZYM13.corporate.adroot.infra.ftgroup> <00c901cf37d0$0b962bf0$22c283d0$@augustcellars.com> In-Reply-To: <00c901cf37d0$0b962bf0$22c283d0$@augustcellars.com> Accept-Language: fr-FR, en-US Content-Language: fr-FR X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.197.38.3] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-PMX-Version: 6.0.3.2322014, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2014.3.4.80315 Archived-At: http://mailarchive.ietf.org/arch/msg/radext/6ch2nAj5VVlv3oIyHv261KyG8QY Cc: 'Sam Hartman' , "radext@ietf.org" , 'Stefan Winter' Subject: Re: [radext] radius-fragmentation: New flag T field for the Long Extended Type X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Mar 2014 17:39:24 -0000 Thank you! I have seen that it was the case in the header of the draft. Updates: RFC6929 (if approved)=20=20 Cheers, Lionel -----Message d'origine----- De=A0: Jim Schaad [mailto:ietf@augustcellars.com]=20 Envoy=E9=A0: mardi 4 mars 2014 18:35 =C0=A0: MORAND Lionel IMT/OLN; 'Alan DeKok'; 'Alejandro Perez Mendez' Cc=A0: 'Sam Hartman'; 'Stefan Winter'; radext@ietf.org Objet=A0: RE: [radext] radius-fragmentation: New flag T field for the Long = Extended Type This is the reason why the fragmentation draft will have an update relationship on RFC 6929. This sys that anybody looking at 6929 needs to look at this draft to see what was updated. > -----Original Message----- > From: radext [mailto:radext-bounces@ietf.org] On Behalf Of > lionel.morand@orange.com > Sent: Tuesday, March 04, 2014 7:23 AM > To: Alan DeKok; Alejandro Perez Mendez > Cc: Sam Hartman; Stefan Winter; radext@ietf.org > Subject: [radext] radius-fragmentation: New flag T field for the Long > Extended Type >=20 > I repeat my comment raised during the meeting. >=20 > RFC6929 (Std) allocates the first bit after the Extended-Type field to the > (M)ore and the rest (7-bit) is put as reserved. > But there is nothing about how to allocate the remaining reserved bits. >=20 > This draft allocates the second bit to (T)runcation. >=20 > The question is simple: how do we ensure that another draft will not allocate > the same 2nd bit to another feature? It would mean that the same Long- > extended-type attribute would have two possible interpretations/process... >=20 > Are we only relying on living memories? :) Maybe we don't care because it is > an experimental document... or maybe this doc will update the RFC6929 to > indicate that the 2nd bit is used for "T". >=20 > It is not an issue with the current draft. Just an administrative issue. >=20 > Regards, >=20 > Lionel >=20 > __________________________________________________________ > __________________________________________________________ > _____ >=20 > Ce message et ses pieces jointes peuvent contenir des informations > confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites > ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez > le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les > messages electroniques etant susceptibles d'alteration, Orange decline toute > responsabilite si ce message a ete altere, deforme ou falsifie. Merci. >=20 > This message and its attachments may contain confidential or privileged > information that may be protected by law; they should not be distributed, > used or copied without authorisation. > If you have received this email in error, please notify the sender and delete > this message and its attachments. > As emails may be altered, Orange is not liable for messages that have been > modified, changed or falsified. > Thank you. >=20 > _______________________________________________ > radext mailing list > radext@ietf.org > https://www.ietf.org/mailman/listinfo/radext ___________________________________________________________________________= ______________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confiden= tielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu= ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages el= ectroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou = falsifie. Merci. This message and its attachments may contain confidential or privileged inf= ormation that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and dele= te this message and its attachments. As emails may be altered, Orange is not liable for messages that have been = modified, changed or falsified. Thank you. From nobody Tue Mar 4 09:40:34 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4760E1A01B0 for ; Tue, 4 Mar 2014 09:40:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id neGvR706DK67 for ; Tue, 4 Mar 2014 09:40:18 -0800 (PST) Received: from smtp4.pacifier.net (smtp4.pacifier.net [64.255.237.176]) by ietfa.amsl.com (Postfix) with ESMTP id AA8911A0267 for ; Tue, 4 Mar 2014 09:40:18 -0800 (PST) Received: from Philemon (c-24-17-142-118.hsd1.wa.comcast.net [24.17.142.118]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp4.pacifier.net (Postfix) with ESMTPSA id 5292738EF3; Tue, 4 Mar 2014 09:40:15 -0800 (PST) From: "Jim Schaad" To: "'Alan DeKok'" , References: <53107CBB.3020407@um.es> <53134D64.7080304@restena.lu> <53143367.6090001@um.es> <5314505E.3010200@deployingradius.com> <531452FC.6090704@um.es> <5314C5FE.3070403@deployingradius.com> <16313_1393946553_5315EFB9_16313_924_1_6B7134B31289DC4FAF731D844122B36E4DF643@PEXCVZYM13.corporate.adroot.infra.ftgroup> <5315F255.3050309@deployingradius.com> In-Reply-To: <5315F255.3050309@deployingradius.com> Date: Tue, 4 Mar 2014 09:38:30 -0800 Message-ID: <00ca01cf37d0$8f440a80$adcc1f80$@augustcellars.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQI6l18P2VVlfJqaXuarwB9cTp47pgHJn+e/AmvLFeABBea3jAFr7drfAQvUsh4C4r+fqQGEg1obAqTgyNCZhHhnAA== Content-Language: en-us Archived-At: http://mailarchive.ietf.org/arch/msg/radext/cqWN8d1PKXlQYIcVzBW0BOMIx5Y Cc: 'Sam Hartman' , radext@ietf.org, 'Alejandro Perez Mendez' , 'Stefan Winter' Subject: Re: [radext] radius-fragmentation: New flag T field for the Long Extended Type X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Mar 2014 17:40:21 -0000 > -----Original Message----- > From: radext [mailto:radext-bounces@ietf.org] On Behalf Of Alan DeKok > Sent: Tuesday, March 04, 2014 7:34 AM > To: lionel.morand@orange.com > Cc: Sam Hartman; Stefan Winter; Alejandro Perez Mendez; radext@ietf.org > Subject: Re: [radext] radius-fragmentation: New flag T field for the Long > Extended Type > > lionel.morand@orange.com wrote: > > The question is simple: how do we ensure that another draft will not > allocate the same 2nd bit to another feature? It would mean that the same > Long-extended-type attribute would have two possible > interpretations/process... > > I think we're safe with manual tracking. I don't see any other draft allocating > the same bit. > > > Are we only relying on living memories? :) > > The documents are available on a public web page as part of the RFC > process. > > > Maybe we don't care because it is an experimental document... or maybe > this doc will update the RFC6929 to indicate that the 2nd bit is used for "T". > > We can't have an experimental draft update a standards track document. For this type of update, I see no reason this draft cannot update the standards track document. It is not changing any significant content in that draft. Jim > > Alan DeKok. > > _______________________________________________ > radext mailing list > radext@ietf.org > https://www.ietf.org/mailman/listinfo/radext From nobody Thu Mar 6 04:44:38 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7B741A0276 for ; Thu, 6 Mar 2014 04:44:36 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.445 X-Spam-Level: X-Spam-Status: No, score=-2.445 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RP_MATCHES_RCVD=-0.547] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zKjiWyxFZ_Vs for ; Thu, 6 Mar 2014 04:44:31 -0800 (PST) Received: from g6t1526.atlanta.hp.com (g6t1526.atlanta.hp.com [15.193.200.69]) by ietfa.amsl.com (Postfix) with ESMTP id 9E8791A025D for ; Thu, 6 Mar 2014 04:44:31 -0800 (PST) Received: from G6W4001.americas.hpqcorp.net (g6w4001.atlanta.hp.com [16.205.80.210]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by g6t1526.atlanta.hp.com (Postfix) with ESMTPS id 9FBF489 for ; Thu, 6 Mar 2014 12:44:27 +0000 (UTC) Received: from G6W3997.americas.hpqcorp.net (16.205.80.212) by G6W4001.americas.hpqcorp.net (16.205.80.210) with Microsoft SMTP Server (TLS) id 14.3.123.3; Thu, 6 Mar 2014 12:43:25 +0000 Received: from G6W2505.americas.hpqcorp.net ([169.254.12.119]) by G6W3997.americas.hpqcorp.net ([16.205.80.212]) with mapi id 14.03.0123.003; Thu, 6 Mar 2014 12:43:25 +0000 From: "Sanchez, Mauricio" To: "radext@ietf.org" Thread-Topic: IETF 89: Preliminary meeting notes Thread-Index: AQHPOTmpEd3fd1VPuky/cGI46BYiog== Date: Thu, 6 Mar 2014 12:43:24 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.3.9.131030 x-originating-ip: [15.193.49.27] Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha256; boundary="B_3476954599_29261501" MIME-Version: 1.0 Archived-At: http://mailarchive.ietf.org/arch/msg/radext/h9hIxPpNcf4m5kqDIjl6yPjr4KU Subject: [radext] IETF 89: Preliminary meeting notes X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Mar 2014 12:44:37 -0000 --B_3476954599_29261501 Content-type: multipart/alternative; boundary="B_3476954599_29252463" --B_3476954599_29252463 Content-type: text/plain; charset="ISO-8859-1" Content-transfer-encoding: quoted-printable Below are preliminary meeting notes for your review They are also posted o= n IETF website (http://www.ietf.org/proceedings/89/minutes/minutes-89-radext)= . Thanks go to Stefan for note taking. Please post any corrections/feedback to mailing list. Thanks, Jouni and Mauricio=20 =8B=8B=8B=8B=8B=8B=8B=8B=8B=8B=8B=8B RADEXT IETF 89 London, UK Tuesday, March 4, 2014 Meeting started 2:23PM and adjourned 3:52PM Chairs: Jouni Korhonen Mauricio Sanchez AD: Benoit Claise 1.Preliminaries=20 a. Note Takers: Stefan Winter b. Agenda bash: no changes c. Call for new WG co-chair: Mauricio stepping down. Email Benoit if interested. =20 d. Document Status: as per slide deck, no comments ***************************************************************************= * ***** 1. RADIUS dynamic discovery, Stefan Winter http://tools.ietf.org/html/draft-ietf-radext-dynamic-discovery - presented per slide deck; no comments - Chairs state the next step is for short WGLC of draft -11 ***************************************************************************= * ***** 2. Support of fragmentation of RADIUS packets, Diego Lopez http://tools.ietf.org/html/draft-perez-radext-radius-fragmentation - presented as per uploaded slide deck - main issue is the lack of State/*-Password/EAP-Message in the first chunk of a fragmented packet. - Is this really a significant issue? Sam, Stefan: not worth any changes. - Lionel: just need to document that it somehow violates RFC2865. - Alan: update RFC2865, removing the MUST for fragments? - Alternatively: an EAP-Message with nonsense would also do. - Klaas: proxies - do any proxies have problems with this? - Diego: none (Alan: one historic implementation has been seen, long time ago) - unrelated issue by Sam: document review by ADs: no alarm signs. - How to go on? - many say: dont care, -04 is good enough - Benoit: would be better to document this somewhere - Alan: or add phony EAP-Message? Group: no. - Conclusion: add a sentence or two admitting that this is formally violating - RFC2865, but no known operational issues with it, so should be okay - Lionel: about the T and M bit; is there an IANA registry for those bits? - Who knows which bits exist, if later specs add more bits? - Mauricio: take it to the list (over time already) ***************************************************************************= * ***** 3. Larger Packets for Remote RADIUS over TCP, Sam Hartman http://tools.ietf.org/html/draft-hartman-radext-bigger-packets - Presented per slide deck - Sam: if you can modify your infrastructure, use TCP, can send 64K packets this is then better than fragmentation. Do we need capability discovery for this to work over proxies? Current draft uses Status-Server for Negotiation piggybacking. Could work, not very clean. - Need to work on IANA consideration to add new RADIUS code (Error). - This is considered better than Access-Reject (which would incorrectly suggest end-to-end failure). - Alan: is okay for me. - Mauricio: would be good moment to add to charter; many things from charte= r are now almost finished. Wait for those other drafts to be final, then well possible to add it. - Sam: would want a cross-reference from fragmentation to bigger-packets an= d and back. - Benoit: is this on the charter already, or should it be added? Looks to b= e on charter already. - Show of hands: unanimous that this is good work, so adopt as WG item. Chairs will confirm on ML. ***************************************************************************= * ***** 4. RADIUS Extensions for Port Set Configuration and Reporting, Jaqueline http://datatracker.ietf.org/doc/draft-cheng-behave-cgn-cfg-radius-ext/ - Presented per slide deck - Alan: why extended space? Chairs: no more space left in standard space. - Alan: then give datatypes draft priority. - Alan: is this about the number of TCP ports allowed to use? Yes; but that is not easily visible in the draft. - Alan: don't make complex datatypes. - Chairs: read draft? Pleasant surprise: many. Interested in this work? Again pleasant surprise; draft has momentum. - Will confirm on mailing list; open up charter discussion to get this on. - Lionel: Do we have a clear requirement definition for conversation betwee= n - AAA server and NAS? Does this all have to be in a AAA conversation? - Could be by-reference (like with Filter-Id). Jouni: broadband typically pulls all config via AAA conversation; this is standard practice. - Jouni: should ask authors for more details. - Arran: slightly odd way of operation; more natural would be "allocate fixed range" or "allocate on demand"; but this draft doesn't allow for that= . ***************************************************************************= * ***** 5. CoA Proxying, Alan DeKok - Presented per slide deck - Stefan: Operator-Name is also what dynamic discovery uses; looks like natural continuation and useful work - Chairs: could become chartered if current work items are finished. ***************************************************************************= * ***** 6. RADIUS Extensions for Key Management in WLAN network, Li https://datatracker.ietf.org/doc/draft-xue-radext-key-management/ - Stefan and others: why does this have to RADIUS? Could be any protocol as it distributes keys (not related to AAA interaction) - Lionel: other issues - layer 2 link, security, IP address assignment - none of this is RADIUS. This does not fit into RADIUS framework. - Chairs: suggest to take work to the mailing list. Maybe there is a better protocol than RADIUS - people on the list will undoubtedly comment on a possible better place. --B_3476954599_29252463 Content-type: text/html; charset="ISO-8859-1" Content-transfer-encoding: quoted-printable
Below are preliminary meeting= notes for your review  They are also posted on IETF website (http://www.iet= f.org/proceedings/89/minutes/minutes-89-radext). Thanks go to Stefan for= note taking. 

Please post any corrections/fee= dback to mailing list. 

Thanks,
Joun= i and Mauricio 

————&#= 8212;———————
RADEXT
IETF 89
London, UK

Tuesday, March 4, 2014
Meeting started 2:23PM and adjourned 3:52PM

Chairs:
Jouni Korhonen <jouni.korhonen at broadcom.com>
Mauricio Sanchez <mauricio.sanchez at hp.com>

AD:
Benoit Claise <bclaise at cisco.com> 


1.Preliminaries 
a. Note Takers: Stefan Winter 
b. Agenda bash: no changes 
c. Call for new WG co-chair: Mauricio stepping down. Email Benoit if intere=
sted.  
d. Document Status: as per slide deck, no comments

***************************************************************************=
******
1. RADIUS dynamic discovery, Stefan Winter
http://tools.ietf.org/html/draft-ietf-radext-dynamic-discovery 
- presented per slide deck; no comments
- Chairs state the next step is for short WGLC of draft -11

***************************************************************************=
******
2. Support of fragmentation of RADIUS packets, Diego Lopez 
http://tools.ietf.org/html/draft-perez-radext-radius-fragmentation
- presented as per uploaded slide deck
- main issue is the lack of State/*-Password/EAP-Message in the first chunk=
 of a fragmented packet.
- Is this really a significant issue? Sam, Stefan: not worth any changes.
- Lionel: just need to document that it somehow violates RFC2865.
- Alan: update RFC2865, removing the MUST for fragments?
- Alternatively: an EAP-Message with nonsense would also do.
- Klaas: proxies - do any proxies have problems with this? 
- Diego: none (Alan: one historic implementation has been seen, long time a=
go)
- unrelated issue by Sam: document review by ADs: no alarm signs.
- How to go on?
- many say: dont care, -04 is good enough
- Benoit: would be better to document this somewhere
- Alan: or add phony EAP-Message? Group: no.
- Conclusion: add a sentence or two admitting that this is formally violati=
ng
- RFC2865, but no known operational issues with it, so should be okay
- Lionel: about the T and M bit; is there an IANA registry for those bits?
- Who knows which bits exist, if later specs add more bits?
- Mauricio: take it to the list (over time already)

***************************************************************************=
******
3. Larger Packets for Remote RADIUS over TCP, Sam  Hartman 
http://tools.ietf.org/html/draft-hartman-radext-bigger-packets
- Presented per slide deck 
- Sam: if you can modify your infrastructure, use TCP, can send 64K packets=
 this is then better than fragmentation. Do we need capability discovery
for this to work over proxies? Current draft uses Status-Server for Negotia=
tion piggybacking. Could work, not very clean.
- Need to work on IANA consideration to add new RADIUS code (Error).
- This is considered better than Access-Reject (which would incorrectly sug=
gest end-to-end failure).
- Alan: is okay for me.
- Mauricio: would be good moment to add to charter; many things from charte=
r are now almost finished. Wait for those other drafts to be final, then
well possible to add it.
- Sam: would want a cross-reference from fragmentation to bigger-packets an=
d and back.
- Benoit: is this on the charter already, or should it be added? Looks to b=
e on charter already.
- Show of hands: unanimous that this is good work, so adopt as WG item. Cha=
irs will confirm on ML.

***************************************************************************=
******
4. RADIUS Extensions for Port Set Configuration and Reporting, Jaqueline 
http://datatracker.ietf.org/doc/draft-cheng-behave-cgn-cfg-radius-ext/
- Presented per slide deck 
- Alan: why extended space? Chairs: no more space left in standard space.
- Alan: then give datatypes draft priority.
- Alan: is this about the number of TCP ports allowed to use? Yes; but that=
 is not easily visible in the draft.
- Alan: don't make complex datatypes.
- Chairs: read draft? Pleasant surprise: many. Interested in this work? Aga=
in pleasant surprise; draft has momentum.
- Will confirm on mailing list; open up charter discussion to get this on.
- Lionel: Do we have a clear requirement definition for conversation betwee=
n
- AAA server and NAS? Does this all have to be in a AAA conversation?
- Could be by-reference (like with Filter-Id). Jouni: broadband typically p=
ulls all config via AAA conversation; this is standard practice.
- Jouni: should ask authors for more details.
- Arran: slightly odd way of operation; more natural would be "allocate fix=
ed range" or "allocate on demand"; but this draft doesn't allow for that.

***************************************************************************=
******
5. CoA Proxying, Alan DeKok
<no draft exists at this time, presentation on what could be interesting=
 work in radext>
- Presented per slide deck 
- Stefan: Operator-Name is also what dynamic discovery uses; looks like nat=
ural continuation and useful work
- Chairs: could become chartered if current work items are finished.  

***************************************************************************=
******
6. RADIUS Extensions for Key Management in WLAN network, Li 
https://datatracker.ietf.org/doc/draft-xue-radext-key-management/
- Stefan and others: why does this have to RADIUS? Could be any protocol as=
 it distributes keys (not related to AAA interaction)
- Lionel: other issues - layer 2 link, security, IP address assignment - no=
ne of this is RADIUS. This does not fit into RADIUS framework.
- Chairs: suggest to take work to the mailing list. Maybe there is a better=
 protocol than RADIUS - people on the list will undoubtedly comment
on a possible better place.

--B_3476954599_29252463-- --B_3476954599_29261501 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIIVXwYJKoZIhvcNAQcCoIIVUDCCFUwCAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0B BwGgghJ/MIIH+TCCBuGgAwIBAgIQW4k5wUL7YloEpOVNCxcNjjANBgkqhkiG9w0BAQUFADCB 9zELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF0hld2xldHQtUGFja2FyZCBDb21wYW55MR8wHQYD VQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwOTE1MDMGA1UECxMsQ2xhc3MgMiBN YW5hZ2VkIFBLSSBJbmRpdmlkdWFsIFN1YnNjcmliZXIgQ0ExMTAvBgNVBAMTKENvbGxhYm9y YXRpb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgRzIwHhcNMTIwOTI2MDAwMDAwWhcNMTQw OTI2MjM1OTU5WjCBnjEgMB4GA1UEChQXSGV3bGV0dC1QYWNrYXJkIENvbXBhbnkxJjAkBgNV BAsUHUVtcGxveW1lbnQgU3RhdHVzIC0gRW1wbG95ZWVzMQ8wDQYDVQQLEwZTL01JTUUxGTAX BgNVBAMTEE1hdXJpY2lvIFNhbmNoZXoxJjAkBgkqhkiG9w0BCQEWF21hdXJpY2lvLnNhbmNo ZXpAaHAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAloXM4DJlquSNxT+X mgHkZBI15A2U8R9K0nRaXPMi7fxOzKJBFyLo3FIYQqhrbSaFFliRgRqx9AFqICnM063baYtG DT7ySQ2u9Ewm54kNxAJBR/+EJVoR+/MEq5u/N9FDd3wB5PnFUdfnJ56jsZNhAhUcILwoWxcv fp3hCI7r92O/y2Qmz0PrVf5d+0y0OiJqH7/Pf/uy8D0IivgEUnyKC+VO9MwUwXWzxA1rF1+z +czuQnuWO8nKUHl3EySJL97mM9fm8MCYQrTIBKKf0XpIpzQ+5QQorSHdJKoWVcMMWLtaJY9J A5DWMjKJA0cjD6cSEV8iwN+V58lnKXFGcRyETwIDAQABo4ID1jCCA9IwOwYDVR0RBDQwMoEX bWF1cmljaW8uc2FuY2hlekBocC5jb22BF21hdXJpY2lvX3NhbmNoZXpAaHAuY29tMAwGA1Ud EwEB/wQCMAAwDgYDVR0PAQH/BAQDAgWgMFkGA1UdHwRSMFAwTqBMoEqGSGh0dHA6Ly9vbnNp dGVjcmwudmVyaXNpZ24uY29tL0hld2xldHRQYWNrYXJkQ29tcGFueVNNSU1FRzIvTGF0ZXN0 Q1JMLmNybDAfBgNVHSMEGDAWgBQifdOkq1esVn+pf0FEGpW8W/ir7jAdBgNVHQ4EFgQUYP/x peEEwA0JEKvMwMyDDurpqCowggEyBggrBgEFBQcBAQSCASQwggEgMCcGCCsGAQUFBzABhhto dHRwOi8vaHAtb2NzcC52ZXJpc2lnbi5jb20wgfQGCCsGAQUFBzACpIHnMIHkMTEwLwYDVQQD EyhDb2xsYWJvcmF0aW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEcyMTAwLgYDVQQLEydD bGFzcyAyIE9uU2l0ZSBJbmRpdmlkdWFsIFN1YnNjcmliZXIgQ0ExOjA4BgNVBAsTMVRlcm1z IG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhKGMpMDkxHzAdBgNVBAsT FlZlcmlTaWduIFRydXN0IE5ldHdvcmsxIDAeBgNVBAoTF0hld2xldHQtUGFja2FyZCBDb21w YW55MIIBPQYDVR0gBIIBNDCCATAwggEsBgtghkgBhvhFAQcXAjCCARswKAYIKwYBBQUHAgEW HGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwge4GCCsGAQUFBwICMIHhMB4WF0hld2xl dHQtUGFja2FyZCBDb21wYW55MAMCAQIagb5BdXRob3JpdHkgdG8gYmluZCBIUCBkb2VzIG5v dCBjb3JyZXNwb25kIHdpdGggdXNlIG9yIHBvc3Nlc3Npb24gb2YgdGhpcyBjZXJ0aWZpY2F0 ZS4gSXNzdWVkIHRvIGZhY2lsaXRhdGUgY29tbXVuaWNhdGlvbiB3aXRoIEhQLiBWZXJpU2ln bidzIENQUyBpbmNvcnAuIEJ5IHJlZmVyZW5jZSBsaWFiLiBsdGQuIChjKTk3IFZlcmlTaWdu MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMEMEsGCSqGSIb3DQEJDwQ+MDwwDgYIKoZIhvcNAwIC AgCAMA4GCCqGSIb3DQMCAgIAQDAOBggqhkiG9w0DBAICAIAwCgYIKoZIhvcNAwcwDQYJKoZI hvcNAQEFBQADggEBAHWuCgf6c4Dj8NT1yYJpcuw18irgCh6aSdvVPwUroQwgZYcsCG9OqsVf /2H6zrefDswtfKHDK6jhy2MmL+Ohhdkzl+i9vXJw1ZtnoiRQdhjQs2sAqwI8N/aQ56hogrU9 754lDYZzesp6OabKBj9+t+XVX/lBovsme59hUlwmgOuG4AVfLf0N2CftTwdD5kDCx2aAnlG0 FdYOC/Cdf/tk4c89GogQPwQpNNjw+M6cJX9OWhUGVQ2jI/PuJvlPlP+oyXzAtS3sEejaxBPI h5nQCwseT7DQm2rbCSa1dc0h8ScezllGSZHca/ySZbJcf8vSRbk3tBsPKHbqNZqzEqfERVQw ggZhMIIFSaADAgECAhA7VxO2sCE1+15GdcpsssThMA0GCSqGSIb3DQEBBQUAMIHKMQswCQYD VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy dXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1 dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDIgUHVibGljIFBy aW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzAeFw0wOTA5MDIwMDAwMDBaFw0x OTA5MDEyMzU5NTlaMIH3MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXSGV3bGV0dC1QYWNrYXJk IENvbXBhbnkxHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOzA5BgNVBAsTMlRl cm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhIChjKTA5MTUwMwYD VQQLEyxDbGFzcyAyIE1hbmFnZWQgUEtJIEluZGl2aWR1YWwgU3Vic2NyaWJlciBDQTExMC8G A1UEAxMoQ29sbGFib3JhdGlvbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBHMjCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKdha2jarqqFZAxLy1DLMOhzIY6J/sotb/5GowNu 4yK3coUTI+IPjwb3gUx67QO8Pe0cdVCjz+grzmgBOcVLaFvWo2GbTuZHYlBcs1h7G1IEoysv sjTuEKB3hM2kIvyVlDmHr/wFeWGCaBAyMrKLBBC0tfzOuIhNlLc6/i8YloXWqkkROI4oG5uA 8uGsi86gL+X+6CC6yTWekoai4hhgqT/u63pU8kYBV5hF/0ijf2t/ScGaCkjVHSJGMq+8JjSP fs8pYXgyYIbpPpGQwA9zV7+BBlTFHzoOVBHYQCdC8ONA+Kaimtno9R9FIqStRBHUU5veEc3x PM/Lwz/PnXIDqgsCAwEAAaOCAhIwggIOMBIGA1UdEwEB/wQIMAYBAf8CAQAwcAYDVR0gBGkw ZzBlBgtghkgBhvhFAQcXAjBWMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5j b20vY3BzMCoGCCsGAQUFBwICMB4aHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwNAYD VR0fBC0wKzApoCegJYYjaHR0cDovL2NybC52ZXJpc2lnbi5jb20vcGNhMi1nMy5jcmwwDgYD VR0PAQH/BAQDAgEGMC4GA1UdEQQnMCWkIzAhMR8wHQYDVQQDExZQcml2YXRlTGFiZWw0LTIw NDgtMTQyMB0GA1UdDgQWBBQifdOkq1esVn+pf0FEGpW8W/ir7jCB8AYDVR0jBIHoMIHloYHQ pIHNMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsT FlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNz IDIgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHM4IQYXDLSYxf mEUp57Cm2VBbejANBgkqhkiG9w0BAQUFAAOCAQEAdoqZeNFwhaMs169I9T6WV8Ogu0yXxIYR BUkixQrPwW9OtXymgDUb8uKPHDhicfM8vgAlSh6hEMmWO017rCZoo57pWaN4xkebP44wlsqo 1ig5VcfN7cnrspDklTA+tP3v8afJxuE2bChgVCeet6BxOr2rvNB1ItdT87KcWxV1COpJqzQu U8N8BhR7oPEUiCRtXpFrfmTrYewl1xm1bZk3cAp9CKjDYClVJEwZIgD67DezmWQK+VBk+ofE VAv9CNB/TFwrUpV7inKrSbf7FqkIIbwzvIR1If11NWxDmtioyQsoFnO5/5wLQTSsO17YBYLo boLVLG3RgY7bX5288HU2WDCCBBkwggMBAhBhcMtJjF+YRSnnsKbZUFt6MA0GCSqGSIb3DQEB BQUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsT FlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNz IDIgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzAeFw05OTEw MDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVy aVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsT MShjKSAxOTk5IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBD BgNVBAMTPFZlcmlTaWduIENsYXNzIDIgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBB dXRob3JpdHkgLSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK8KDcLVLNtn uS3llCfdpb7gsE2Ps2FWPNZ8w/TNPobLooji4dikacW14r/BpkdQXkY5i9WWurVvFL8QzicT ngVHmzF6E9gf2dMCN4utLEfwjoEGpw0wDOv3PA8gHdxyRu6lAshbw8lWaUzFGMGRewvVEwCb vO/DSD5GYCCFKtWQts2LoMwy3bf9QFWyUBxWrsyNd03HIE2nMXbvaJKKkB4IgVayrWmjUtDL HMQjPR+Z/kzoFmOOxgiO9jH20vrldt21HJKjSc3NAc1ozalpuqPrHQ2cpCCmwaDF0UZMF23S rGY/lozghNQ2/yJZxfkRYKhfBH3yGvYlQmEPxEq4PokCAwEAATANBgkqhkiG9w0BAQUFAAOC AQEANCYVPMCNTUNJHb3pIZLXZpy33sW40ORdX3YiwCb5hDo6+Yy1++xg8ejOBLDI3acDjzDz mN+k5qQx39McC0bcciA/ru4FPKQzPws5rHB4c0uZK98wwlSwqDtVof4WKM1CvXRugNsnRKfO RF3UG5CYDR5ClLEALATQdKMCBSJjY82DtfvBbWJraXX9XXBBufW/fN++wTJzIiGLWIF7FZF6 uuNkSLB/+zYl2pXQ8SQUF90YgGtGIzlU9Y5iCQQdlJCmm+Yl4kJFqriQrb4Ij6kLQhiUz3I5 4bFD4CjPt+dabBNrSbP/4xh8iYszXawz16f52jpVyVgQ+arvWrbPS0vfKjGCAqQwggKgAgEB MIIBDDCB9zELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF0hld2xldHQtUGFja2FyZCBDb21wYW55 MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1 c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwOTE1MDMGA1UECxMsQ2xh c3MgMiBNYW5hZ2VkIFBLSSBJbmRpdmlkdWFsIFN1YnNjcmliZXIgQ0ExMTAvBgNVBAMTKENv bGxhYm9yYXRpb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgRzICEFuJOcFC+2JaBKTlTQsX DY4wDQYJYIZIAWUDBAIBBQCgaTAvBgkqhkiG9w0BCQQxIgQgyVKYBhl/7LWQEzYRanmgXghj r3LRf7StIMup0z22c0swGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUx DxcNMTQwMzA2MTI0MzE5WjANBgkqhkiG9w0BAQEFAASCAQAah8Q+XkZF0l90/+llPaSMdw3m nbWG3iYXnrTy0Hwt7jquQmx+bLsJgLVvvH/Oq2O1uMj+Koj2+8omdbarKkMy+ppd19aZ3gCT DdgC+V44aVoEja66kTd3zmsWkTRRLFCYZR6bJ9JFHPUPDscLB182tUt4DPBIqSNKuwu7yc2B Irz2PUZ8zmNQkRS78El6cITeOjUCgZFjhiFdE42sTQyi4Xy6Grv6Wink07HRXyCSENm836Kq TEra+5Bt88SY+GOqKKfF3NwU6hlZQ61ilFBUwWJcwsxerKNfBO33eMJ80yj0KJNfUe0qvSnr D8bvf8E3bRRrSUJEGck7a142MlMw --B_3476954599_29261501-- From nobody Thu Mar 6 17:29:54 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFF401A0186 for ; Thu, 6 Mar 2014 17:29:51 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.748 X-Spam-Level: X-Spam-Status: No, score=-4.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NAb3sy0rItZO for ; Thu, 6 Mar 2014 17:29:49 -0800 (PST) Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) by ietfa.amsl.com (Postfix) with ESMTP id 27C1D1A0010 for ; Thu, 6 Mar 2014 17:29:49 -0800 (PST) Received: from 172.18.7.190 (EHLO lhreml203-edg.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id BEH86482; Fri, 07 Mar 2014 01:29:44 +0000 (GMT) Received: from LHREML406-HUB.china.huawei.com (10.201.5.243) by lhreml203-edg.huawei.com (172.18.7.221) with Microsoft SMTP Server (TLS) id 14.3.158.1; Fri, 7 Mar 2014 01:29:06 +0000 Received: from SJCEML702-CHM.china.huawei.com (10.212.94.48) by lhreml406-hub.china.huawei.com (10.201.5.243) with Microsoft SMTP Server (TLS) id 14.3.158.1; Fri, 7 Mar 2014 01:29:41 +0000 Received: from SJCEML701-CHM.china.huawei.com ([169.254.3.52]) by SJCEML702-CHM.china.huawei.com ([169.254.4.61]) with mapi id 14.03.0158.001; Thu, 6 Mar 2014 17:29:35 -0800 From: Dean cheng To: Alan DeKok , "radext@ietf.org" Thread-Topic: [radext] Review of draft-cheng-behave-cgn-cfg-radius-ext Thread-Index: AQHPN4898xpGI46XLUWhu3b9ziIo/ZrUthDg Date: Fri, 7 Mar 2014 01:29:34 +0000 Message-ID: References: <5315A1E1.2040405@deployingradius.com> In-Reply-To: <5315A1E1.2040405@deployingradius.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.212.245.143] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: http://mailarchive.ietf.org/arch/msg/radext/QxlP45gS6U6ew7xjquqQTCG5Dq8 Subject: Re: [radext] Review of draft-cheng-behave-cgn-cfg-radius-ext X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Mar 2014 01:29:52 -0000 Alan, Thanks for these useful suggestions and we'll incorporate them in the next revision. Dean > -----Original Message----- > From: radext [mailto:radext-bounces@ietf.org] On Behalf Of Alan DeKok > Sent: Tuesday, March 04, 2014 1:50 AM > To: radext@ietf.org > Subject: [radext] Review of draft-cheng-behave-cgn-cfg-radius-ext >=20 > This is a quick review of the document prior to RADEXT WG meeting. >=20 >=20 > This document proposes three new RADIUS attributes as RADIUS > protocol's extensions, and they are used for separate purposes as > follows: >=20 > Any draft is a RADIUS protocol extension. I'd suggest changing this > text to: >=20 > This document proposes three new attributes as follows: >=20 >=20 > The following paragraphs could be re-organized. They currently give > a description first, followed by the attribute name. The text also > seems > redundant: >=20 > The session limit is carried by a new RADIUS attribute ... >=20 > Yes, most drafts define a new attribute. I would just say: >=20 > o Port-Session-Limit >=20 > Sent in Access-Accept or CoA-Request. Limits the of total number > of > TCP/UDP ports and/or ICMP identifiers which a subscriber can use. >=20 > i.e. give the name, which packets it can occur in, and a short > description of its meaning. The later sections will expand on these > descriptions, so there's no need to give complicated definitions here. >=20 >=20 > o Session Limit - This is the maximum number of TCP ports, or UDP >=20 > Is this the same as "Port-Session-Limit" above? If so, I suggest > using the same name. >=20 > Also, all authorization attributes in RADIUS are for a particular > session. So there's no need to call them "Session" limits. By > definition, they're for one session, and only one session. >=20 >=20 > [Discussion: should these attributes be allocated from the > extended RADIUS attribute code space?] >=20 > I don't think it matters. They could be allocated from the standard > space. >=20 >=20 > 3.1 Port-Session-Limit >=20 > This attribute is of type complex [RFC6158] ... >=20 > There is no reason to make these attributes type "complex". Everyone > would be better served by using TLVs, as defined in RFC 6929. >=20 >=20 >=20 > 3.2 Port-Session-Range >=20 > ... > The port range follows the encoding specified in [RFC6431]; >=20 > RFC 6431 defines a data structure of 4 fields. This attribute re- > uses that, but inserts it in the middle of other complex fields. So it > does not appear to follow the requirements to be an "opaque data type" > as given in RFC 6158 Section A.1.3. >=20 >=20 > 3.3. Port-Forwarding-Map Attribute >=20 > ... In addition, the attribute may contain a > 32-bit IPv4 address or a 128-bit IPv6 address, respectively, as > their > respective NAT mappings internal IP address. >=20 > This definition violates RFC 6158 Section 3.4, which prohibits > polymorphic attributes. >=20 >=20 > 7.2. Name Spaces >=20 > This document establishes a new name space for Session Type (see > Section 3.1 for the initial reservation of values. The allocation > of > future values is according to RFC Required policy [RFC5226] >=20 > I don't think any previous RADIUS specification defined an IANA name > space for sub-fields of an attribute. All of the existing enumerated > types are of data type "integer". >=20 >=20 > Over all, the goal of the document seems reasonable. But the > encoding of the attributes violates most of RFC 6158, without giving > any reason as to why. Implementing it as-is would impose undue burden > on implementors. >=20 > I suggest using TLVs instead of these complex data types. That would > avoid the need for polymorphic attributes, too. >=20 > Alan DeKok. >=20 > _______________________________________________ > radext mailing list > radext@ietf.org > https://www.ietf.org/mailman/listinfo/radext From nobody Thu Mar 6 17:31:27 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B920D1A0186 for ; Thu, 6 Mar 2014 17:31:24 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.852 X-Spam-Level: X-Spam-Status: No, score=0.852 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_SUMOF=5, J_CHICKENPOX_74=0.6, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zrY0bgRN5EWO for ; Thu, 6 Mar 2014 17:31:23 -0800 (PST) Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) by ietfa.amsl.com (Postfix) with ESMTP id 0EB071A0010 for ; Thu, 6 Mar 2014 17:31:21 -0800 (PST) Received: from 172.18.7.190 (EHLO lhreml203-edg.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id BBV08756; Fri, 07 Mar 2014 01:31:17 +0000 (GMT) Received: from LHREML401-HUB.china.huawei.com (10.201.5.240) by lhreml203-edg.huawei.com (172.18.7.221) with Microsoft SMTP Server (TLS) id 14.3.158.1; Fri, 7 Mar 2014 01:30:41 +0000 Received: from SJCEML703-CHM.china.huawei.com (10.212.94.49) by lhreml401-hub.china.huawei.com (10.201.5.240) with Microsoft SMTP Server (TLS) id 14.3.158.1; Fri, 7 Mar 2014 01:31:16 +0000 Received: from SJCEML701-CHM.china.huawei.com ([169.254.3.52]) by SJCEML703-CHM.china.huawei.com ([169.254.5.78]) with mapi id 14.03.0158.001; Thu, 6 Mar 2014 17:31:09 -0800 From: Dean cheng To: "lionel.morand@orange.com" , Alan DeKok , "radext@ietf.org" Thread-Topic: [radext] Review of draft-cheng-behave-cgn-cfg-radius-ext Thread-Index: AQHPN4898xpGI46XLUWhu3b9ziIo/ZrRdusAgANf4kA= Date: Fri, 7 Mar 2014 01:31:08 +0000 Message-ID: References: <5315A1E1.2040405@deployingradius.com> <30324_1393940713_5315D8E9_30324_2050_1_6B7134B31289DC4FAF731D844122B36E4DF2BC@PEXCVZYM13.corporate.adroot.infra.ftgroup> In-Reply-To: <30324_1393940713_5315D8E9_30324_2050_1_6B7134B31289DC4FAF731D844122B36E4DF2BC@PEXCVZYM13.corporate.adroot.infra.ftgroup> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.212.245.143] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: http://mailarchive.ietf.org/arch/msg/radext/zQgfv_hx4y0ynCrlxPKHBXKy8OE Subject: Re: [radext] Review of draft-cheng-behave-cgn-cfg-radius-ext X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Mar 2014 01:31:25 -0000 Hi Lionel, I think the port defined in RFC2865 (in Section 5.42=20 "Port-Limit") is physical or logical port, whereas=20 the "Port-Session-Limit" proposed in this draft is=20 for TCP/UDP port, and so they are different. We'll change to use TLV in the next revision. Thanks Dean > -----Original Message----- > From: radext [mailto:radext-bounces@ietf.org] On Behalf Of > lionel.morand@orange.com > Sent: Tuesday, March 04, 2014 5:45 AM > To: Alan DeKok; radext@ietf.org > Subject: Re: [radext] Review of draft-cheng-behave-cgn-cfg-radius-ext >=20 > The Port-Session-Limit Attribute is defined as follow: >=20 > This attribute is of type complex [RFC6158] and specifies the limit > of TCP ports, or UDP ports, or the sum of the two, or ICMP > identifiers, or the sum of the three, which is configured on a > device > supporting port ranges corresponding to a specific subscriber. >=20 > Isn't it the same purpose than the Port-Limit defined in RFC 2865? >=20 > Port-Limit >=20 > This Attribute sets the maximum number of ports to be provided to > the user by the NAS. This Attribute MAY be sent by the server to > the client in an Access-Accept packet. It is intended for use in > conjunction with Multilink PPP [12] or similar uses. It MAY also > be sent by the NAS to the server as a hint that that many ports > are desired for use, but the server is not required to honor the > hint. >=20 > By the way, I share the comment on Alan about avoiding polymorphic > attributes and recommend the use of TLV. > I guess that two different TLV-types will have to be defined, one for > external/public address+port (NAT assigned) and the other for > internal/private address+port, and both TLV consisting in two sub- > attributes, one in the format of "Framed-IP-address" and one ine the > format of "Port". >=20 > Lionel >=20 >=20 > -----Message d'origine----- > De=A0: radext [mailto:radext-bounces@ietf.org] De la part de Alan DeKok > Envoy=E9=A0: mardi 4 mars 2014 10:50 =C0=A0: radext@ietf.org Objet=A0: [r= adext] > Review of draft-cheng-behave-cgn-cfg-radius-ext >=20 > This is a quick review of the document prior to RADEXT WG meeting. >=20 >=20 > This document proposes three new RADIUS attributes as RADIUS > protocol's extensions, and they are used for separate purposes as > follows: >=20 > Any draft is a RADIUS protocol extension. I'd suggest changing this > text to: >=20 > This document proposes three new attributes as follows: >=20 >=20 > The following paragraphs could be re-organized. They currently give > a description first, followed by the attribute name. The text also > seems > redundant: >=20 > The session limit is carried by a new RADIUS attribute ... >=20 > Yes, most drafts define a new attribute. I would just say: >=20 > o Port-Session-Limit >=20 > Sent in Access-Accept or CoA-Request. Limits the of total number > of > TCP/UDP ports and/or ICMP identifiers which a subscriber can use. >=20 > i.e. give the name, which packets it can occur in, and a short > description of its meaning. The later sections will expand on these > descriptions, so there's no need to give complicated definitions here. >=20 >=20 > o Session Limit - This is the maximum number of TCP ports, or UDP >=20 > Is this the same as "Port-Session-Limit" above? If so, I suggest > using the same name. >=20 > Also, all authorization attributes in RADIUS are for a particular > session. So there's no need to call them "Session" limits. By > definition, they're for one session, and only one session. >=20 >=20 > [Discussion: should these attributes be allocated from the > extended RADIUS attribute code space?] >=20 > I don't think it matters. They could be allocated from the standard > space. >=20 >=20 > 3.1 Port-Session-Limit >=20 > This attribute is of type complex [RFC6158] ... >=20 > There is no reason to make these attributes type "complex". Everyone > would be better served by using TLVs, as defined in RFC 6929. >=20 >=20 >=20 > 3.2 Port-Session-Range >=20 > ... > The port range follows the encoding specified in [RFC6431]; >=20 > RFC 6431 defines a data structure of 4 fields. This attribute re- > uses that, but inserts it in the middle of other complex fields. So it > does not appear to follow the requirements to be an "opaque data type" > as given in RFC 6158 Section A.1.3. >=20 >=20 > 3.3. Port-Forwarding-Map Attribute >=20 > ... In addition, the attribute may contain a > 32-bit IPv4 address or a 128-bit IPv6 address, respectively, as > their > respective NAT mappings internal IP address. >=20 > This definition violates RFC 6158 Section 3.4, which prohibits > polymorphic attributes. >=20 >=20 > 7.2. Name Spaces >=20 > This document establishes a new name space for Session Type (see > Section 3.1 for the initial reservation of values. The allocation > of > future values is according to RFC Required policy [RFC5226] >=20 > I don't think any previous RADIUS specification defined an IANA name > space for sub-fields of an attribute. All of the existing enumerated > types are of data type "integer". >=20 >=20 > Over all, the goal of the document seems reasonable. But the > encoding of the attributes violates most of RFC 6158, without giving > any reason as to why. Implementing it as-is would impose undue burden > on implementors. >=20 > I suggest using TLVs instead of these complex data types. That would > avoid the need for polymorphic attributes, too. >=20 > Alan DeKok. >=20 > _______________________________________________ > radext mailing list > radext@ietf.org > https://www.ietf.org/mailman/listinfo/radext >=20 > _______________________________________________________________________ > __________________________________________________ >=20 > Ce message et ses pieces jointes peuvent contenir des informations > confidentielles ou privilegiees et ne doivent donc pas etre diffuses, > exploites ou copies sans autorisation. Si vous avez recu ce message par > erreur, veuillez le signaler a l'expediteur et le detruire ainsi que > les pieces jointes. Les messages electroniques etant susceptibles > d'alteration, Orange decline toute responsabilite si ce message a ete > altere, deforme ou falsifie. Merci. >=20 > This message and its attachments may contain confidential or privileged > information that may be protected by law; they should not be > distributed, used or copied without authorisation. > If you have received this email in error, please notify the sender and > delete this message and its attachments. > As emails may be altered, Orange is not liable for messages that have > been modified, changed or falsified. > Thank you. >=20 > _______________________________________________ > radext mailing list > radext@ietf.org > https://www.ietf.org/mailman/listinfo/radext From nobody Thu Mar 6 23:51:29 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E1A81A0245; Thu, 6 Mar 2014 23:51:27 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id STq6L0O9f8iV; Thu, 6 Mar 2014 23:51:26 -0800 (PST) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 3051F1A0112; Thu, 6 Mar 2014 23:51:26 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 5.1.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <20140307075126.8756.75363.idtracker@ietfa.amsl.com> Date: Thu, 06 Mar 2014 23:51:26 -0800 Archived-At: http://mailarchive.ietf.org/arch/msg/radext/pVANzNMaV5ClBpoZD9RVxel8RYY Cc: radext@ietf.org Subject: [radext] I-D Action: draft-ietf-radext-radius-fragmentation-05.txt X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Mar 2014 07:51:27 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the RADIUS EXTensions Working Group of the IETF. Title : Support of fragmentation of RADIUS packets Authors : Alejandro Perez-Mendez Rafa Marin-Lopez Fernando Pereniguez-Garcia Gabriel Lopez-Millan Diego R. Lopez Alan DeKok Filename : draft-ietf-radext-radius-fragmentation-05.txt Pages : 28 Date : 2014-03-06 Abstract: The Remote Authentication Dial-In User Service (RADIUS) protocol is limited to a total packet size of 4096 octets. Provisions exist for fragmenting large amounts of authentication data across multiple packets, via Access-Challenge. No similar provisions exist for fragmenting large amounts of authorization data. This document specifies how existing RADIUS mechanisms can be leveraged to provide that functionality. These mechanisms are largely compatible with existing implementations, and are designed to be invisible to proxies, and "fail-safe" to legacy clients and servers. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-radext-radius-fragmentation/ There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-radext-radius-fragmentation-05 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=draft-ietf-radext-radius-fragmentation-05 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Thu Mar 6 23:55:15 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA83C1A0245 for ; Thu, 6 Mar 2014 23:55:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.747 X-Spam-Level: X-Spam-Status: No, score=-4.747 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5U_9sAu_LZY4 for ; Thu, 6 Mar 2014 23:55:11 -0800 (PST) Received: from xenon24.um.es (xenon24.um.es [155.54.212.164]) by ietfa.amsl.com (Postfix) with ESMTP id 2C71B1A024E for ; Thu, 6 Mar 2014 23:55:11 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by xenon24.um.es (Postfix) with ESMTP id B6895FBFF for ; Fri, 7 Mar 2014 08:55:05 +0100 (CET) X-Virus-Scanned: by antispam in UMU at xenon24.um.es Received: from xenon24.um.es ([127.0.0.1]) by localhost (xenon24.um.es [127.0.0.1]) (amavisd-new, port 10024) with LMTP id JLh7fCpcDEnM for ; Fri, 7 Mar 2014 08:55:05 +0100 (CET) Received: from [10.42.0.19] (84.124.131.72.dyn.user.ono.com [84.124.131.72]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: alex) by xenon24.um.es (Postfix) with ESMTPSA id 7A9DAFBBC for ; Fri, 7 Mar 2014 08:55:03 +0100 (CET) Message-ID: <53197B56.10303@um.es> Date: Fri, 07 Mar 2014 08:55:02 +0100 From: Alejandro Perez Mendez User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: "radext@ietf.org" References: <20140307075126.8756.14600.idtracker@ietfa.amsl.com> In-Reply-To: <20140307075126.8756.14600.idtracker@ietfa.amsl.com> X-Enigmail-Version: 1.6 X-Forwarded-Message-Id: <20140307075126.8756.14600.idtracker@ietfa.amsl.com> Content-Type: multipart/alternative; boundary="------------050803080709010503000200" Archived-At: http://mailarchive.ietf.org/arch/msg/radext/iy4iyqg-UK6aJ_ZRIHmBD_IAUVk Subject: [radext] Fwd: New Version Notification for draft-ietf-radext-radius-fragmentation-05.txt X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Mar 2014 07:55:14 -0000 This is a multi-part message in MIME format. --------------050803080709010503000200 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit As agreed during last RADEXT meeting on Tuesday, we've submitted a new version (05) of the draft, where we have added the following text, related to the no-inclusion of authentication attributes in the first fragment of the pre-authentication phase: The authors acknowledge this is formally violating [RFC2865], but there are no known operational issues with it. Once this document goes beyond being considered as experimental, it will state it updates [RFC2865]. Regards, Alejandro -------- Mensaje original -------- Asunto: New Version Notification for draft-ietf-radext-radius-fragmentation-05.txt Fecha: Thu, 06 Mar 2014 23:51:26 -0800 De: internet-drafts@ietf.org Para: Alejandro Perez-Mendez , "Alejandro Perez-Mendez" , Diego R. Lopez , "Alan DeKok" , Alan DeKok , "Rafael Lopez" , "Gabriel Lopez-Millan" , Gabriel Lopez-Millan , Fernando Pereniguez-Garcia , Rafa Marin-Lopez , "Diego R. Lopez" , "Fernando Pereniguez-Garcia" A new version of I-D, draft-ietf-radext-radius-fragmentation-05.txt has been successfully submitted by Alejandro Perez-Mendez and posted to the IETF repository. Name: draft-ietf-radext-radius-fragmentation Revision: 05 Title: Support of fragmentation of RADIUS packets Document date: 2014-03-07 Group: radext Pages: 28 URL: http://www.ietf.org/internet-drafts/draft-ietf-radext-radius-fragmentation-05.txt Status: https://datatracker.ietf.org/doc/draft-ietf-radext-radius-fragmentation/ Htmlized: http://tools.ietf.org/html/draft-ietf-radext-radius-fragmentation-05 Diff: http://www.ietf.org/rfcdiff?url2=draft-ietf-radext-radius-fragmentation-05 Abstract: The Remote Authentication Dial-In User Service (RADIUS) protocol is limited to a total packet size of 4096 octets. Provisions exist for fragmenting large amounts of authentication data across multiple packets, via Access-Challenge. No similar provisions exist for fragmenting large amounts of authorization data. This document specifies how existing RADIUS mechanisms can be leveraged to provide that functionality. These mechanisms are largely compatible with existing implementations, and are designed to be invisible to proxies, and "fail-safe" to legacy clients and servers. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat --------------050803080709010503000200 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit As agreed during last RADEXT meeting on Tuesday, we've submitted a new version (05) of the draft, where we have added the following text, related to the no-inclusion of authentication attributes in the first fragment of the pre-authentication phase:

The
   authors acknowledge this is formally violating [RFC2865], but there
   are no known operational issues with it.  Once this document goes
   beyond being considered as experimental, it will state it updates
   [RFC2865].
Regards,
Alejandro



-------- Mensaje original --------
Asunto: New Version Notification for draft-ietf-radext-radius-fragmentation-05.txt
Fecha: Thu, 06 Mar 2014 23:51:26 -0800
De: internet-drafts@ietf.org
Para: Alejandro Perez-Mendez <alex@um.es>, "Alejandro Perez-Mendez" <alex@um.es>, Diego R. Lopez <diego@tid.es>, "Alan DeKok" <aland@networkradius.com>, Alan DeKok <aland@networkradius.com>, "Rafael Lopez" <rafa@um.es>, "Gabriel Lopez-Millan" <gabilm@um.es>, Gabriel Lopez-Millan <gabilm@um.es>, Fernando Pereniguez-Garcia <pereniguez@um.es>, Rafa Marin-Lopez <rafa@um.es>, "Diego R. Lopez" <diego@tid.es>, "Fernando Pereniguez-Garcia" <pereniguez@um.es> 


A new version of I-D, draft-ietf-radext-radius-fragmentation-05.txt
has been successfully submitted by Alejandro Perez-Mendez and posted to the
IETF repository.

Name:		draft-ietf-radext-radius-fragmentation
Revision:	05
Title:		Support of fragmentation of RADIUS packets
Document date:	2014-03-07
Group:		radext
Pages:		28
URL:            http://www.ietf.org/internet-drafts/draft-ietf-radext-radius-fragmentation-05.txt
Status:         https://datatracker.ietf.org/doc/draft-ietf-radext-radius-fragmentation/
Htmlized:       http://tools.ietf.org/html/draft-ietf-radext-radius-fragmentation-05
Diff:           http://www.ietf.org/rfcdiff?url2=draft-ietf-radext-radius-fragmentation-05

Abstract:
   The Remote Authentication Dial-In User Service (RADIUS) protocol is
   limited to a total packet size of 4096 octets.  Provisions exist for
   fragmenting large amounts of authentication data across multiple
   packets, via Access-Challenge.  No similar provisions exist for
   fragmenting large amounts of authorization data.  This document
   specifies how existing RADIUS mechanisms can be leveraged to provide
   that functionality.  These mechanisms are largely compatible with
   existing implementations, and are designed to be invisible to
   proxies, and "fail-safe" to legacy clients and servers.

                                                                                  


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat


--------------050803080709010503000200-- From nobody Tue Mar 11 04:54:03 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 923F41A070D for ; Tue, 11 Mar 2014 04:53:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.048 X-Spam-Level: X-Spam-Status: No, score=-10.048 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TGP4-cnQtEvu for ; Tue, 11 Mar 2014 04:53:57 -0700 (PDT) Received: from aer-iport-3.cisco.com (aer-iport-3.cisco.com [173.38.203.53]) by ietfa.amsl.com (Postfix) with ESMTP id 40D3D1A068D for ; Tue, 11 Mar 2014 04:53:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=304; q=dns/txt; s=iport; t=1394538832; x=1395748432; h=message-id:date:from:mime-version:to:subject: content-transfer-encoding; bh=jKCp5hu/tP1rAjlfXvsRYqYTmA/4oKcZH/zpSS/JeZg=; b=lqCJU1Kl3q7ApfMivNZtTM9FqPEZL8lhtW3GLO1omHpdvt0skqS0hqFL BmKiqZYG/sb6rnKe8pYMgvXR1B1b91zBPBwYvhvG9K5KWhVByTf8g9hDI H4cLCDxHJnMY//iC2HtaoHTpXgf5euFZopfdDs9bhuWMwjD3FKRqgVpyD E=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AhsFACL4HlOQ/khR/2dsb2JhbABagwbDaRZ0gmQzDT0WGAMCAQIBSw0IAQEWh1+gN7BQF5MbAQOYRYZMi2GDLjw X-IronPort-AV: E=Sophos;i="4.97,630,1389744000"; d="scan'208";a="3561432" Received: from ams-core-1.cisco.com ([144.254.72.81]) by aer-iport-3.cisco.com with ESMTP; 11 Mar 2014 11:53:51 +0000 Received: from [10.60.67.89] (ams-bclaise-8918.cisco.com [10.60.67.89]) by ams-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id s2BBro1u000641 for ; Tue, 11 Mar 2014 11:53:50 GMT Message-ID: <531EF94E.4010203@cisco.com> Date: Tue, 11 Mar 2014 12:53:50 +0100 From: Benoit Claise User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: "radext@ietf.org" Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/radext/QV9i_ybJHsD95-UqjiG_lj3GCUk Subject: [radext] Welcome Stefan Winter as RADEXT co-chair X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Mar 2014 11:53:58 -0000 Dear all, Stefan Winter stepped forward for the RADEXT co-chair position. As you all know, Stefan is an RADIUS expert, which is a good news. We know that Stefan won't be able to attend all the IETF meetings in person, and I believe we can live with that. Thank you Stefan. Regards, Benoit. From nobody Tue Mar 11 05:08:19 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB7E31A0717 for ; Tue, 11 Mar 2014 05:08:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tTVLTESFwnNs for ; Tue, 11 Mar 2014 05:08:15 -0700 (PDT) Received: from out61-ams.mf.surf.net (out61-ams.mf.surf.net [145.0.1.61]) by ietfa.amsl.com (Postfix) with ESMTP id 169381A0715 for ; Tue, 11 Mar 2014 05:08:13 -0700 (PDT) Received: from teletubbie.het.net.je (teletubbie.het.net.je [192.87.110.29]) by outgoing3-ams.mf.surf.net (8.14.4/8.14.4/Debian-4) with ESMTP id s2BC8M2f003761; Tue, 11 Mar 2014 13:08:23 +0100 Received: from [2001:420:4442:1250:3cee:563a:d567:9fd] by teletubbie.het.net.je with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.80.1 (FreeBSD)) (envelope-from ) id 1WNLMk-0002ey-QD; Tue, 11 Mar 2014 13:01:02 +0100 References: <531EF94E.4010203@cisco.com> In-Reply-To: <531EF94E.4010203@cisco.com> Mime-Version: 1.0 (1.0) Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Message-Id: <445727F0-28A2-40B5-9B06-A7A1CAEB032E@wierenga.net> X-Mailer: iPhone Mail (11B651) From: Klaas Wierenga Date: Tue, 11 Mar 2014 13:06:02 +0100 To: Benoit Claise X-Antivirus: no malware found X-Bayes-Prob: 0.0001 (Score 0, tokens from: p-out:default, p:default, base:default, @@RPTN) X-CanIt-Geo: No geolocation information available for 192.87.110.29 X-CanItPRO-Stream: p-out:default (inherits from p:default,base:default) X-Canit-Stats-ID: 0bLAc8nnI - fd295d49e4c6 - 20140311 (trained as not-spam) X-Scanned-By: CanIt (www . roaringpenguin . com) Archived-At: http://mailarchive.ietf.org/arch/msg/radext/s7jsRo5j2wK9aYgClBH2xhLdZq0 Cc: "radext@ietf.org" Subject: Re: [radext] Welcome Stefan Winter as RADEXT co-chair X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Mar 2014 12:08:18 -0000 Congrats, excellent choice! Sent from my iPhone > On 11 mrt. 2014, at 12:53, Benoit Claise wrote: > > From nobody Mon Mar 17 12:09:29 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93E711A04BA; Mon, 17 Mar 2014 12:09:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FiVRmoAoA_-8; Mon, 17 Mar 2014 12:09:24 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 31F3D1A02FA; Mon, 17 Mar 2014 12:09:23 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 5.1.0p1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <20140317190923.30404.67097.idtracker@ietfa.amsl.com> Date: Mon, 17 Mar 2014 12:09:23 -0700 Archived-At: http://mailarchive.ietf.org/arch/msg/radext/7NG5kQLuKvEOBO2tDnMFOgC8UNQ Cc: radext@ietf.org Subject: [radext] I-D Action: draft-ietf-radext-ieee802ext-11.txt X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Mar 2014 19:09:25 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the RADIUS EXTensions Working Group of the IETF. Title : RADIUS Attributes for IEEE 802 Networks Authors : Bernard Aboba Jouni Malinen Paul Congdon Joseph Salowey Mark Jones Filename : draft-ietf-radext-ieee802ext-11.txt Pages : 27 Date : 2014-03-17 Abstract: RFC 3580 provides guidelines for the use of the Remote Authentication Dialin User Service (RADIUS) within IEEE 802 local area networks (LANs). This document proposes additional attributes for use within IEEE 802 networks, as well as clarifying the usage of the EAP-Key- Name attribute and the Called-Station-Id attribute. This document updates RFC 3580 as well as RFC 4072. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-radext-ieee802ext/ There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-radext-ieee802ext-11 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=draft-ietf-radext-ieee802ext-11 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Mon Mar 17 20:25:02 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8CC11A035D for ; Mon, 17 Mar 2014 20:25:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0XDzI_oQd-BW for ; Mon, 17 Mar 2014 20:24:59 -0700 (PDT) Received: from mail-pb0-x22c.google.com (mail-pb0-x22c.google.com [IPv6:2607:f8b0:400e:c01::22c]) by ietfa.amsl.com (Postfix) with ESMTP id 9C35A1A0349 for ; Mon, 17 Mar 2014 20:24:59 -0700 (PDT) Received: by mail-pb0-f44.google.com with SMTP id rp16so6610465pbb.17 for ; Mon, 17 Mar 2014 20:24:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=j1IR+l9QHQmX2WMvEqvucw2F+LiXD5SxRyimtgCx3dA=; b=jM8papAilLwaFJn9STgfNSrsH33TcepylYz7MR/zbCP5uCejG1KxanTXzOqt0oCZ0a 2UHCWtHT1vphyRqy9Ap5ddeTor0lU0u5LVDRTsFb4vZoO+VMRpIqhxZJuxZ0sqfo7re+ bJL5h0guxlOMtAZ/HqeU93i3b5Ta5tJXukXd3NWDiWWA8WdHSWr2vcx2Bx1XZvCu4sQ5 tx6peq4j/Jsc2khMEd2eXK24Feq9dljg2dz//SSyEY+Ne/ZsllyQN7EsvNu4EoljTSpn TfT4GBgUi4Xn88SADht0UMnqQh1icL5fLrVwQTgRC8PBNBvAQrTlv+F1vh+/9w6CW7ZX 3EDA== X-Received: by 10.68.218.3 with SMTP id pc3mr30438103pbc.71.1395113091664; Mon, 17 Mar 2014 20:24:51 -0700 (PDT) Received: from dhcp-18-187.meeting.verilan.com ([123.124.234.161]) by mx.google.com with ESMTPSA id xn10sm80553867pab.0.2014.03.17.20.24.48 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 17 Mar 2014 20:24:50 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) From: Jouni Korhonen In-Reply-To: <53197B56.10303@um.es> Date: Tue, 18 Mar 2014 11:24:40 +0800 Content-Transfer-Encoding: quoted-printable Message-Id: <4FB09C40-37A8-4569-A664-DA7541512919@gmail.com> References: <20140307075126.8756.14600.idtracker@ietfa.amsl.com> <53197B56.10303@um.es> To: "radext@ietf.org" X-Mailer: Apple Mail (2.1510) Archived-At: http://mailarchive.ietf.org/arch/msg/radext/tnPNI2Z929IF6FDxEOtFH2Mw_w8 Cc: Alejandro Perez Mendez Subject: Re: [radext] New Version Notification for draft-ietf-radext-radius-fragmentation-05.txt X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Mar 2014 03:25:02 -0000 Folks, Are you now happy with the note added into the draft?=20 - Jouni=20 On Mar 7, 2014, at 3:55 PM, Alejandro Perez Mendez wrote: > As agreed during last RADEXT meeting on Tuesday, we've submitted a new = version (05) of the draft, where we have added the following text, = related to the no-inclusion of authentication attributes in the first = fragment of the pre-authentication phase: >=20 > The > authors acknowledge this is formally violating [RFC2865], but there > are no known operational issues with it. Once this document goes > beyond being considered as experimental, it will state it updates > [RFC2865]. >=20 > Regards, > Alejandro >=20 >=20 >=20 > -------- Mensaje original -------- > Asunto: New Version Notification for = draft-ietf-radext-radius-fragmentation-05.txt > Fecha: Thu, 06 Mar 2014 23:51:26 -0800 > De: internet-drafts@ietf.org > Para: Alejandro Perez-Mendez , "Alejandro Perez-Mendez" = , Diego R. Lopez , "Alan DeKok" = , Alan DeKok , "Rafael = Lopez" , "Gabriel Lopez-Millan" , Gabriel = Lopez-Millan , Fernando Pereniguez-Garcia = , Rafa Marin-Lopez , "Diego R. Lopez" = , "Fernando Pereniguez-Garcia" >=20 > A new version of I-D, draft-ietf-radext-radius-fragmentation-05.txt > has been successfully submitted by Alejandro Perez-Mendez and posted = to the > IETF repository. >=20 > Name: draft-ietf-radext-radius-fragmentation > Revision: 05 > Title: Support of fragmentation of RADIUS packets > Document date: 2014-03-07 > Group: radext > Pages: 28 > URL: =20 > = http://www.ietf.org/internet-drafts/draft-ietf-radext-radius-fragmentation= -05.txt >=20 > Status: =20 > = https://datatracker.ietf.org/doc/draft-ietf-radext-radius-fragmentation/ >=20 > Htmlized: =20 > http://tools.ietf.org/html/draft-ietf-radext-radius-fragmentation-05 >=20 > Diff: =20 > = http://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-radext-radius-fragmentation-= 05 >=20 >=20 > Abstract: > The Remote Authentication Dial-In User Service (RADIUS) protocol is > limited to a total packet size of 4096 octets. Provisions exist = for > fragmenting large amounts of authentication data across multiple > packets, via Access-Challenge. No similar provisions exist for > fragmenting large amounts of authorization data. This document > specifies how existing RADIUS mechanisms can be leveraged to = provide > that functionality. These mechanisms are largely compatible with > existing implementations, and are designed to be invisible to > proxies, and "fail-safe" to legacy clients and servers. >=20 > = =20 >=20 >=20 > Please note that it may take a couple of minutes from the time of = submission > until the htmlized version and diff are available at tools.ietf.org. >=20 > The IETF Secretariat >=20 >=20 >=20 >=20 > _______________________________________________ > radext mailing list > radext@ietf.org > https://www.ietf.org/mailman/listinfo/radext From nobody Mon Mar 17 20:48:20 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E37B1A0371 for ; Mon, 17 Mar 2014 20:48:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qmkQrDQeoUHV for ; Mon, 17 Mar 2014 20:48:17 -0700 (PDT) Received: from mail-pb0-x235.google.com (mail-pb0-x235.google.com [IPv6:2607:f8b0:400e:c01::235]) by ietfa.amsl.com (Postfix) with ESMTP id E63E11A0370 for ; Mon, 17 Mar 2014 20:48:16 -0700 (PDT) Received: by mail-pb0-f53.google.com with SMTP id rp16so6633072pbb.12 for ; Mon, 17 Mar 2014 20:48:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:content-transfer-encoding:subject:date:message-id :cc:to:mime-version; bh=h+vbzQiE1ekrUNePbWjQujoZ0qihXyLvEyfpvqvbRQw=; b=qaDy2jkuAvfjQ9FpgyfOkNcdhLWUgCYPDidMw8VLAqhhlBORNdKXWTb+pUMEdB0wmP juj/vuSlu2Wm3m8v85PGCpFvn5iAmlGVFYCVbVARDcvjwO658VyRu+nB1jUuAn8nmFms wnQKQur3a3SaUKJU/PRoPoByBp/2tVSRvABIuM9fOdIpyil0jL+FfqyhZ/VP+TknB/YT ygDLRf7BwFQhPFka2+eKy4BJktbZrIvBEy3upb49ZngOFGScse+bV0sZKw8KiRCQtGJE j14dSfeH099wzG5vvXgKmMdzXtHwJp3k4C+/iV5USyRzDLgTJpUvBZ77MEwR6/botwHC gJVg== X-Received: by 10.68.198.36 with SMTP id iz4mr29322655pbc.109.1395114488736; Mon, 17 Mar 2014 20:48:08 -0700 (PDT) Received: from [10.100.18.187] ([123.124.234.161]) by mx.google.com with ESMTPSA id kt8sm33830045pab.7.2014.03.17.20.48.05 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 17 Mar 2014 20:48:07 -0700 (PDT) From: Jouni Korhonen Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Tue, 18 Mar 2014 11:48:01 +0800 Message-Id: <907DC0B0-6E00-4179-BE37-17C89810A9EC@gmail.com> To: "radext@ietf.org" Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) X-Mailer: Apple Mail (2.1510) Archived-At: http://mailarchive.ietf.org/arch/msg/radext/v9ue-1UdnGyGxEa9uYiLLXIuKrg Cc: "radext-chairs@tools.ietf.org" Subject: [radext] Adoption call for draft-hartman-radext-bigger-packets X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Mar 2014 03:48:18 -0000 Folks, We had good support to adopt draft-hartman-radext-bigger-packets I-D as a WG item during the London WG meeting. However, we need to confirm the adoption in the mailing list. This mail starts a one week adoption call for the I-D. If you are against the adoption, voice your opinion and why. Silence is counted as an acceptance. The call ends 25th March. - Jouni & Stefan From nobody Mon Mar 17 21:10:06 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60AAD1A04E8 for ; Mon, 17 Mar 2014 21:10:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JBFJwtSNx8Z0 for ; Mon, 17 Mar 2014 21:10:03 -0700 (PDT) Received: from mail-pb0-x233.google.com (mail-pb0-x233.google.com [IPv6:2607:f8b0:400e:c01::233]) by ietfa.amsl.com (Postfix) with ESMTP id 5ED911A0267 for ; Mon, 17 Mar 2014 21:10:02 -0700 (PDT) Received: by mail-pb0-f51.google.com with SMTP id uo5so6619811pbc.24 for ; Mon, 17 Mar 2014 21:09:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:content-transfer-encoding:subject:date:message-id :cc:to:mime-version; bh=UQMy239UObCq2JSqcwXyA5sVh2+wAn4Jjw9XGu/TadY=; b=IHmpoOXj2lPgS9jfHbmqxdRPHlIapIcfLZslhvStKrLT4ePjlszxhetOZQO/fzvBKH hqBbna7N5+IbRMz9P/DDFbSbEbNno1KRALywLufUpBpMjH9HuN3z1vshpd2Q3C2UsS9X lVRJI2eaKPcA7i2Hc/WgvIq7de+0DprRqWdJn2m4njcG5DC1KCcORtlu+5Fd50Tbinp9 pJk8GWY3kSjyWPkYU1NjFXlSytZ7aQLLK3cnnwPrpfPhnpnK4FlgGPV0EDv/7AR/eEWv VVUFQjES/LuE9Mu/X6e3z0v7MpYQ0TKJxkbTC/ADPDMc6vU5zcU+drDnZD9WuV1m8FjS +aNg== X-Received: by 10.67.5.39 with SMTP id cj7mr29010671pad.7.1395115794389; Mon, 17 Mar 2014 21:09:54 -0700 (PDT) Received: from dhcp-18-187.meeting.verilan.com ([123.124.234.161]) by mx.google.com with ESMTPSA id nc1sm10935241pbc.32.2014.03.17.21.09.49 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 17 Mar 2014 21:09:52 -0700 (PDT) From: Jouni Korhonen Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Tue, 18 Mar 2014 12:09:45 +0800 Message-Id: <52C486C6-B1FD-4310-A38E-2EBEA8CDFB6F@gmail.com> To: "radext@ietf.org" Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) X-Mailer: Apple Mail (2.1510) Archived-At: http://mailarchive.ietf.org/arch/msg/radext/9bhBslnv0AgHszQmSl-Umqm99cE Cc: Benoit Claise , "radext-chairs@tools.ietf.org" Subject: [radext] Rechartering RADEXT X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Mar 2014 04:10:04 -0000 Folks, We are about to recharter soon, since the current charter work items are = nearly done. We got the CoA Proxying as a potential charter item. So, the question is = whether the WG is OK taking in the work in and at the same time adding required = words into the current charter. During the London WG meeting we had a presentation of = draft-cheng-behave-cgn-cfg-radius-ext I-D. Surprisingly many people had read it and there was also interest = around the ongoing work. So, the question is whether the WG is OK taking in the work in and = at the same time adding required words into the current charter. In general I would = (personally) like to add text into the charter allowing RADEXT take in similar work to = this more easily. Any other topics the WG feels need to be added into the charter? I'd = assume at least Alan has one or two in his sleeves ;) - Jouni & Stefan= From nobody Mon Mar 17 21:10:26 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E0361A02F7 for ; Mon, 17 Mar 2014 20:58:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HySZk8H14DT9 for ; Mon, 17 Mar 2014 20:58:12 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 5BE651A0371 for ; Mon, 17 Mar 2014 20:58:11 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit To: radext@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 5.1.0p1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <20140318035811.29858.22393.idtracker@ietfa.amsl.com> Date: Mon, 17 Mar 2014 20:58:11 -0700 From: IETF Secretariat Archived-At: http://mailarchive.ietf.org/arch/msg/radext/jp8p8ZaXwAd-Vh4lucpR-uLeNqs X-Mailman-Approved-At: Mon, 17 Mar 2014 21:10:25 -0700 Subject: [radext] Milestones changed for radext WG X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Mar 2014 03:58:14 -0000 Changed milestone "IEEE 802 Attributes I-D submitted as a Proposed Standard RFC", resolved as "Done". URL: http://datatracker.ietf.org/wg/radext/charter/ From nobody Mon Mar 17 21:15:58 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89D121A03FC for ; Mon, 17 Mar 2014 21:15:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M5TSJWhlJdnm for ; Mon, 17 Mar 2014 21:15:55 -0700 (PDT) Received: from mail-pb0-x234.google.com (mail-pb0-x234.google.com [IPv6:2607:f8b0:400e:c01::234]) by ietfa.amsl.com (Postfix) with ESMTP id 32B851A0364 for ; Mon, 17 Mar 2014 21:15:55 -0700 (PDT) Received: by mail-pb0-f52.google.com with SMTP id rr13so6673421pbb.39 for ; Mon, 17 Mar 2014 21:15:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:content-transfer-encoding:subject:date:message-id :cc:to:mime-version; bh=NDRoz8G0WDd1Hw4DAwQkPAlQE4kIYlANm9eMyJs4XYw=; b=VfoGa7T2wjlHeHABiWPSkxFTx//QViO/cQ/rrxFQvHDEaOapVI4NinDFmg5EvFpE5Q nu+O/ohxBmyI8pqoZgfo3QDSTby0+joWoonMzY49lAFrJq6xtddKfVpziFFI2sCgT0Vc uk2PcD64zo2lcqVH+ez/prceBPzY2CItIZjAGllHgs5C3jIYClAUNGDWwtMi/i6be4fM 9gYqPCaXQUq4aODWXB8r3nLlwNGk1UBh1Y79uY+sWQgjoR09dDvCCq+egO25tXrwG82R xesHxTwhCQQ3k6OGe/eabde2V/MoeU7Uqd9K4IoT4Y4opGM9PbHz7sqSlcuj/JFHnTXv sE2Q== X-Received: by 10.68.136.133 with SMTP id qa5mr30015647pbb.63.1395116147194; Mon, 17 Mar 2014 21:15:47 -0700 (PDT) Received: from dhcp-18-187.meeting.verilan.com ([123.124.234.161]) by mx.google.com with ESMTPSA id vb7sm48152186pbc.13.2014.03.17.21.15.43 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 17 Mar 2014 21:15:46 -0700 (PDT) From: Jouni Korhonen Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Tue, 18 Mar 2014 12:15:39 +0800 Message-Id: <75B21D97-8EC2-4321-9675-D75227527AC5@gmail.com> To: "radext@ietf.org" Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) X-Mailer: Apple Mail (2.1510) Archived-At: http://mailarchive.ietf.org/arch/msg/radext/94fYGQLepb2Bx80SMIUOlFUG5nE Cc: "radext-chairs@tools.ietf.org" Subject: [radext] WGLC for draft-ietf-radext-dynamic-discovery X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Mar 2014 04:15:56 -0000 Folks, As mentioned during the London WG meeting we'll have another quick WGLC for draft-ietf-radext-dynamic-discovery I-D. This email starts a one week WGLC. The WGLC end 25th March. Voice your comments on the list and document them also into the issue tracker. Silence is counted as an acceptance of the current I-D as-is. - Jouni & Stefan From nobody Tue Mar 18 03:22:01 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C66F1A06D5 for ; Tue, 18 Mar 2014 03:21:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.047 X-Spam-Level: X-Spam-Status: No, score=-10.047 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4T7hjEM5ChMy for ; Tue, 18 Mar 2014 03:21:53 -0700 (PDT) Received: from aer-iport-4.cisco.com (aer-iport-4.cisco.com [173.38.203.54]) by ietfa.amsl.com (Postfix) with ESMTP id 75BA91A02D6 for ; Tue, 18 Mar 2014 03:21:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=32151; q=dns/txt; s=iport; t=1395138104; x=1396347704; h=message-id:date:from:mime-version:to:subject:references: in-reply-to; bh=HQmrfvaiZgMhy6xGlmWl891TNNI5kJp0a6l0QA/eCnc=; b=C6R5SXT4r0obZiF2F0f4q27/JZCbeEc0/lsAzNH0mBDWMuUPBL9WFSMJ OAJjI7j5WWaLjfnLSJw2lVpdJr330DMwtSUKoL8H07lo8mYymTObVApnE /4SpKQvyx1R1mb5hxt8VX123yq5SURHJ8MAo8BodsgzKmmlKxxUffFYNr k=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AsYHACQdKFOQ/khM/2dsb2JhbABagkJEO1GIabIChm5PgSMWdIImAQEEAQEBKkEJARELIQ8HAQENCQMCAQIBFTAGAQwGAgEBBYdwCAXRSBeOCl8YhCAEmEaBMoUai2SBb4E/PIEs X-IronPort-AV: E=Sophos;i="4.97,677,1389744000"; d="scan'208,217";a="4928565" Received: from ams-core-3.cisco.com ([144.254.72.76]) by aer-iport-4.cisco.com with ESMTP; 18 Mar 2014 10:21:43 +0000 Received: from [10.60.67.89] (ams-bclaise-8918.cisco.com [10.60.67.89]) by ams-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id s2IALg2a026564; Tue, 18 Mar 2014 10:21:42 GMT Message-ID: <53281E36.2020708@cisco.com> Date: Tue, 18 Mar 2014 11:21:42 +0100 From: Benoit Claise User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Alejandro Perez Mendez , "radext@ietf.org" References: <20140307075126.8756.14600.idtracker@ietfa.amsl.com> <53197B56.10303@um.es> In-Reply-To: <53197B56.10303@um.es> Content-Type: multipart/alternative; boundary="------------070007020404000804020705" Archived-At: http://mailarchive.ietf.org/arch/msg/radext/PLCmQuhzuyLp2kaRabnZLHPrPdI Subject: Re: [radext] Fwd: New Version Notification for draft-ietf-radext-radius-fragmentation-05.txt X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Mar 2014 10:21:57 -0000 This is a multi-part message in MIME format. --------------070007020404000804020705 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Hi, > As agreed during last RADEXT meeting on Tuesday, we've submitted a new > version (05) of the draft, where we have added the following text, > related to the no-inclusion of authentication attributes in the first > fragment of the pre-authentication phase: > > The > authors acknowledge this is formally violating [RFC2865], but there > are no known operational issues with it. because ... ? I believe it deserves a little bit more information. My meeting minutes tells me: because all implementations don't do this "An Access-request MUST contain either a User-Password or a CHAP-passwork or a State" Regards, Benoit > Once this document goes > beyond being considered as experimental, it will state it updates > [RFC2865]. > Regards, > Alejandro > > > > -------- Mensaje original -------- > Asunto: New Version Notification for > draft-ietf-radext-radius-fragmentation-05.txt > Fecha: Thu, 06 Mar 2014 23:51:26 -0800 > De: internet-drafts@ietf.org > Para: Alejandro Perez-Mendez , "Alejandro Perez-Mendez" > , Diego R. Lopez , "Alan DeKok" > , Alan DeKok , > "Rafael Lopez" , "Gabriel Lopez-Millan" , > Gabriel Lopez-Millan , Fernando Pereniguez-Garcia > , Rafa Marin-Lopez , "Diego R. Lopez" > , "Fernando Pereniguez-Garcia" > > > > A new version of I-D, draft-ietf-radext-radius-fragmentation-05.txt > has been successfully submitted by Alejandro Perez-Mendez and posted to the > IETF repository. > > Name: draft-ietf-radext-radius-fragmentation > Revision: 05 > Title: Support of fragmentation of RADIUS packets > Document date: 2014-03-07 > Group: radext > Pages: 28 > URL:http://www.ietf.org/internet-drafts/draft-ietf-radext-radius-fragmentation-05.txt > Status:https://datatracker.ietf.org/doc/draft-ietf-radext-radius-fragmentation/ > Htmlized:http://tools.ietf.org/html/draft-ietf-radext-radius-fragmentation-05 > Diff:http://www.ietf.org/rfcdiff?url2=draft-ietf-radext-radius-fragmentation-05 > > Abstract: > The Remote Authentication Dial-In User Service (RADIUS) protocol is > limited to a total packet size of 4096 octets. Provisions exist for > fragmenting large amounts of authentication data across multiple > packets, via Access-Challenge. No similar provisions exist for > fragmenting large amounts of authorization data. This document > specifies how existing RADIUS mechanisms can be leveraged to provide > that functionality. These mechanisms are largely compatible with > existing implementations, and are designed to be invisible to > proxies, and "fail-safe" to legacy clients and servers. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > > > > > _______________________________________________ > radext mailing list > radext@ietf.org > https://www.ietf.org/mailman/listinfo/radext --------------070007020404000804020705 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit
Hi,
As agreed during last RADEXT meeting on Tuesday, we've submitted a new version (05) of the draft, where we have added the following text, related to the no-inclusion of authentication attributes in the first fragment of the pre-authentication phase:

The
   authors acknowledge this is formally violating [RFC2865], but there
   are no known operational issues with it.
because ... ? I believe it deserves a little bit more information.

My meeting minutes tells me: because all implementations don’t do this “An Access-request MUST contain either a User-Password or a CHAP-passwork or a State”

Regards, Benoit
Once this document goes
   beyond being considered as experimental, it will state it updates
   [RFC2865].
Regards,
Alejandro



-------- Mensaje original --------
Asunto: New Version Notification for draft-ietf-radext-radius-fragmentation-05.txt
Fecha: Thu, 06 Mar 2014 23:51:26 -0800
De: internet-drafts@ietf.org
Para: Alejandro Perez-Mendez <alex@um.es>, "Alejandro Perez-Mendez" <alex@um.es>, Diego R. Lopez <diego@tid.es>, "Alan DeKok" <aland@networkradius.com>, Alan DeKok <aland@networkradius.com>, "Rafael Lopez" <rafa@um.es>, "Gabriel Lopez-Millan" <gabilm@um.es>, Gabriel Lopez-Millan <gabilm@um.es>, Fernando Pereniguez-Garcia <pereniguez@um.es>, Rafa Marin-Lopez <rafa@um.es>, "Diego R. Lopez" <diego@tid.es>, "Fernando Pereniguez-Garcia" <pereniguez@um.es> 


A new version of I-D, draft-ietf-radext-radius-fragmentation-05.txt
has been successfully submitted by Alejandro Perez-Mendez and posted to the
IETF repository.

Name:		draft-ietf-radext-radius-fragmentation
Revision:	05
Title:		Support of fragmentation of RADIUS packets
Document date:	2014-03-07
Group:		radext
Pages:		28
URL:            http://www.ietf.org/internet-drafts/draft-ietf-radext-radius-fragmentation-05.txt
Status:         https://datatracker.ietf.org/doc/draft-ietf-radext-radius-fragmentation/
Htmlized:       http://tools.ietf.org/html/draft-ietf-radext-radius-fragmentation-05
Diff:           http://www.ietf.org/rfcdiff?url2=draft-ietf-radext-radius-fragmentation-05

Abstract:
   The Remote Authentication Dial-In User Service (RADIUS) protocol is
   limited to a total packet size of 4096 octets.  Provisions exist for
   fragmenting large amounts of authentication data across multiple
   packets, via Access-Challenge.  No similar provisions exist for
   fragmenting large amounts of authorization data.  This document
   specifies how existing RADIUS mechanisms can be leveraged to provide
   that functionality.  These mechanisms are largely compatible with
   existing implementations, and are designed to be invisible to
   proxies, and "fail-safe" to legacy clients and servers.

                                                                                  


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat






_______________________________________________
radext mailing list
radext@ietf.org
https://www.ietf.org/mailman/listinfo/radext

--------------070007020404000804020705-- From nobody Tue Mar 18 03:34:41 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F128D1A03CE for ; Tue, 18 Mar 2014 03:34:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.048 X-Spam-Level: X-Spam-Status: No, score=-10.048 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Er6Vt8Ku11dn for ; Tue, 18 Mar 2014 03:34:38 -0700 (PDT) Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) by ietfa.amsl.com (Postfix) with ESMTP id 3CB511A03A0 for ; Tue, 18 Mar 2014 03:34:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1247; q=dns/txt; s=iport; t=1395138870; x=1396348470; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=jZG8e4qkmr3egigBBiNaN4aONOYHnGaOtsImHQkEH4k=; b=R1D4Jk/ZCZf3HqRflkziHZEJ4kagWx/ja2VTxuvoDmHloMpVHdZuHxSC T2DnKTk+MUOIa9tSwE7zSiWQlnIxMS/xgvE/wG5ZkD73YwbgNHiogu27M c+NkQIVjOhHqAVOV9dZ/ZKZ67ZOF9xyAgk2cObDUP4dUvOFNFxWNDT2AE U=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AkYFAK4gKFOQ/khN/2dsb2JhbABagwY7wniBIxZ0giYBAQQ4QAEQCyEWDwkDAgECAUUGAQwBBwEBh3UN0TYTBI4OVAeEOAEDmEaGTItkgy48 X-IronPort-AV: E=Sophos;i="4.97,677,1389744000"; d="scan'208";a="9018610" Received: from ams-core-4.cisco.com ([144.254.72.77]) by aer-iport-2.cisco.com with ESMTP; 18 Mar 2014 10:34:29 +0000 Received: from [10.60.67.89] (ams-bclaise-8918.cisco.com [10.60.67.89]) by ams-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id s2IAYTYb001663; Tue, 18 Mar 2014 10:34:29 GMT Message-ID: <53282135.5060309@cisco.com> Date: Tue, 18 Mar 2014 11:34:29 +0100 From: Benoit Claise User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Jouni Korhonen , "radext@ietf.org" References: <52C486C6-B1FD-4310-A38E-2EBEA8CDFB6F@gmail.com> In-Reply-To: <52C486C6-B1FD-4310-A38E-2EBEA8CDFB6F@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/radext/gsMwuQGOUe7pm8f8BLHfZJLroaM Cc: "radext-chairs@tools.ietf.org" Subject: Re: [radext] Rechartering RADEXT X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Mar 2014 10:34:40 -0000 Dear all, I've been asked in the past to AD sponsor https://datatracker.ietf.org/doc/draft-wierenga-ietf-eduroam/ I always prefer to get proper WG review when possible... Therefore I'm more inclined to have this document part of the new RADEXT charter. Do you see any problems with this approach? Regards, Benoit > Folks, > > We are about to recharter soon, since the current charter work items are nearly done. > We got the CoA Proxying as a potential charter item. So, the question is whether the > WG is OK taking in the work in and at the same time adding required words into the > current charter. > > During the London WG meeting we had a presentation of draft-cheng-behave-cgn-cfg-radius-ext > I-D. Surprisingly many people had read it and there was also interest around the ongoing > work. So, the question is whether the WG is OK taking in the work in and at the same time > adding required words into the current charter. In general I would (personally) like > to add text into the charter allowing RADEXT take in similar work to this more easily. > > Any other topics the WG feels need to be added into the charter? I'd assume at least > Alan has one or two in his sleeves ;) > > - Jouni & Stefan. > From nobody Tue Mar 18 04:06:23 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 519751A03CB for ; Tue, 18 Mar 2014 04:06:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.747 X-Spam-Level: X-Spam-Status: No, score=-4.747 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ogyr_7lB8vcX for ; Tue, 18 Mar 2014 04:06:14 -0700 (PDT) Received: from xenon23.um.es (xenon23.um.es [155.54.212.163]) by ietfa.amsl.com (Postfix) with ESMTP id 8E71E1A03C9 for ; Tue, 18 Mar 2014 04:06:12 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by xenon23.um.es (Postfix) with ESMTP id 8B26E4214 for ; Tue, 18 Mar 2014 12:06:02 +0100 (CET) X-Virus-Scanned: by antispam in UMU at xenon23.um.es Received: from xenon23.um.es ([127.0.0.1]) by localhost (xenon23.um.es [127.0.0.1]) (amavisd-new, port 10024) with LMTP id Q7Lov9u0E2m9 for ; Tue, 18 Mar 2014 12:06:02 +0100 (CET) Received: from [10.42.0.19] (84.124.131.72.dyn.user.ono.com [84.124.131.72]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: alex) by xenon23.um.es (Postfix) with ESMTPSA id 38BA7D36 for ; Tue, 18 Mar 2014 12:06:01 +0100 (CET) Message-ID: <53282898.9050504@um.es> Date: Tue, 18 Mar 2014 12:06:00 +0100 From: Alejandro Perez Mendez User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: radext@ietf.org References: <20140307075126.8756.14600.idtracker@ietfa.amsl.com> <53197B56.10303@um.es> <53281E36.2020708@cisco.com> In-Reply-To: <53281E36.2020708@cisco.com> X-Enigmail-Version: 1.6 Content-Type: multipart/alternative; boundary="------------090904090107080906060705" Archived-At: http://mailarchive.ietf.org/arch/msg/radext/XkL7Hs7zlHWr7k1X9cqhyTvbmVI Subject: Re: [radext] Fwd: New Version Notification for draft-ietf-radext-radius-fragmentation-05.txt X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Mar 2014 11:06:18 -0000 This is a multi-part message in MIME format. --------------090904090107080906060705 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit El 18/03/14 11:21, Benoit Claise escribió: > Hi, >> As agreed during last RADEXT meeting on Tuesday, we've submitted a >> new version (05) of the draft, where we have added the following >> text, related to the no-inclusion of authentication attributes in the >> first fragment of the pre-authentication phase: >> >> The >> authors acknowledge this is formally violating [RFC2865], but there >> are no known operational issues with it. > because ... ? I believe it deserves a little bit more information. > > My meeting minutes tells me: because all implementations don't do this > "An Access-request MUST contain either a User-Password or a > CHAP-passwork or a State" Hi Benoit, we could extend that line to something like: The authors acknowledge this is formally violating [RFC2865], but no operational issues are expected as no known implementation perform that verification when proxying Access-Requests, since doing so would preclude them to support future extensions. Would it do it for you? Regards, Alejandro > > Regards, Benoit >> Once this document goes >> beyond being considered as experimental, it will state it updates >> [RFC2865]. >> Regards, >> Alejandro >> >> >> >> -------- Mensaje original -------- >> Asunto: New Version Notification for >> draft-ietf-radext-radius-fragmentation-05.txt >> Fecha: Thu, 06 Mar 2014 23:51:26 -0800 >> De: internet-drafts@ietf.org >> Para: Alejandro Perez-Mendez , "Alejandro Perez-Mendez" >> , Diego R. Lopez , "Alan DeKok" >> , Alan DeKok , >> "Rafael Lopez" , "Gabriel Lopez-Millan" , >> Gabriel Lopez-Millan , Fernando Pereniguez-Garcia >> , Rafa Marin-Lopez , "Diego R. Lopez" >> , "Fernando Pereniguez-Garcia" >> >> >> >> A new version of I-D, draft-ietf-radext-radius-fragmentation-05.txt >> has been successfully submitted by Alejandro Perez-Mendez and posted to the >> IETF repository. >> >> Name: draft-ietf-radext-radius-fragmentation >> Revision: 05 >> Title: Support of fragmentation of RADIUS packets >> Document date: 2014-03-07 >> Group: radext >> Pages: 28 >> URL: http://www.ietf.org/internet-drafts/draft-ietf-radext-radius-fragmentation-05.txt >> Status: https://datatracker.ietf.org/doc/draft-ietf-radext-radius-fragmentation/ >> Htmlized: http://tools.ietf.org/html/draft-ietf-radext-radius-fragmentation-05 >> Diff: http://www.ietf.org/rfcdiff?url2=draft-ietf-radext-radius-fragmentation-05 >> >> Abstract: >> The Remote Authentication Dial-In User Service (RADIUS) protocol is >> limited to a total packet size of 4096 octets. Provisions exist for >> fragmenting large amounts of authentication data across multiple >> packets, via Access-Challenge. No similar provisions exist for >> fragmenting large amounts of authorization data. This document >> specifies how existing RADIUS mechanisms can be leveraged to provide >> that functionality. These mechanisms are largely compatible with >> existing implementations, and are designed to be invisible to >> proxies, and "fail-safe" to legacy clients and servers. >> >> >> >> >> Please note that it may take a couple of minutes from the time of submission >> until the htmlized version and diff are available at tools.ietf.org. >> >> The IETF Secretariat >> >> >> >> >> >> _______________________________________________ >> radext mailing list >> radext@ietf.org >> https://www.ietf.org/mailman/listinfo/radext > > > > _______________________________________________ > radext mailing list > radext@ietf.org > https://www.ietf.org/mailman/listinfo/radext --------------090904090107080906060705 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit
El 18/03/14 11:21, Benoit Claise escribió:
Hi,
As agreed during last RADEXT meeting on Tuesday, we've submitted a new version (05) of the draft, where we have added the following text, related to the no-inclusion of authentication attributes in the first fragment of the pre-authentication phase:

The
   authors acknowledge this is formally violating [RFC2865], but there
   are no known operational issues with it.
because ... ? I believe it deserves a little bit more information.

My meeting minutes tells me: because all implementations don’t do this “An Access-request MUST contain either a User-Password or a CHAP-passwork or a State”

Hi Benoit,

we could extend that line to something like:
The
   authors acknowledge this is formally violating [RFC2865], but no
   operational issues are expected as no known implementation 
   perform that verification when proxying Access-Requests, since doing so would
   preclude them to support future extensions.
Would it do it for you?

Regards,
Alejandro


Regards, Benoit
Once this document goes
   beyond being considered as experimental, it will state it updates
   [RFC2865].
Regards,
Alejandro



-------- Mensaje original --------
Asunto: New Version Notification for draft-ietf-radext-radius-fragmentation-05.txt
Fecha: Thu, 06 Mar 2014 23:51:26 -0800
De: internet-drafts@ietf.org
Para: Alejandro Perez-Mendez <alex@um.es>, "Alejandro Perez-Mendez" <alex@um.es>, Diego R. Lopez <diego@tid.es>, "Alan DeKok" <aland@networkradius.com>, Alan DeKok <aland@networkradius.com>, "Rafael Lopez" <rafa@um.es>, "Gabriel Lopez-Millan" <gabilm@um.es>, Gabriel Lopez-Millan <gabilm@um.es>, Fernando Pereniguez-Garcia <pereniguez@um.es>, Rafa Marin-Lopez <rafa@um.es>, "Diego R. Lopez" <diego@tid.es>, "Fernando Pereniguez-Garcia" <pereniguez@um.es> 


A new version of I-D, draft-ietf-radext-radius-fragmentation-05.txt
has been successfully submitted by Alejandro Perez-Mendez and posted to the
IETF repository.

Name:		draft-ietf-radext-radius-fragmentation
Revision:	05
Title:		Support of fragmentation of RADIUS packets
Document date:	2014-03-07
Group:		radext
Pages:		28
URL:            http://www.ietf.org/internet-drafts/draft-ietf-radext-radius-fragmentation-05.txt
Status:         https://datatracker.ietf.org/doc/draft-ietf-radext-radius-fragmentation/
Htmlized:       http://tools.ietf.org/html/draft-ietf-radext-radius-fragmentation-05
Diff:           http://www.ietf.org/rfcdiff?url2=draft-ietf-radext-radius-fragmentation-05

Abstract:
   The Remote Authentication Dial-In User Service (RADIUS) protocol is
   limited to a total packet size of 4096 octets.  Provisions exist for
   fragmenting large amounts of authentication data across multiple
   packets, via Access-Challenge.  No similar provisions exist for
   fragmenting large amounts of authorization data.  This document
   specifies how existing RADIUS mechanisms can be leveraged to provide
   that functionality.  These mechanisms are largely compatible with
   existing implementations, and are designed to be invisible to
   proxies, and "fail-safe" to legacy clients and servers.

                                                                                  


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat






_______________________________________________
radext mailing list
radext@ietf.org
https://www.ietf.org/mailman/listinfo/radext




_______________________________________________
radext mailing list
radext@ietf.org
https://www.ietf.org/mailman/listinfo/radext

--------------090904090107080906060705-- From nobody Tue Mar 18 06:27:59 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A130E1A03FE for ; Tue, 18 Mar 2014 06:27:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cwdvBYPiBoL3 for ; Tue, 18 Mar 2014 06:27:56 -0700 (PDT) Received: from power.freeradius.org (power.freeradius.org [88.190.25.44]) by ietfa.amsl.com (Postfix) with ESMTP id 6C6FC1A03F5 for ; Tue, 18 Mar 2014 06:27:56 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by power.freeradius.org (Postfix) with ESMTP id D00AD2240152; Tue, 18 Mar 2014 14:27:47 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at power.freeradius.org Received: from power.freeradius.org ([127.0.0.1]) by localhost (power.freeradius.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EwCCXGJQqixm; Tue, 18 Mar 2014 14:27:47 +0100 (CET) Received: from Thor.local (unknown [70.50.218.22]) by power.freeradius.org (Postfix) with ESMTPSA id 4422522400DD; Tue, 18 Mar 2014 14:27:47 +0100 (CET) Message-ID: <532849D2.3040504@deployingradius.com> Date: Tue, 18 Mar 2014 09:27:46 -0400 From: Alan DeKok User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228) MIME-Version: 1.0 To: Alejandro Perez Mendez References: <20140307075126.8756.14600.idtracker@ietfa.amsl.com> <53197B56.10303@um.es> <53281E36.2020708@cisco.com> <53282898.9050504@um.es> In-Reply-To: <53282898.9050504@um.es> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/radext/S5Mnzc27KTtXZzm3re3nlxhK3ns Cc: radext@ietf.org Subject: Re: [radext] Fwd: New Version Notification for draft-ietf-radext-radius-fragmentation-05.txt X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Mar 2014 13:27:57 -0000 Alejandro Perez Mendez wrote: > we could extend that line to something like: > > The > authors acknowledge this is formally violating [RFC2865], but no > operational issues are expected as no known implementation > perform that verification when proxying Access-Requests, since doing so would > preclude them to support future extensions. Perhaps this (word-smithing) The authors acknowledge that this specification violates the "MUST" requirement of [RFC2865] Section 4.1. We note that a proxy which enforces that requirement would be unable to support future RADIUS authentication extensions. Extensions to the protocol would therefore be impossible to deploy. All known implementations have chosen the philosophy of "be liberal in what you accept". That is, they accept traffic which violates the requirement of [RFC2865] Section 4.1. We therefore expect to see no operational issues with this specification. After we gain more operational experience with this specification, it can be re-issued as a standards track document, and update [RFC2865]. Alan DeKok. From nobody Tue Mar 18 07:53:35 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72D6C1A037C for ; Tue, 18 Mar 2014 07:53:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -8.466 X-Spam-Level: X-Spam-Status: No, score=-8.466 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_FONT_FACE_BAD=0.981, HTML_MESSAGE=0.001, J_CHICKENPOX_24=0.6, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5C3eBoXhs4gu for ; Tue, 18 Mar 2014 07:53:32 -0700 (PDT) Received: from aer-iport-1.cisco.com (aer-iport-1.cisco.com [173.38.203.51]) by ietfa.amsl.com (Postfix) with ESMTP id 28FAA1A036E for ; Tue, 18 Mar 2014 07:53:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2209; q=dns/txt; s=iport; t=1395154404; x=1396364004; h=message-id:date:from:mime-version:to:cc:subject; bh=OhKQb71Qbin1Sr8CWH5LUdNyXrpXWdtVrOKdMujE+R0=; b=LgFIdVpjra13rcVDBg0aFqUVsUY6lZx8pubJPdOYBMlesrXKqGcGaBsv WtJtnjHCFJgbl5ZwzjsG2xLR1/NyaadNJgXfkcn0Sj8LjRhUad9Mx2a0H ffNoCKJHcq4Rtw+9IodhpEfcn9dzAo1Baz8IgQAZQT2E9CzlwOu+OoXdE g=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AiEGAK1cKFOQ/khM/2dsb2JhbABagwaJdbk/gSIWdIMkAR8BHBYYAwIBAgFYAQcBAYd10WUXjmIdhCIEmEaGTItkgy48 X-IronPort-AV: E=Sophos;i="4.97,678,1389744000"; d="scan'208,217";a="9725484" Received: from ams-core-3.cisco.com ([144.254.72.76]) by aer-iport-1.cisco.com with ESMTP; 18 Mar 2014 14:53:23 +0000 Received: from [10.60.67.89] (ams-bclaise-8918.cisco.com [10.60.67.89]) by ams-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id s2IErNBX020104; Tue, 18 Mar 2014 14:53:23 GMT Message-ID: <53285DE2.9040802@cisco.com> Date: Tue, 18 Mar 2014 15:53:22 +0100 From: Benoit Claise User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: draft-ietf-radext-radius-fragmentation@tools.ietf.org Content-Type: multipart/alternative; boundary="------------070600010808070203040307" Archived-At: http://mailarchive.ietf.org/arch/msg/radext/JYtEvE0X6KuU-5U1sHMN8zDw-cA Cc: "radext@ietf.org" , "" Subject: [radext] Update RFC 6929 in draft-ietf-radext-radius-fragmentation X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Mar 2014 14:53:33 -0000 This is a multi-part message in MIME format. --------------070600010808070203040307 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Dear all, Following Lionel's question during the RADEXT meeting regardingthe "update RFC 6929" in draft-ietf-radext-radius-fragmentation-04, I was asked to look into this question. RFC 3967 and RFC 4897 are about the reverse, i.e. normative downref, so no problem here. The question is:does it even make sense for an experimental RFC to update another RFC? Checking with one fellow IESG member, we don't think this the draft Updates 6929. Nobody implementing 6929 has to look at this document. And we think an Experimental document updating a standards track document is bad form, even if not specifically forbidden. There's a normative reference to 6929; Updates is not needed. Regards, Benoit --------------070600010808070203040307 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Dear all,

Following Lionel's question during the RADEXT meeting regarding the "update RFC 6929" in draft-ietf-radext-radius-fragmentation-04, I was asked to look into this question.

RFC 3967 and RFC 4897 are about the reverse, i.e. normative downref, so no problem here.
The question is: does it even make sense for an experimental RFC to update another RFC?

Checking with one fellow IESG member, we don't think this the draft Updates 6929. Nobody implementing 6929 has to look at this document. And we think an Experimental document updating a standards track document is bad form, even if not specifically forbidden. There's a normative reference to 6929; Updates is not needed.

Regards, Benoit
--------------070600010808070203040307-- From nobody Tue Mar 18 07:57:43 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19B791A017E for ; Tue, 18 Mar 2014 07:57:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KbgI1UG8aAOc for ; Tue, 18 Mar 2014 07:57:34 -0700 (PDT) Received: from power.freeradius.org (power.freeradius.org [88.190.25.44]) by ietfa.amsl.com (Postfix) with ESMTP id BE5BC1A040B for ; Tue, 18 Mar 2014 07:57:33 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by power.freeradius.org (Postfix) with ESMTP id 3D9CC2240371; Tue, 18 Mar 2014 15:56:55 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at power.freeradius.org Received: from power.freeradius.org ([127.0.0.1]) by localhost (power.freeradius.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8eDDxkL2+Np5; Tue, 18 Mar 2014 15:56:54 +0100 (CET) Received: from Thor.local (unknown [70.50.218.22]) by power.freeradius.org (Postfix) with ESMTPSA id D45FF2240137; Tue, 18 Mar 2014 15:56:53 +0100 (CET) Message-ID: <53285EB4.7070206@deployingradius.com> Date: Tue, 18 Mar 2014 10:56:52 -0400 From: Alan DeKok User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228) MIME-Version: 1.0 To: Benoit Claise References: <53285DE2.9040802@cisco.com> In-Reply-To: <53285DE2.9040802@cisco.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/radext/vzYMUpgYcOWR275JuUFMLZJunv0 Cc: "radext@ietf.org" , draft-ietf-radext-radius-fragmentation@tools.ietf.org, "" Subject: Re: [radext] Update RFC 6929 in draft-ietf-radext-radius-fragmentation X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Mar 2014 14:57:41 -0000 Benoit Claise wrote: > The question is: does it even make sense for an experimental RFC to > update another RFC? Only if the other one is also experimental. > Checking with one fellow IESG member, we don't think this the draft > Updates 6929. Nobody implementing 6929 has to look at this document. And > we think an Experimental document updating a standards track document is > bad form, even if not specifically forbidden. There's a normative > reference to 6929; Updates is not needed. That sounds good to me. Alan DeKok. From nobody Tue Mar 18 08:07:58 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51FCD1A0141 for ; Tue, 18 Mar 2014 08:07:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.048 X-Spam-Level: X-Spam-Status: No, score=-10.048 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id txAvsStk8m3b for ; Tue, 18 Mar 2014 08:07:52 -0700 (PDT) Received: from aer-iport-3.cisco.com (aer-iport-3.cisco.com [173.38.203.53]) by ietfa.amsl.com (Postfix) with ESMTP id F32EC1A02EE for ; Tue, 18 Mar 2014 08:07:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=743; q=dns/txt; s=iport; t=1395155261; x=1396364861; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=UJW56b7SMj36lRujD6Rtc0QyFQdEzAMV7vkQaqd4/hI=; b=AnGERlqzllubl3pVybe4I5mDXcthr29kQaCG5faCu8knTdDrhR5+ZfMV 3tnhEFovKL2grUWQjOQGZRS8tOnxFKv1ZUqWgbEvvxAeSBYsUSK5eeqL2 doFsnJWOXeiFEFsAM/bcG8fgnKkKb3oCWszucZlfb5o/XUEZEiljB6Zhv w=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AkQFAOhfKFOQ/khR/2dsb2JhbABagwbDNIEjFnSCJQEBAQQ4QAEQCxgJFg8JAwIBAgFFBg0BBwEBh3XRYxeOYgeEOAEDmEaGTItkgy48 X-IronPort-AV: E=Sophos;i="4.97,678,1389744000"; d="scan'208";a="4974781" Received: from ams-core-1.cisco.com ([144.254.72.81]) by aer-iport-3.cisco.com with ESMTP; 18 Mar 2014 15:07:40 +0000 Received: from [10.60.67.89] (ams-bclaise-8918.cisco.com [10.60.67.89]) by ams-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id s2IF7db1031720; Tue, 18 Mar 2014 15:07:39 GMT Message-ID: <5328613B.4050201@cisco.com> Date: Tue, 18 Mar 2014 16:07:39 +0100 From: Benoit Claise User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Alan DeKok References: <53285DE2.9040802@cisco.com> <53285EB4.7070206@deployingradius.com> In-Reply-To: <53285EB4.7070206@deployingradius.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/radext/FuI0-UO1DgwtbOz2s_JhUGh2fTA Cc: "radext@ietf.org" , draft-ietf-radext-radius-fragmentation@tools.ietf.org, "" Subject: Re: [radext] Update RFC 6929 in draft-ietf-radext-radius-fragmentation X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Mar 2014 15:07:54 -0000 Alan, > Benoit Claise wrote: >> The question is: does it even make sense for an experimental RFC to >> update another RFC? > Only if the other one is also experimental. Good point. I checked the last 100 published experimental RFCs, and when an "Update" was used, it was always updating an experimental RFC. Regards, Benoit > >> Checking with one fellow IESG member, we don't think this the draft >> Updates 6929. Nobody implementing 6929 has to look at this document. And >> we think an Experimental document updating a standards track document is >> bad form, even if not specifically forbidden. There's a normative >> reference to 6929; Updates is not needed. > That sounds good to me. > > Alan DeKok. > . > From nobody Tue Mar 18 08:27:31 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8EA281A0404 for ; Tue, 18 Mar 2014 08:27:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v5NwecO4Dpae for ; Tue, 18 Mar 2014 08:27:27 -0700 (PDT) Received: from relais-inet.francetelecom.com (relais-ias243.francetelecom.com [80.12.204.243]) by ietfa.amsl.com (Postfix) with ESMTP id 9EB541A0147 for ; Tue, 18 Mar 2014 08:27:27 -0700 (PDT) Received: from omfeda07.si.francetelecom.fr (unknown [xx.xx.xx.200]) by omfeda11.si.francetelecom.fr (ESMTP service) with ESMTP id BE39C1B81BD; Tue, 18 Mar 2014 16:27:18 +0100 (CET) Received: from Exchangemail-eme1.itn.ftgroup (unknown [10.114.1.186]) by omfeda07.si.francetelecom.fr (ESMTP service) with ESMTP id 98684158084; Tue, 18 Mar 2014 16:27:18 +0100 (CET) Received: from PEXCVZYM13.corporate.adroot.infra.ftgroup ([fe80::cc7e:e40b:42ef:164e]) by PEXCVZYH01.corporate.adroot.infra.ftgroup ([::1]) with mapi id 14.03.0174.001; Tue, 18 Mar 2014 16:27:18 +0100 From: To: Alan DeKok , Benoit Claise Thread-Topic: [radext] Update RFC 6929 in draft-ietf-radext-radius-fragmentation Thread-Index: AQHPQrnP4HnMZIGi4keQHwd+/AH7M5rm3mAAgAADA4CAABZBag== Date: Tue, 18 Mar 2014 15:27:17 +0000 Message-ID: <8237_1395156438_532865D6_8237_19913_1_ri4nfpsp4mn7pr9ubry16l4b.1395156225001@email.android.com> References: <53285DE2.9040802@cisco.com> <53285EB4.7070206@deployingradius.com>,<5328613B.4050201@cisco.com> In-Reply-To: <5328613B.4050201@cisco.com> Accept-Language: fr-FR, en-US Content-Language: fr-FR X-MS-Has-Attach: X-MS-TNEF-Correlator: Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-PMX-Version: 6.0.3.2322014, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2014.3.18.134216 Archived-At: http://mailarchive.ietf.org/arch/msg/radext/YPi8TfRI7Oome3clOOIFVCB0fH0 Cc: "radext@ietf.org" , "draft-ietf-radext-radius-fragmentation@tools.ietf.org" Subject: Re: [radext] Update RFC 6929 in draft-ietf-radext-radius-fragmentation X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Mar 2014 15:27:29 -0000 On the same line, it should be highlighted for information that the field a= ssigned for "T" in this document was available at the time of publication b= ut it could conflict in the future with a normative document that would reu= se the same field with another meaning. Regards, Lionel Envoy=E9 depuis mon Sony Xperia SP d'Orange Benoit Claise a =E9crit : Alan, > Benoit Claise wrote: >> The question is: does it even make sense for an experimental RFC to >> update another RFC? > Only if the other one is also experimental. Good point. I checked the last 100 published experimental RFCs, and when an "Update" was used, it was always updating an experimental RFC. Regards, Benoit > >> Checking with one fellow IESG member, we don't think this the draft >> Updates 6929. Nobody implementing 6929 has to look at this document. And >> we think an Experimental document updating a standards track document is >> bad form, even if not specifically forbidden. There's a normative >> reference to 6929; Updates is not needed. > That sounds good to me. > > Alan DeKok. > . > ___________________________________________________________________________= ______________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confiden= tielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu= ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages el= ectroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou = falsifie. Merci. This message and its attachments may contain confidential or privileged inf= ormation that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and dele= te this message and its attachments. As emails may be altered, Orange is not liable for messages that have been = modified, changed or falsified. Thank you. From nobody Tue Mar 18 10:49:09 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8FA51A0739 for ; Tue, 18 Mar 2014 10:49:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EiSOJ1hE6RSe for ; Tue, 18 Mar 2014 10:49:05 -0700 (PDT) Received: from smtp2.pacifier.net (smtp2.pacifier.net [64.255.237.172]) by ietfa.amsl.com (Postfix) with ESMTP id 394581A072C for ; Tue, 18 Mar 2014 10:49:05 -0700 (PDT) Received: from Philemon (68-116-62-210.static.mdfd.or.charter.com [68.116.62.210]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp2.pacifier.net (Postfix) with ESMTPSA id D31222CA39; Tue, 18 Mar 2014 10:48:56 -0700 (PDT) From: "Jim Schaad" To: "'Benoit Claise'" , References: <52C486C6-B1FD-4310-A38E-2EBEA8CDFB6F@gmail.com> <53282135.5060309@cisco.com> In-Reply-To: <53282135.5060309@cisco.com> Date: Tue, 18 Mar 2014 10:47:08 -0700 Message-ID: <034201cf42d2$15b4a780$411df680$@augustcellars.com> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQN+PYqNuqUBQq5M5bTZNH7nJqZl9gEOsHvGl4CzMlA= Content-Language: en-us Archived-At: http://mailarchive.ietf.org/arch/msg/radext/40nTLRC7INszogKulUkWaqntg2w Subject: Re: [radext] Rechartering RADEXT X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Mar 2014 17:49:07 -0000 How would you expect the WG to change a document that has the purpose of documenting one version of a RADIUS deployment. While I think that asking the group to review the document for readability makes sense, having the document as a WG item does not. Jim > -----Original Message----- > From: radext [mailto:radext-bounces@ietf.org] On Behalf Of Benoit Claise > Sent: Tuesday, March 18, 2014 3:34 AM > To: Jouni Korhonen; radext@ietf.org > Cc: radext-chairs@tools.ietf.org > Subject: Re: [radext] Rechartering RADEXT > > Dear all, > > I've been asked in the past to AD sponsor > https://datatracker.ietf.org/doc/draft-wierenga-ietf-eduroam/ > I always prefer to get proper WG review when possible... > Therefore I'm more inclined to have this document part of the new RADEXT > charter. > > Do you see any problems with this approach? > > Regards, Benoit > > Folks, > > > > We are about to recharter soon, since the current charter work items are > nearly done. > > We got the CoA Proxying as a potential charter item. So, the question > > is whether the WG is OK taking in the work in and at the same time > > adding required words into the current charter. > > > > During the London WG meeting we had a presentation of > > draft-cheng-behave-cgn-cfg-radius-ext > > I-D. Surprisingly many people had read it and there was also interest > > around the ongoing work. So, the question is whether the WG is OK > > taking in the work in and at the same time adding required words into > > the current charter. In general I would (personally) like to add text into the > charter allowing RADEXT take in similar work to this more easily. > > > > Any other topics the WG feels need to be added into the charter? I'd > > assume at least Alan has one or two in his sleeves ;) > > > > - Jouni & Stefan. > > > > _______________________________________________ > radext mailing list > radext@ietf.org > https://www.ietf.org/mailman/listinfo/radext From nobody Tue Mar 18 10:53:00 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DEAC1A073C for ; Tue, 18 Mar 2014 10:52:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XrxSOPjHFo9b for ; Tue, 18 Mar 2014 10:52:45 -0700 (PDT) Received: from smtp4.pacifier.net (smtp4.pacifier.net [64.255.237.176]) by ietfa.amsl.com (Postfix) with ESMTP id D1EC91A0740 for ; Tue, 18 Mar 2014 10:52:45 -0700 (PDT) Received: from Philemon (68-116-62-210.static.mdfd.or.charter.com [68.116.62.210]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp4.pacifier.net (Postfix) with ESMTPSA id 650CC38EEF; Tue, 18 Mar 2014 10:52:37 -0700 (PDT) From: "Jim Schaad" To: "'Benoit Claise'" , References: <53285DE2.9040802@cisco.com> In-Reply-To: <53285DE2.9040802@cisco.com> Date: Tue, 18 Mar 2014 10:50:49 -0700 Message-ID: <035801cf42d2$99464b80$cbd2e280$@augustcellars.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0359_01CF4297.ECE8FA20" X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQHG4DswLDcHlHX0C+rPNIfO2Yg3wJr35FDw Content-Language: en-us Archived-At: http://mailarchive.ietf.org/arch/msg/radext/3tweX935KaqFFhD492OC8hJouXo Cc: radext@ietf.org, lionel.morand@orange.com Subject: Re: [radext] Update RFC 6929 in draft-ietf-radext-radius-fragmentation X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Mar 2014 17:52:49 -0000 This is a multipart message in MIME format. ------=_NextPart_000_0359_01CF4297.ECE8FA20 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit While it is true that an implementer of 6929 does not need to see this document, it is also true that this document is effectively allocating a bit from a structure that is in that document. If this document does not update 6929, then it is possible that the next document to update that structure will fail to notice this and allocate the same bit for a different purpose. I believe that this update relationship needs to be retained. Jim From: radext [mailto:radext-bounces@ietf.org] On Behalf Of Benoit Claise Sent: Tuesday, March 18, 2014 7:53 AM To: draft-ietf-radext-radius-fragmentation@tools.ietf.org Cc: radext@ietf.org; Subject: [radext] Update RFC 6929 in draft-ietf-radext-radius-fragmentation Dear all, Following Lionel's question during the RADEXT meeting regarding the "update RFC 6929" in draft-ietf-radext-radius-fragmentation-04, I was asked to look into this question. RFC 3967 and RFC 4897 are about the reverse, i.e. normative downref, so no problem here. The question is: does it even make sense for an experimental RFC to update another RFC? Checking with one fellow IESG member, we don't think this the draft Updates 6929. Nobody implementing 6929 has to look at this document. And we think an Experimental document updating a standards track document is bad form, even if not specifically forbidden. There's a normative reference to 6929; Updates is not needed. Regards, Benoit ------=_NextPart_000_0359_01CF4297.ECE8FA20 Content-Type: text/html; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable

While it is true that an implementer of 6929 does not need to see = this document, it is also true that this document is effectively = allocating a bit from a structure that is in that document.  If = this document does not update 6929, then it is possible that the next = document to update that structure will fail to notice this and allocate = the same bit for a different purpose.

 

I believe that this update relationship needs to be = retained.

 

Jim

 

 

From: radext [mailto:radext-bounces@ietf.org] On Behalf Of Benoit = Claise
Sent: Tuesday, March 18, 2014 7:53 AM
To: = draft-ietf-radext-radius-fragmentation@tools.ietf.org
Cc: = radext@ietf.org; <lionel.morand@orange.com>
Subject: = [radext] Update RFC 6929 in = draft-ietf-radext-radius-fragmentation

<= p class=3DMsoNormal> 

Dear = all,

Following Lionel's question during the RADEXT meeting = regarding the "update RFC 6929" in = draft-ietf-radext-radius-fragmentation-04, I was asked to look into this = question.

RFC 3967 and RFC 4897 are about the reverse, i.e. = normative downref, so no problem here.
The question is: does it = even make sense for an experimental RFC to update another RFC? =

Checking with one fellow IESG member, we don't think this the = draft Updates 6929. Nobody implementing 6929 has to look at this = document. And we think an Experimental document updating a standards = track document is bad form, even if not specifically forbidden. There's = a normative reference to 6929; Updates is not needed.

Regards, = Benoit

------=_NextPart_000_0359_01CF4297.ECE8FA20-- From nobody Tue Mar 18 11:50:34 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 980DE1A044C for ; Tue, 18 Mar 2014 11:50:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.048 X-Spam-Level: X-Spam-Status: No, score=-10.048 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l0eXLS_imGbf for ; Tue, 18 Mar 2014 11:50:31 -0700 (PDT) Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) by ietfa.amsl.com (Postfix) with ESMTP id E6C691A040E for ; Tue, 18 Mar 2014 11:50:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1439; q=dns/txt; s=iport; t=1395168623; x=1396378223; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=kzGlxN2PNPWcTXu28KQVWRDr6gT5CAJ5Z6vR4Xmw9YQ=; b=LCKA6gmAJZacRHEUyRpYmBb+Tmp3yssMTqoTy+Pq+xU82jSxhi1qIimj qXQXfm7xFiY7ksdNT4C5qBwDwX872C99A0uXIzM8vp4Fz03KqnH39OFxN Vai/gUluWEPDHHnNjeZuiMDFsxUNVd331svOV6sw5HHwoSUuaLJC7kJM8 0=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AgUFAB6VKFOQ/khR/2dsb2JhbABagwY7uz6Ga1GBLRZ0giUBAQEEAQEBNTQCCAEBARALGAkWDwkDAgECARUwBgEMAQUCAQGHdQ3QHxMEjmIHhDgBA5hGhkyLZIFvgT88 X-IronPort-AV: E=Sophos;i="4.97,679,1389744000"; d="scan'208";a="9097990" Received: from ams-core-1.cisco.com ([144.254.72.81]) by aer-iport-2.cisco.com with ESMTP; 18 Mar 2014 18:50:21 +0000 Received: from [10.60.67.89] (ams-bclaise-8918.cisco.com [10.60.67.89]) by ams-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id s2IIoLWb006595; Tue, 18 Mar 2014 18:50:21 GMT Message-ID: <5328956D.5080908@cisco.com> Date: Tue, 18 Mar 2014 19:50:21 +0100 From: Benoit Claise User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Alan DeKok , Alejandro Perez Mendez References: <20140307075126.8756.14600.idtracker@ietfa.amsl.com> <53197B56.10303@um.es> <53281E36.2020708@cisco.com> <53282898.9050504@um.es> <532849D2.3040504@deployingradius.com> In-Reply-To: <532849D2.3040504@deployingradius.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/radext/_QYNZaIVjFdp8jLOAAMweehvwSU Cc: radext@ietf.org Subject: Re: [radext] Fwd: New Version Notification for draft-ietf-radext-radius-fragmentation-05.txt X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Mar 2014 18:50:32 -0000 On 18/03/2014 14:27, Alan DeKok wrote: > Alejandro Perez Mendez wrote: >> we could extend that line to something like: >> >> The >> authors acknowledge this is formally violating [RFC2865], but no >> operational issues are expected as no known implementation >> perform that verification when proxying Access-Requests, since doing so would >> preclude them to support future extensions. > Perhaps this (word-smithing) > > The authors acknowledge that this specification violates the "MUST" > requirement of [RFC2865] Section 4.1. We note that a proxy which > enforces that requirement would be unable to support future RADIUS > authentication extensions. Extensions to the protocol would therefore > be impossible to deploy. > > All known implementations have chosen the philosophy of "be liberal in > what you accept". That is, they accept traffic which violates the > requirement of [RFC2865] Section 4.1. We therefore expect to see no > operational issues with this specification. After we gain more > operational experience with this specification, it can be re-issued as a > standards track document, and update [RFC2865]. To answer Alejandro's question here: If the WG is fine with this, I'm fine. Regards, Benoit > > Alan DeKok. > > _______________________________________________ > radext mailing list > radext@ietf.org > https://www.ietf.org/mailman/listinfo/radext > From nobody Tue Mar 18 12:01:04 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 970FF1A072D for ; Tue, 18 Mar 2014 12:01:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.048 X-Spam-Level: X-Spam-Status: No, score=-10.048 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wf-jsBCt0FQP for ; Tue, 18 Mar 2014 12:00:55 -0700 (PDT) Received: from aer-iport-1.cisco.com (aer-iport-1.cisco.com [173.38.203.51]) by ietfa.amsl.com (Postfix) with ESMTP id 853231A04AB for ; Tue, 18 Mar 2014 12:00:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2272; q=dns/txt; s=iport; t=1395169240; x=1396378840; h=message-id:date:from:mime-version:to:subject:references: in-reply-to:content-transfer-encoding; bh=jl/ZWR2LIHhExS3/r9k7gwUo1iH3FLDGZ9HzyOUsj48=; b=Ovjgb+ntE9v85aA/U/NPJXKgdzt66nOw9RDpN347lbP9HAaJyBgobv4C Q0LeltmVlfAtFOUXiIMuBgxF7HG+8bkRKahYDF5v/1gcc8/ERr4+Hsdok 4gnahfed+99JneFxLlI1v12n9vKihEjionrqYXQL+U155Z35XcAizkc44 U=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AgYFAKqXKFOQ/khM/2dsb2JhbABagwY7uz6Ga1GBLRZ0giUBAQEEAQEBNTYKDQQLDgMEAQEKFggHCQMCAQIBFR8JCAYBDAYCAQGHdQ3QKBMEjg5bBoQyAQOYRoZMi2SDLjw X-IronPort-AV: E=Sophos;i="4.97,679,1389744000"; d="scan'208";a="9765984" Received: from ams-core-3.cisco.com ([144.254.72.76]) by aer-iport-1.cisco.com with ESMTP; 18 Mar 2014 19:00:25 +0000 Received: from [10.60.67.89] (ams-bclaise-8918.cisco.com [10.60.67.89]) by ams-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id s2IJ0PII032159; Tue, 18 Mar 2014 19:00:25 GMT Message-ID: <532897C9.4020604@cisco.com> Date: Tue, 18 Mar 2014 20:00:25 +0100 From: Benoit Claise User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Jim Schaad , radext@ietf.org References: <52C486C6-B1FD-4310-A38E-2EBEA8CDFB6F@gmail.com> <53282135.5060309@cisco.com> <034201cf42d2$15b4a780$411df680$@augustcellars.com> In-Reply-To: <034201cf42d2$15b4a780$411df680$@augustcellars.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/radext/ic2ZFRZ3kE1RZSlG7IEvAS1tozA Subject: Re: [radext] Rechartering RADEXT X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Mar 2014 19:01:03 -0000 Hi Jim, Point taken. I'm hoping for clarification requests coming from the WG. My issue with AD sponsor documents is to get good reviews. Believe it or no, it's not easy. A chartered document requires some reviews. Regards, Benoit > How would you expect the WG to change a document that has the purpose of > documenting one version of a RADIUS deployment. While I think that asking > the group to review the document for readability makes sense, having the > document as a WG item does not. > > Jim > >> -----Original Message----- >> From: radext [mailto:radext-bounces@ietf.org] On Behalf Of Benoit Claise >> Sent: Tuesday, March 18, 2014 3:34 AM >> To: Jouni Korhonen; radext@ietf.org >> Cc: radext-chairs@tools.ietf.org >> Subject: Re: [radext] Rechartering RADEXT >> >> Dear all, >> >> I've been asked in the past to AD sponsor >> https://datatracker.ietf.org/doc/draft-wierenga-ietf-eduroam/ >> I always prefer to get proper WG review when possible... >> Therefore I'm more inclined to have this document part of the new RADEXT >> charter. >> >> Do you see any problems with this approach? >> >> Regards, Benoit >>> Folks, >>> >>> We are about to recharter soon, since the current charter work items are >> nearly done. >>> We got the CoA Proxying as a potential charter item. So, the question >>> is whether the WG is OK taking in the work in and at the same time >>> adding required words into the current charter. >>> >>> During the London WG meeting we had a presentation of >>> draft-cheng-behave-cgn-cfg-radius-ext >>> I-D. Surprisingly many people had read it and there was also interest >>> around the ongoing work. So, the question is whether the WG is OK >>> taking in the work in and at the same time adding required words into >>> the current charter. In general I would (personally) like to add text > into the >> charter allowing RADEXT take in similar work to this more easily. >>> Any other topics the WG feels need to be added into the charter? I'd >>> assume at least Alan has one or two in his sleeves ;) >>> >>> - Jouni & Stefan. >>> >> _______________________________________________ >> radext mailing list >> radext@ietf.org >> https://www.ietf.org/mailman/listinfo/radext > . > From nobody Tue Mar 18 12:11:22 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F80C1A049A for ; Tue, 18 Mar 2014 12:11:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OvNbNF6XfIv4 for ; Tue, 18 Mar 2014 12:11:15 -0700 (PDT) Received: from out26-ams.mf.surf.net (out26-ams.mf.surf.net [145.0.1.26]) by ietfa.amsl.com (Postfix) with ESMTP id D07421A042F for ; Tue, 18 Mar 2014 12:11:14 -0700 (PDT) Received: from teletubbie.het.net.je (teletubbie.het.net.je [192.87.110.29]) by outgoing1-ams.mf.surf.net (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id s2IJ9vk5026726; Tue, 18 Mar 2014 20:09:58 +0100 Received: from 52d9613c.cm-11-1b.dynamic.ziggo.nl ([82.217.97.60] helo=[192.168.1.213]) by teletubbie.het.net.je with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.80.1 (FreeBSD)) (envelope-from ) id 1WPzJg-000OVZ-GU; Tue, 18 Mar 2014 20:04:48 +0100 References: <52C486C6-B1FD-4310-A38E-2EBEA8CDFB6F@gmail.com> <53282135.5060309@cisco.com> <034201cf42d2$15b4a780$411df680$@augustcellars.com> <532897C9.4020604@cisco.com> Mime-Version: 1.0 (1.0) In-Reply-To: <532897C9.4020604@cisco.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Message-Id: X-Mailer: iPad Mail (11D167) From: Klaas Wierenga Date: Tue, 18 Mar 2014 20:09:57 +0100 To: Benoit Claise X-Antivirus: no malware found X-Bayes-Prob: 0.0001 (Score 0, tokens from: p-out:default, p:default, base:default, @@RPTN) X-CanIt-Geo: ip=192.87.110.29; country=NL; latitude=52.5000; longitude=5.7500; http://maps.google.com/maps?q=52.5000,5.7500&z=6 X-CanItPRO-Stream: p-out:default (inherits from p:default,base:default) X-Canit-Stats-ID: 0uLD79VLX - f834774a9df0 - 20140318 (trained as not-spam) X-Scanned-By: CanIt (www . roaringpenguin . com) Archived-At: http://mailarchive.ietf.org/arch/msg/radext/2BzACJTx7DGwYct8SQo79RpnQWM Cc: "radext@ietf.org" , Jim Schaad Subject: Re: [radext] Rechartering RADEXT X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Mar 2014 19:11:20 -0000 Actually Jim did already do an awesome review! Sent from my iPad > On 18 mrt. 2014, at 20:00, Benoit Claise wrote: >=20 > Hi Jim, >=20 > Point taken. I'm hoping for clarification requests coming from the WG. > My issue with AD sponsor documents is to get good reviews. Believe it or n= o, it's not easy. > A chartered document requires some reviews. >=20 > Regards, Benoit >> How would you expect the WG to change a document that has the purpose of >> documenting one version of a RADIUS deployment. While I think that askin= g >> the group to review the document for readability makes sense, having the >> document as a WG item does not. >>=20 >> Jim >>=20 >>> -----Original Message----- >>> From: radext [mailto:radext-bounces@ietf.org] On Behalf Of Benoit Claise= >>> Sent: Tuesday, March 18, 2014 3:34 AM >>> To: Jouni Korhonen; radext@ietf.org >>> Cc: radext-chairs@tools.ietf.org >>> Subject: Re: [radext] Rechartering RADEXT >>>=20 >>> Dear all, >>>=20 >>> I've been asked in the past to AD sponsor >>> https://datatracker.ietf.org/doc/draft-wierenga-ietf-eduroam/ >>> I always prefer to get proper WG review when possible... >>> Therefore I'm more inclined to have this document part of the new RADEXT= >>> charter. >>>=20 >>> Do you see any problems with this approach? >>>=20 >>> Regards, Benoit >>>> Folks, >>>>=20 >>>> We are about to recharter soon, since the current charter work items ar= e >>> nearly done. >>>> We got the CoA Proxying as a potential charter item. So, the question >>>> is whether the WG is OK taking in the work in and at the same time >>>> adding required words into the current charter. >>>>=20 >>>> During the London WG meeting we had a presentation of >>>> draft-cheng-behave-cgn-cfg-radius-ext >>>> I-D. Surprisingly many people had read it and there was also interest >>>> around the ongoing work. So, the question is whether the WG is OK >>>> taking in the work in and at the same time adding required words into >>>> the current charter. In general I would (personally) like to add text >> into the >>> charter allowing RADEXT take in similar work to this more easily. >>>> Any other topics the WG feels need to be added into the charter? I'd >>>> assume at least Alan has one or two in his sleeves ;) >>>>=20 >>>> - Jouni & Stefan. >>> _______________________________________________ >>> radext mailing list >>> radext@ietf.org >>> https://www.ietf.org/mailman/listinfo/radext >> . >=20 > _______________________________________________ > radext mailing list > radext@ietf.org > https://www.ietf.org/mailman/listinfo/radext From nobody Tue Mar 18 14:58:26 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9F411A030C for ; Tue, 18 Mar 2014 14:58:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VX_4zQrDDRrP for ; Tue, 18 Mar 2014 14:58:22 -0700 (PDT) Received: from power.freeradius.org (power.freeradius.org [88.190.25.44]) by ietfa.amsl.com (Postfix) with ESMTP id 204911A023C for ; Tue, 18 Mar 2014 14:58:21 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by power.freeradius.org (Postfix) with ESMTP id 06A0F2240132; Tue, 18 Mar 2014 22:58:12 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at power.freeradius.org Received: from power.freeradius.org ([127.0.0.1]) by localhost (power.freeradius.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6BlR572kLGVk; Tue, 18 Mar 2014 22:58:11 +0100 (CET) Received: from Thor.local (unknown [70.50.218.22]) by power.freeradius.org (Postfix) with ESMTPSA id 2789C2240028; Tue, 18 Mar 2014 22:58:11 +0100 (CET) Message-ID: <5328C172.5080305@deployingradius.com> Date: Tue, 18 Mar 2014 17:58:10 -0400 From: Alan DeKok User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228) MIME-Version: 1.0 To: Jim Schaad References: <53285DE2.9040802@cisco.com> <035801cf42d2$99464b80$cbd2e280$@augustcellars.com> In-Reply-To: <035801cf42d2$99464b80$cbd2e280$@augustcellars.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/radext/1Ry0ImqVzOewSzzDUVPrIkyCFKg Cc: 'Benoit Claise' , radext@ietf.org, draft-ietf-radext-radius-fragmentation@tools.ietf.org, lionel.morand@orange.com Subject: Re: [radext] Update RFC 6929 in draft-ietf-radext-radius-fragmentation X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Mar 2014 21:58:25 -0000 Jim Schaad wrote: > While it is true that an implementer of 6929 does not need to see this > document, it is also true that this document is effectively allocating a > bit from a structure that is in that document. If this document does > not update 6929, then it is possible that the next document to update > that structure will fail to notice this and allocate the same bit for a > different purpose. I hope we're all smart enough to remember that the bit is allocated. If we're not... the WG should be shut down. > I believe that this update relationship needs to be retained. It may be useful, but IETF process may forbid it. Alan DeKok. From nobody Wed Mar 19 03:07:35 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DEB91A06CA for ; Wed, 19 Mar 2014 03:07:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.748 X-Spam-Level: X-Spam-Status: No, score=-4.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RLCIfnSy6A2A for ; Wed, 19 Mar 2014 03:07:29 -0700 (PDT) Received: from xenon23.um.es (xenon23.um.es [155.54.212.163]) by ietfa.amsl.com (Postfix) with ESMTP id 9FDC61A06C8 for ; Wed, 19 Mar 2014 03:07:29 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by xenon23.um.es (Postfix) with ESMTP id DBBB532D7; Wed, 19 Mar 2014 11:07:19 +0100 (CET) X-Virus-Scanned: by antispam in UMU at xenon23.um.es Received: from xenon23.um.es ([127.0.0.1]) by localhost (xenon23.um.es [127.0.0.1]) (amavisd-new, port 10024) with LMTP id XkG3PNbIsvuQ; Wed, 19 Mar 2014 11:07:19 +0100 (CET) Received: from [10.42.0.19] (84.124.131.72.dyn.user.ono.com [84.124.131.72]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: alex) by xenon23.um.es (Postfix) with ESMTPSA id 35905268A; Wed, 19 Mar 2014 11:07:17 +0100 (CET) Message-ID: <53296C54.7030907@um.es> Date: Wed, 19 Mar 2014 11:07:16 +0100 From: Alejandro Perez Mendez User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Alan DeKok References: <20140307075126.8756.14600.idtracker@ietfa.amsl.com> <53197B56.10303@um.es> <53281E36.2020708@cisco.com> <53282898.9050504@um.es> <532849D2.3040504@deployingradius.com> In-Reply-To: <532849D2.3040504@deployingradius.com> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Archived-At: http://mailarchive.ietf.org/arch/msg/radext/I6eUEEh1Znq1HN9xKTK5qIFhi1A Cc: radext@ietf.org Subject: Re: [radext] Fwd: New Version Notification for draft-ietf-radext-radius-fragmentation-05.txt X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Mar 2014 10:07:32 -0000 El 18/03/14 14:27, Alan DeKok escribió: > Alejandro Perez Mendez wrote: >> we could extend that line to something like: >> >> The >> authors acknowledge this is formally violating [RFC2865], but no >> operational issues are expected as no known implementation >> perform that verification when proxying Access-Requests, since doing so would >> preclude them to support future extensions. > Perhaps this (word-smithing) > > The authors acknowledge that this specification violates the "MUST" > requirement of [RFC2865] Section 4.1. We note that a proxy which > enforces that requirement would be unable to support future RADIUS > authentication extensions. Extensions to the protocol would therefore > be impossible to deploy. > > All known implementations have chosen the philosophy of "be liberal in > what you accept". That is, they accept traffic which violates the > requirement of [RFC2865] Section 4.1. We therefore expect to see no > operational issues with this specification. After we gain more > operational experience with this specification, it can be re-issued as a > standards track document, and update [RFC2865]. Thanks for the improved text. I will use it. > > Alan DeKok. From nobody Wed Mar 19 03:15:52 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A92D81A06C3 for ; Wed, 19 Mar 2014 03:15:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.748 X-Spam-Level: X-Spam-Status: No, score=-4.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c8cigIFmgZ8N for ; Wed, 19 Mar 2014 03:15:46 -0700 (PDT) Received: from xenon23.um.es (xenon23.um.es [155.54.212.163]) by ietfa.amsl.com (Postfix) with ESMTP id 2E7101A06C8 for ; Wed, 19 Mar 2014 03:15:46 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by xenon23.um.es (Postfix) with ESMTP id 258B744EC for ; Wed, 19 Mar 2014 11:15:37 +0100 (CET) X-Virus-Scanned: by antispam in UMU at xenon23.um.es Received: from xenon23.um.es ([127.0.0.1]) by localhost (xenon23.um.es [127.0.0.1]) (amavisd-new, port 10024) with LMTP id eSSm-a-R9up4 for ; Wed, 19 Mar 2014 11:15:37 +0100 (CET) Received: from [10.42.0.19] (84.124.131.72.dyn.user.ono.com [84.124.131.72]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: alex) by xenon23.um.es (Postfix) with ESMTPSA id E663B44C9 for ; Wed, 19 Mar 2014 11:15:36 +0100 (CET) Message-ID: <53296E47.4060802@um.es> Date: Wed, 19 Mar 2014 11:15:35 +0100 From: Alejandro Perez Mendez User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: radext@ietf.org References: <53285DE2.9040802@cisco.com> <035801cf42d2$99464b80$cbd2e280$@augustcellars.com> <5328C172.5080305@deployingradius.com> In-Reply-To: <5328C172.5080305@deployingradius.com> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Archived-At: http://mailarchive.ietf.org/arch/msg/radext/G8fm5_DD1k7J91D5vpeIFMIRIbE Subject: Re: [radext] Update RFC 6929 in draft-ietf-radext-radius-fragmentation X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Mar 2014 10:15:50 -0000 El 18/03/14 22:58, Alan DeKok escribió: > Jim Schaad wrote: >> While it is true that an implementer of 6929 does not need to see this >> document, it is also true that this document is effectively allocating a >> bit from a structure that is in that document. If this document does >> not update 6929, then it is possible that the next document to update >> that structure will fail to notice this and allocate the same bit for a >> different purpose. > I hope we're all smart enough to remember that the bit is allocated. > If we're not... the WG should be shut down. > >> I believe that this update relationship needs to be retained. > It may be useful, but IETF process may forbid it. In my opinion, this draft does update 6929, as it updates 2865, since 6929 specifies the reserved field MUST be set to 0, and SHOULD be ignored by recipients, and we change that. However, following the same reasoning than with 2865, probably it should not be actually specified until the fragmentation document is re-issued as a standards track document (if it does). Regards > > Alan DeKok. > > _______________________________________________ > radext mailing list > radext@ietf.org > https://www.ietf.org/mailman/listinfo/radext From nobody Thu Mar 20 07:23:00 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41CA21A074E for ; Thu, 20 Mar 2014 07:22:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.438 X-Spam-Level: X-Spam-Status: No, score=-2.438 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001, T_TVD_MIME_NO_HEADERS=0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hWJfrHHAMfWM for ; Thu, 20 Mar 2014 07:22:55 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) by ietfa.amsl.com (Postfix) with ESMTP id D58101A08C7 for ; Thu, 20 Mar 2014 07:22:44 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id ABBAD20038 for ; Thu, 20 Mar 2014 11:42:02 -0400 (EDT) Received: by sandelman.ca (Postfix, from userid 179) id B501763AB2; Thu, 20 Mar 2014 10:22:35 -0400 (EDT) Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id A57F963A9E for ; Thu, 20 Mar 2014 10:22:35 -0400 (EDT) From: Michael Richardson To: radext@ietf.org In-Reply-To: <5328C172.5080305@deployingradius.com> References: <53285DE2.9040802@cisco.com> <035801cf42d2$99464b80$cbd2e280$@augustcellars.com> <5328C172.5080305@deployingradius.com> X-Mailer: MH-E 8.2; nmh 1.3-dev; GNU Emacs 23.4.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Sender: mcr@sandelman.ca Archived-At: http://mailarchive.ietf.org/arch/msg/radext/eK50dgh23Lvp0IXA2Wh9Xo3xeFk Subject: Re: [radext] Update RFC 6929 in draft-ietf-radext-radius-fragmentation X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Mar 2014 14:22:58 -0000 --=-=-= Alan DeKok wrote: >> While it is true that an implementer of 6929 does not need to see this >> document, it is also true that this document is effectively allocating >>a >> bit from a structure that is in that document. If this document does >> not update 6929, then it is possible that the next document to update It's not just the document/WG, it is also users of the protocol who think that they are in a walled garden, and can abuse reserved fields. >> that structure will fail to notice this and allocate the same bit for a >> different purpose. > I hope we're all smart enough to remember that the bit is allocated. > If we're not... the WG should be shut down. The WG will be shutdown at some point, so: >> I believe that this update relationship needs to be retained. > It may be useful, but IETF process may forbid it. An Experimental document can allocate bits from a standard... on an experimental basis. ECN bits were done that way. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [ -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting for hire =- --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQCVAwUBUyr5q4qHRg3pndX9AQKE0gP+IQ+3bNdOVhC3muDwKtvlDIV/FjCVX8Ro WEgiSJBu99eXdTD4Wn5DlBC5vmTwvEO95E7dqik9O0Bj/m4CTqZGJahXDHGGrlee PxS1Mx4uQqcGPFDCqsw9RMVgD8xR1VWCancfpfZdA7mo7+pYD9FapMkTgHZ9ylX6 EHyrAm9ddxA= =gKtv -----END PGP SIGNATURE----- --=-=-=-- From nobody Thu Mar 20 07:52:31 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F17CB1A0751 for ; Thu, 20 Mar 2014 07:52:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id moOrUcoK16zG for ; Thu, 20 Mar 2014 07:52:26 -0700 (PDT) Received: from power.freeradius.org (power.freeradius.org [88.190.25.44]) by ietfa.amsl.com (Postfix) with ESMTP id 90ACD1A03FE for ; Thu, 20 Mar 2014 07:52:26 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by power.freeradius.org (Postfix) with ESMTP id 105E52240749; Thu, 20 Mar 2014 15:51:47 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at power.freeradius.org Received: from power.freeradius.org ([127.0.0.1]) by localhost (power.freeradius.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tc44DCKk27hD; Thu, 20 Mar 2014 15:51:46 +0100 (CET) Received: from Thor.local (bas1-ottawa11-1176224686.dsl.bell.ca [70.27.195.174]) by power.freeradius.org (Postfix) with ESMTPSA id 8043A2240133; Thu, 20 Mar 2014 15:51:46 +0100 (CET) Message-ID: <532B0083.7050606@deployingradius.com> Date: Thu, 20 Mar 2014 10:51:47 -0400 From: Alan DeKok User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228) MIME-Version: 1.0 To: Michael Richardson References: <53285DE2.9040802@cisco.com> <035801cf42d2$99464b80$cbd2e280$@augustcellars.com> <5328C172.5080305@deployingradius.com> <14050.1395325355@sandelman.ca> In-Reply-To: <14050.1395325355@sandelman.ca> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/radext/G6u-wco5Wlf5MM8aK6DkTYKzSKk Cc: radext@ietf.org Subject: Re: [radext] Update RFC 6929 in draft-ietf-radext-radius-fragmentation X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Mar 2014 14:52:29 -0000 Michael Richardson wrote: > It's not just the document/WG, it is also users of the protocol who think > that they are in a walled garden, and can abuse reserved fields. I have zero sympathy for such people. > The WG will be shutdown at some point, Never! > An Experimental document can allocate bits from a standard... on an > experimental basis. ECN bits were done that way. OK. I'm not sure we want an IANA registry for these bits. It seems overkill. But it would be a way to track their allocation. Alan DeKok. From nobody Thu Mar 20 09:26:36 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E8591A08D1 for ; Thu, 20 Mar 2014 09:26:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.235 X-Spam-Level: X-Spam-Status: No, score=-1.235 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_SOFTFAIL=0.665] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PM146FIOX8Qa for ; Thu, 20 Mar 2014 09:26:34 -0700 (PDT) Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) by ietfa.amsl.com (Postfix) with ESMTP id A75AD1A03DD for ; Thu, 20 Mar 2014 09:26:16 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.painless-security.com (Postfix) with ESMTP id 4CB0B206C0; Thu, 20 Mar 2014 12:26:02 -0400 (EDT) Received: from mail.painless-security.com ([127.0.0.1]) by localhost (mail.suchdamage.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r70aeQSkJJbN; Thu, 20 Mar 2014 12:26:01 -0400 (EDT) Received: from carter-zimmerman.suchdamage.org (unknown [172.56.30.165]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS; Thu, 20 Mar 2014 12:26:01 -0400 (EDT) Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 1CA1C81160; Thu, 20 Mar 2014 12:26:01 -0400 (EDT) From: Sam Hartman To: Michael Richardson References: <53285DE2.9040802@cisco.com> <035801cf42d2$99464b80$cbd2e280$@augustcellars.com> <5328C172.5080305@deployingradius.com> <14050.1395325355@sandelman.ca> Date: Thu, 20 Mar 2014 12:26:01 -0400 In-Reply-To: <14050.1395325355@sandelman.ca> (Michael Richardson's message of "Thu, 20 Mar 2014 10:22:35 -0400") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain Archived-At: http://mailarchive.ietf.org/arch/msg/radext/hhWTBAGwyXpz9xgqP89Y5YaZ6AE Cc: radext@ietf.org Subject: Re: [radext] Update RFC 6929 in draft-ietf-radext-radius-fragmentation X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Mar 2014 16:26:35 -0000 My preference is that we try publishing with the updates on 6929, and if that fails, then we just ignore things. I would rather not create an IANA registry for these bits. From nobody Thu Mar 20 11:12:18 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0CA8C1A08F4 for ; Thu, 20 Mar 2014 11:12:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.438 X-Spam-Level: X-Spam-Status: No, score=-2.438 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001, T_TVD_MIME_NO_HEADERS=0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p6xTPNh0DHFO for ; Thu, 20 Mar 2014 11:12:12 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) by ietfa.amsl.com (Postfix) with ESMTP id 35A141A03DD for ; Thu, 20 Mar 2014 11:12:12 -0700 (PDT) Received: from sandelman.ca (desk.marajade.sandelman.ca [209.87.252.247]) by tuna.sandelman.ca (Postfix) with ESMTP id 8D02D20039; Thu, 20 Mar 2014 15:31:29 -0400 (EDT) Received: by sandelman.ca (Postfix, from userid 179) id E8E1063AB2; Thu, 20 Mar 2014 14:12:01 -0400 (EDT) Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id C2B1463A9E; Thu, 20 Mar 2014 14:12:01 -0400 (EDT) From: Michael Richardson To: Alan DeKok In-Reply-To: <532B0083.7050606@deployingradius.com> References: <53285DE2.9040802@cisco.com> <035801cf42d2$99464b80$cbd2e280$@augustcellars.com> <5328C172.5080305@deployingradius.com> <14050.1395325355@sandelman.ca> <532B0083.7050606@deployingradius.com> X-Mailer: MH-E 8.2; nmh 1.3-dev; GNU Emacs 23.4.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Sender: mcr@sandelman.ca Archived-At: http://mailarchive.ietf.org/arch/msg/radext/0ZhS4mGCe9pkVZh1Zwvmq-HO1hI Cc: radext@ietf.org Subject: Re: [radext] Update RFC 6929 in draft-ietf-radext-radius-fragmentation X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Mar 2014 18:12:15 -0000 --=-=-= Alan DeKok wrote: >> It's not just the document/WG, it is also users of the protocol who >> think >> that they are in a walled garden, and can abuse reserved fields. > I have zero sympathy for such people. Without the pointer, they won't know they are being stupid. >> An Experimental document can allocate bits from a standard... on an >> experimental basis. ECN bits were done that way. > OK. > I'm not sure we want an IANA registry for these bits. It seems > overkill. But it would be a way to track their allocation. I'm not 100% sure you need to have an IANA registry, but I'm sure that the document needs to update the previous document. RFC6929 did not say what kind of specifications: Future specifications may define additional meaning for this field. Implementations therefore MUST NOT treat this field as invalid if it is non-zero. I think it's a call for your AD to make. I think that it's reasonable for it to be an experimental document, and I think that ECN *repurposed* the ToS bits without an IANA registration. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting for hire =- --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQCVAwUBUysvb4qHRg3pndX9AQJjbgP/XAW1cjQNW6ODE8/0T9sByYeZ3bwr2Q6G T/f4bNPzDCE9l8TV+emlxLAyO0IbVJkr6iZjsOttfEf/Vo2IOrkeNfrVQJNabAUa ayN717SO11NZtDDErTe5yhVKv7TU3ueBPcvm/RCGWFhcSPjbK7CREoisef0mXjXZ yiWOPcsOj5Y= =NLMT -----END PGP SIGNATURE----- --=-=-=-- From nobody Thu Mar 20 11:16:44 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9321B1A06E1 for ; Thu, 20 Mar 2014 11:16:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eTXPyb0kHWIa for ; Thu, 20 Mar 2014 11:16:18 -0700 (PDT) Received: from power.freeradius.org (power.freeradius.org [88.190.25.44]) by ietfa.amsl.com (Postfix) with ESMTP id AC8771A0429 for ; Thu, 20 Mar 2014 11:16:09 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by power.freeradius.org (Postfix) with ESMTP id 6C1432240749; Thu, 20 Mar 2014 19:15:30 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at power.freeradius.org Received: from power.freeradius.org ([127.0.0.1]) by localhost (power.freeradius.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z+wfj2UEvl-y; Thu, 20 Mar 2014 19:15:30 +0100 (CET) Received: from Thor.local (bas1-ottawa11-1176224686.dsl.bell.ca [70.27.195.174]) by power.freeradius.org (Postfix) with ESMTPSA id E457922400FF; Thu, 20 Mar 2014 19:15:29 +0100 (CET) Message-ID: <532B3040.102@deployingradius.com> Date: Thu, 20 Mar 2014 14:15:28 -0400 From: Alan DeKok User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228) MIME-Version: 1.0 To: Michael Richardson References: <53285DE2.9040802@cisco.com> <035801cf42d2$99464b80$cbd2e280$@augustcellars.com> <5328C172.5080305@deployingradius.com> <14050.1395325355@sandelman.ca> <532B0083.7050606@deployingradius.com> <31142.1395339121@sandelman.ca> In-Reply-To: <31142.1395339121@sandelman.ca> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/radext/_jQz-mIu8d3UJ7fW8MWH42vk_6U Cc: radext@ietf.org Subject: Re: [radext] Update RFC 6929 in draft-ietf-radext-radius-fragmentation X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Mar 2014 18:16:28 -0000 Michael Richardson wrote: > Without the pointer, they won't know they are being stupid. Not entirely. RFC 6929 says that the bits are reserved, and allocated via IETF consensus. Any vendor "poaching" on those bits knows a priori that it's wrong. They don't need to read the fragmentation document to know that. > I think it's a call for your AD to make. > I think that it's reasonable for it to be an experimental document, I agree. I'm OK with this doc saying "updates 6929". Alan DeKok. From nobody Mon Mar 24 07:23:32 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49AEA1A0218 for ; Mon, 24 Mar 2014 07:23:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.791 X-Spam-Level: X-Spam-Status: No, score=0.791 tagged_above=-999 required=5 tests=[BAYES_50=0.8, T_RP_MATCHES_RCVD=-0.01, WEIRD_PORT=0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5AlL-4ibPjJq for ; Mon, 24 Mar 2014 07:23:27 -0700 (PDT) Received: from smtprelay.restena.lu (smtprelay.restena.lu [IPv6:2001:a18:1::62]) by ietfa.amsl.com (Postfix) with ESMTP id 5F62B1A01F9 for ; Mon, 24 Mar 2014 07:23:27 -0700 (PDT) Received: from smtprelay.restena.lu (localhost [127.0.0.1]) by smtprelay.restena.lu (Postfix) with ESMTP id 8AC7310584 for ; Mon, 24 Mar 2014 15:23:25 +0100 (CET) Received: from [IPv6:2001:a18:1:8:921b:eff:fe1b:d2e7] (unknown [IPv6:2001:a18:1:8:921b:eff:fe1b:d2e7]) by smtprelay.restena.lu (Postfix) with ESMTPS id 7F0401057E for ; Mon, 24 Mar 2014 15:23:25 +0100 (CET) Message-ID: <53303FB2.8090002@restena.lu> Date: Mon, 24 Mar 2014 15:22:42 +0100 From: Stefan Winter User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: radext@ietf.org References: <53285DE2.9040802@cisco.com> <035801cf42d2$99464b80$cbd2e280$@augustcellars.com> <5328C172.5080305@deployingradius.com> In-Reply-To: <5328C172.5080305@deployingradius.com> X-Enigmail-Version: 1.6 OpenPGP: id=8A39DC66; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="qQR61IUgFTixCbduq0G3aLkUaDVd7v69g" X-Virus-Scanned: ClamAV Archived-At: http://mailarchive.ietf.org/arch/msg/radext/HFfMo6Cvv9wFN5WRP68qrgmDgyc Subject: Re: [radext] Update RFC 6929 in draft-ietf-radext-radius-fragmentation X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Mar 2014 14:23:30 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --qQR61IUgFTixCbduq0G3aLkUaDVd7v69g Content-Type: multipart/mixed; boundary="------------070809080607080004060807" This is a multi-part message in MIME format. --------------070809080607080004060807 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hello, with my shiny new chair hat on: >> While it is true that an implementer of 6929 does not need to see this= >> document, it is also true that this document is effectively allocating= a >> bit from a structure that is in that document. If this document does >> not update 6929, then it is possible that the next document to update >> that structure will fail to notice this and allocate the same bit for = a >> different purpose. >=20 > I hope we're all smart enough to remember that the bit is allocated. > If we're not... the WG should be shut down. I believe it's a bad idea to rely on collective memory or a mailing list archive. So, regardless of what the consensus will be: try an "Updates" or not; create an IANA registry or not - the fact that a loosely-knit relationship to RFC6929 exists, and where the pitfalls are, should be reflected inside the draft itself. As for where - I think it helps to keep in mind that that there will be numerous rounds of reviewing going on after the document has cleared WGLC= =2E In particular, the Operations Area will conduct an ops-dir review as part of the IETF LC. There are very specific questions in the ops-dir review template, one of which is: "Are there any coexistence issues?" The probability that an ops-dir reviewer will pick up the T-Bit allocation coexistence issue during his reading are very high (especially if the proto write-up mentions this as one of the contentious points :-) ); so if that issue is not explicitly documented, it will probably surface at that point, and we'll need to deal with it. We can of course wait for that to happen, but I'd rather preempt such a useless extra round and fix the issue in the draft right now. Another question in the ops-dir review is "Is an operational considerations and/or manageability section part of the document?" I believe the best way forward is to add such a section to the draft (it could be a sub-section of Introduction, or be a section of its own). The section would document what was argued on the mailing list, where the pitfalls are, and that an "Updates" would be a reasonable possiblity to avoid them if allowed by process. With that text in the document, the WG can then try to use Updates or not - and the reason for doing so can then be found in the document itself. If the actual Updates relationship later doesn't fly, the text highlighting the issue will at least still be in there - and not in someone's brain or deep down in the ML archives. I realise that the text then wouldn't necessarily be found by someone implementing a follow-up spec to RFC6929 due to lack of an Updated-By, but chances are at least way better. (And as an individual: if we have an Operations/Manageability section anyway at that point - wouldn't it be a good idea to move the "formal violation of RFC2865" into that section as well? ) Greetings, Stefan Winter >> I believe that this update relationship needs to be retained. >=20 > It may be useful, but IETF process may forbid it. >=20 > Alan DeKok. >=20 > _______________________________________________ > radext mailing list > radext@ietf.org > https://www.ietf.org/mailman/listinfo/radext >=20 --=20 Stefan WINTER Ingenieur de Recherche Fondation RESTENA - R=E9seau T=E9l=E9informatique de l'Education National= e et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473 PGP key updated to 4096 Bit RSA - I will encrypt all mails if the recipient's key is known to me http://pgp.mit.edu:11371/pks/lookup?op=3Dget&search=3D0xC0DE6A358A39DC66 --------------070809080607080004060807 Content-Type: application/pgp-keys; name="0x8A39DC66.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x8A39DC66.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.22 (GNU/Linux) mQINBFIplEwBEADTSz+DS8nio+RSvfSLLfaOnCGi1nqpn8Pb1laVUyEvnAAzZ5je miS88GxfiDH6hUGlWzcaW0hCfUHGiohr485adbjxRksPngWgAt/1bRxpifsW3zOb Fjgog01WWQV5Sihlwc4zr8zvYbFA5BJZ6YdkR9C5J015riv5OS30WTjA65SSXgYr b7zJWPwmegTFwE093uBFvC39waz3xYpVu5j87nO6w2MVQt/8sY2/2BFPEq+xfOaj l18UEwc7w8SCgnZdlVNcmEK4UBvJuwS/1lsR2JeQa8Gu1EDxC7PRgMgNXsDSWnnB e9aVmfG54+6ILe1QH2dwk9sPBQT5w2+vjijrb3Dv9ur+1kN+TNU2XE436jVpnnY/ 3OsLdix30STQn4Q/XOm7YoVMeDwwviefilRxzK0dXA+wKj92T68Od82CFxuZqPAg BCVmWfQM91iK9piqFK+QP+R3vF6+NGDBdwbe68iVKs0v5L8XmbxBQndjpmo+lo2a smBR2TAIfZHaKdgtBw13u3GPVVKlg/Mpko8ki9JOSem2aFyi3kQEVKptWgXT3POl 97DWJzsR5VyKz6GOx9kJAEISRyLZwm0wqh8+9LCza5oeIKW381lzq1b9x30vOh8C BSQQJ+cG9ko0yPHAj7Suw2TmPXx1qMctmE6Ahq82ZW30SljdZby8WQuR2wARAQAB tDxTdGVmYW4gV2ludGVyIChSRVNURU5BIGtleSAyMDEzKykgPHN0ZWZhbi53aW50 ZXJAcmVzdGVuYS5sdT6JAjkEEwECACMFAlIplEwCGwMHCwkIBwMCAQYVCAIJCgsE FgIDAQIeAQIXgAAKCRDA3mo1ijncZj7/D/99hVS+mJr8dSPCaDaUFFxBiT2eI1Lo R8VKEerTCRw5BsdL6pN2eRJZ9NmsqWo1ynWVHEzO91bNZ+oZGgyoNohcBAI7p+r0 qUTzkyqwdZO4kMm0pqKoM9xkP3tf2mjGujKjOz4Y7S7wnz2ZFokeUsecoRVJF/++ /qHnmeWLn44J1HUKLHYCjMu+QXGOgGXgz024jQ5eUrnPwzNp0Z90AFVHlWC+bymt y/ToIUUCQqS5Ff0jzdWLd8U695OG9iGvjBQT1LdEjsfbAwuKV5UcnpxNqUpUwKa5 9hdX5/2cMZP07FI1UXwnBlxa8rJfdb13FLjSKX4vUUHedYUZMjMPgcwl1a+zGE22 lHiSQWgP8QLA/W3BLsi22ERCEPZBfexOeOtaWIItDIz18fIaQoMDoRPshzar0JI2 CzLYsyeKySAtYJEHFVoLmMvhkwzBmgqA/BEswUA67CfCr1jFHRXdpmWM7YkyAmMa 9q6LwquWKS5+MXlUXe/3oZUcgpw/T9Uuy3Jo3RdS7B3jFcWaVr6KsO/A9u1gr/aY n5M+iJTQSj4vzqtkQaJTpSspRZoKa66HZt3IwSYiDiYZqtM83ynuj9kjnZzGfnuT aNIi996q6Mptr33mOzIE1wmMqnJYwTr3EcNtf483q/qrJwh5ES8Q9xY7aat/ZcSl 8fKubW4TlfVr8YhGBBARAgAGBQJSKZUGAAoJEPo5vdH/HhVmYTgAn24eoqO/O98o vNpt08Uab/+/tmYKAJ9kjXm9Njz5h33efzeelZUa484rr7kCDQRSKZRMARAAvBPp n7FQq7LQ5glohtbL6XIEo1U4X67S0TzUYieENSWSVYuWYIhCBldmWdmH8Bpj/qHe qdon7v+SLtR4WngzMR9toupKcFfHnbP9kpazTSB2ySHxXWGX1gJOpPXdCcg9iveK BHEsDn00ThTcPsvtXpnnzET16pXIvOXO0bxTmVZ4INIF1SWgvYma/g8kBbgXLpkj 8tOywBqFiiYPEZlDeCxDHiMgUDh6olda9K/0TZFTdMPUgjKuubfAeaDNCOrVt4Rj mFOaRLikcZocmgJhm3z/j25x7/mnNu+0di1H/S67YGQJ+pqCFInzIXDx7aRW2+JC iqsY2X3xOPWZZzjyis5SNnfOcPH3gt2hYz1fy+thsBGf4NgCN01JRqIJ2/MOQCgU dwh+9l8xqaJvCkUHM4hVh4W62MAe1u7UEqQbvvNEqxM5034vcvlE+/LRkrDCspw+ 2YJ9QyroLerVRwW5DVleP8Ifi8VB3yD80nqXYs9aqRy0BkDNIQ43ERhESMt8dJqr NkxgC6pemZrhNwyDh+hy2kPNGQh/iBpdKuH1o3E24TIZoV2v3YHvzob7aAYHddE/ PofAXhJW7I9mAs+HdWDmnI8ckuPDFpFH+Y/BFGvEXgcnJAJ1wEvf+4LuiIi0MHjR 4EWFn9vvoFDAIqD10h3FSd3D59HGtdSsNn4XaCsAEQEAAYkCHwQYAQIACQUCUimU TAIbDAAKCRDA3mo1ijncZhBtEACL036ddjc5pFoYIdoUY1vT8SMXJNquewCnL1qu DADzqDZFU5GNlQEy10krSfBwlTb9ahTtE0JFrOdZwUZtoa1Pgfr8nU6KOgrXPHbN jS/9dyc5CwGVVIpOavIm2CsMVDJ9LCF/NT+u/t1k6eGfHhPVl3dUQyDa/lzc1chK UIVQYQkFmr0A/iXP+29lFCaI+IeyU0bSdZhezDwUROn5vEx+fiPZyHDShCb+BxJv /o2LQp9JHenCiSbO+ioRZdxgbWfoKBuXOfmSStqMWXas/gZ5vS3xq72LNtKPRxgp jX3P8Zml1XDqpcBau7eK75VKE0Yd06YxnUIsbcEzInUc3uzW/u0DFpXYkMJb0XIv JyUt5yYPKfV13N8kSkPi5pLxm8yuftXMzfgeFMR7nafY3glTVj/TxElzg6xeZNqf C2ZjIbBtZg9ylHU8u8wwB+dX282crs0R3N9A064C71/cXlBqcjzjlKH2NUIWGxr+ od3TXFIFjszSU3NgMPKrWNhFLLwS81MpbkOe73s6aDhS8RDyNucoxtKXriLR+4Xi u4+pyj5ukYP1JqpB3ZobY/XZgCnJMye+7xeTpIDJ1LPORxM3NNAElyb26lxAK2P+ km+EpI0Zzz6rNSCfg5jYQ474+e/GBgaSG4MlaPoZ+XAfN46u1Xjjv1/AkkA4IA6m 5zP5og=3D=3D =3D3NUt -----END PGP PUBLIC KEY BLOCK----- --------------070809080607080004060807-- --qQR61IUgFTixCbduq0G3aLkUaDVd7v69g Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCgAGBQJTMD+yAAoJEMDeajWKOdxmLysP/iNQmcTRdzz7NdxeDYDj0xo2 ZcTchViJVKFBk1b3L58Y9mNZdpZ8DlzVAkqsIE2VkICH7tMKjpxUvnuodaOajBjb lTz6q7X0Vf07SkElRNNVeY6I+Wz7LqHKlq2ZIoOARxS/LJfKfKQOEU/mEOXKn7tY HeRIBrkcVct3D1ufzGQdJO41UyExoLWznwwwwmh9aH+2r5VB3enI1xBu/JoWR8CG 4Cs+0r8g5uKDHjlcc8EVW1ziEVvej9VWDglhwRX9C8uM9wOW+hz1rL+1Yys2Vo0W oyOkWD5BdmgflR6ua4yPLfR7nxcc70lUzFNeqgth/iXlI9LPxPFlhjD5RRK2xNBk t7zWTW+gvIbBbyo+pzRoLIQcGlQ2uTyF98oBSpGkiDVO33iCCVZOJw95YTVIJfE3 HWDhPYPneB6wDp6IdwcW1sOc37JCGUKmO1llfDoe/c1KxF3lK3BNWpau80ky0xwj weaPg0bVcZrixxKi5VRSH80S5MwuUWe6OQULeBzAVhVtlJPTxWCp9oO73UYewppV FYcJ1AanordUfI0h3QJcbtPJP1ug+tdoaJHs+h4BiuSf9ELxLnZMCVeDOXWfBeFs C1X8G5ZcLQkDMFM0lqIon+MpihXFzWs99DMZ7T3QzE/70eUKBB80qCffazFz5fM3 Sb584kpz6SUc0yhHl3uv =lZgC -----END PGP SIGNATURE----- --qQR61IUgFTixCbduq0G3aLkUaDVd7v69g-- From nobody Mon Mar 24 09:43:13 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAE361A0236 for ; Mon, 24 Mar 2014 09:43:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.789 X-Spam-Level: X-Spam-Status: No, score=0.789 tagged_above=-999 required=5 tests=[BAYES_50=0.8, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pPnkS0TBpcyc for ; Mon, 24 Mar 2014 09:43:09 -0700 (PDT) Received: from aspen.internal.iea-software.com (remote.iea-software.com [70.89.142.196]) by ietfa.amsl.com (Postfix) with ESMTP id 2654B1A025C for ; Mon, 24 Mar 2014 09:43:09 -0700 (PDT) Received: from SMURF.peterd.ws (unverified [10.0.3.195]) by aspen.internal.iea-software.com (Rockliffe SMTPRA 7.0.6) with ESMTP id ; Mon, 24 Mar 2014 09:43:07 -0700 Date: Mon, 24 Mar 2014 09:43:23 -0700 (Pacific Daylight Time) From: Peter Deacon To: Jouni Korhonen In-Reply-To: <907DC0B0-6E00-4179-BE37-17C89810A9EC@gmail.com> Message-ID: References: <907DC0B0-6E00-4179-BE37-17C89810A9EC@gmail.com> User-Agent: Alpine 2.11 (WNT 23 2013-08-11) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Archived-At: http://mailarchive.ietf.org/arch/msg/radext/Jxm2gH5hDDwxWzC6ipfkv7m7J6I Cc: "radext@ietf.org" , "radext-chairs@tools.ietf.org" Subject: Re: [radext] Adoption call for draft-hartman-radext-bigger-packets X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Mar 2014 16:43:11 -0000 On Tue, 18 Mar 2014, Jouni Korhonen wrote: > We had good support to adopt draft-hartman-radext-bigger-packets I-D as a WG > item during the London WG meeting. However, we need to confirm the adoption > in the mailing list. This mail starts a one week adoption call for the I-D. > If you are against the adoption, voice your opinion and why. Silence is > counted as an acceptance. The call ends 25th March. I do not support adoption at this time. Seeing value in continuing to support UDP/DTLS no bridge is available for CoA and Accounting. Noting also did not support rational in Alex's draft for ignoring this issue for reasons explained in detail earlier on this list. Would like to see a solution whether it's bigger packets, extended request or something else offer full coverage yet enable implementors to support any subset they see value in supporting. If systems are to start transmitting more than max size I prefer a less permissive environment where some indication of support is required up front prior to transmitting larger messages. It can be a manual setting or an automatic "discovery" yet would prefer something "MUST" be indicated. regards, Peter From nobody Mon Mar 24 09:46:24 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44AB61A0269 for ; Mon, 24 Mar 2014 09:46:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZNTIya91uC2m for ; Mon, 24 Mar 2014 09:46:19 -0700 (PDT) Received: from power.freeradius.org (power.freeradius.org [88.190.25.44]) by ietfa.amsl.com (Postfix) with ESMTP id 100681A0236 for ; Mon, 24 Mar 2014 09:46:19 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by power.freeradius.org (Postfix) with ESMTP id 833D02240179; Mon, 24 Mar 2014 17:46:17 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at power.freeradius.org Received: from power.freeradius.org ([127.0.0.1]) by localhost (power.freeradius.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YhfPNTxdWyp7; Mon, 24 Mar 2014 17:46:17 +0100 (CET) Received: from Thor.local (bas1-ottawa11-1176224686.dsl.bell.ca [70.27.195.174]) by power.freeradius.org (Postfix) with ESMTPSA id C9F1A2240107; Mon, 24 Mar 2014 17:46:16 +0100 (CET) Message-ID: <53306157.7060309@deployingradius.com> Date: Mon, 24 Mar 2014 12:46:15 -0400 From: Alan DeKok User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228) MIME-Version: 1.0 To: Peter Deacon References: <907DC0B0-6E00-4179-BE37-17C89810A9EC@gmail.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/radext/t9wmR8ao8ZYa2lZdfuC7QTyALoY Cc: "radext@ietf.org" , Jouni Korhonen , "radext-chairs@tools.ietf.org" Subject: Re: [radext] Adoption call for draft-hartman-radext-bigger-packets X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Mar 2014 16:46:21 -0000 Peter Deacon wrote: > I do not support adoption at this time. Seeing value in continuing to > support UDP/DTLS no bridge is available for CoA and Accounting. Noting > also did not support rational in Alex's draft for ignoring this issue > for reasons explained in detail earlier on this list. That is unnecessary, for reasons explained in detail earlier on this list. > If systems are to start transmitting more than max size I prefer a less > permissive environment where some indication of support is required up > front prior to transmitting larger messages. It can be a manual setting > or an automatic "discovery" yet would prefer something "MUST" be indicated. The draft discusses negotiation of large packets, which seems to address the above concerns. Alan DeKok. From nobody Mon Mar 24 09:49:09 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5841A1A026C for ; Mon, 24 Mar 2014 09:49:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.664 X-Spam-Level: X-Spam-Status: No, score=0.664 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, SPF_SOFTFAIL=0.665] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dZjWB6qiv9vk for ; Mon, 24 Mar 2014 09:49:05 -0700 (PDT) Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) by ietfa.amsl.com (Postfix) with ESMTP id 1EC721A0244 for ; Mon, 24 Mar 2014 09:49:03 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.painless-security.com (Postfix) with ESMTP id 23952206C7; Mon, 24 Mar 2014 12:48:48 -0400 (EDT) Received: from mail.painless-security.com ([127.0.0.1]) by localhost (mail.suchdamage.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KSAt_cBR2kIk; Mon, 24 Mar 2014 12:48:47 -0400 (EDT) Received: from carter-zimmerman.suchdamage.org (unknown [10.1.10.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS; Mon, 24 Mar 2014 12:48:47 -0400 (EDT) Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 134BC81B03; Mon, 24 Mar 2014 12:49:00 -0400 (EDT) From: Sam Hartman To: Alan DeKok In-Reply-To: <53306157.7060309@deployingradius.com> (Alan DeKok's message of "Mon, 24 Mar 2014 12:46:15 -0400") References: <907DC0B0-6E00-4179-BE37-17C89810A9EC@gmail.com> <53306157.7060309@deployingradius.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) Date: Mon, 24 Mar 2014 12:49:00 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain Archived-At: http://mailarchive.ietf.org/arch/msg/radext/rGENnKF_AAqYAebMyNrW8jleTpE Cc: "radext@ietf.org" , Jouni Korhonen , Peter Deacon , "radext-chairs@tools.ietf.org" Subject: Re: [radext] Adoption call for draft-hartman-radext-bigger-packets X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Mar 2014 16:49:06 -0000 For the record, I support Alan's response to Peter and after evaluating Peter's concerns still support adopting my draft. --Sam From nobody Mon Mar 24 10:09:15 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35FA51A0254 for ; Mon, 24 Mar 2014 10:09:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.911 X-Spam-Level: X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X4h-0TozY4Ke for ; Mon, 24 Mar 2014 10:09:11 -0700 (PDT) Received: from aspen.internal.iea-software.com (remote.iea-software.com [70.89.142.196]) by ietfa.amsl.com (Postfix) with ESMTP id D5B3A1A024C for ; Mon, 24 Mar 2014 10:09:10 -0700 (PDT) Received: from SMURF.peterd.ws (unverified [10.0.3.195]) by aspen.internal.iea-software.com (Rockliffe SMTPRA 7.0.6) with ESMTP id ; Mon, 24 Mar 2014 10:09:09 -0700 Date: Mon, 24 Mar 2014 10:09:25 -0700 (Pacific Daylight Time) From: Peter Deacon To: Alan DeKok In-Reply-To: <53306157.7060309@deployingradius.com> Message-ID: References: <907DC0B0-6E00-4179-BE37-17C89810A9EC@gmail.com> <53306157.7060309@deployingradius.com> User-Agent: Alpine 2.11 (WNT 23 2013-08-11) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Archived-At: http://mailarchive.ietf.org/arch/msg/radext/xiow94HCp7DrwQyZjH55NdlteHk Cc: "radext@ietf.org" , Jouni Korhonen , "radext-chairs@tools.ietf.org" Subject: Re: [radext] Adoption call for draft-hartman-radext-bigger-packets X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Mar 2014 17:09:13 -0000 On Mon, 24 Mar 2014, Alan DeKok wrote: > Peter Deacon wrote: >> I do not support adoption at this time. Seeing value in continuing to >> support UDP/DTLS no bridge is available for CoA and Accounting. Noting >> also did not support rational in Alex's draft for ignoring this issue >> for reasons explained in detail earlier on this list. > That is unnecessary, for reasons explained in detail earlier on this list. There is no defined mechanism for coalescing accounting sessions. Multi-Session-Id is inter-session rather than intra-session. Binding CoA to authorization is not something we can support seeing value in maintaining autonomy to manage admitted sessions separately from authorization. >> If systems are to start transmitting more than max size I prefer a less >> permissive environment where some indication of support is required up >> front prior to transmitting larger messages. It can be a manual setting >> or an automatic "discovery" yet would prefer something "MUST" be indicated. > The draft discusses negotiation of large packets, which seems to > address the above concerns. A list of optional procedures are defined. What I don't see is where it says one of them must be followed or an implementation must not assume support for larger packets. regards, Peter From nobody Mon Mar 24 10:19:36 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCEC61A0254 for ; Mon, 24 Mar 2014 10:19:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.235 X-Spam-Level: X-Spam-Status: No, score=-1.235 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_SOFTFAIL=0.665] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fHVZ6Xh1Umel for ; Mon, 24 Mar 2014 10:19:33 -0700 (PDT) Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) by ietfa.amsl.com (Postfix) with ESMTP id 5EC9C1A0251 for ; Mon, 24 Mar 2014 10:19:33 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.painless-security.com (Postfix) with ESMTP id 9E3B4206C7; Mon, 24 Mar 2014 13:19:18 -0400 (EDT) Received: from mail.painless-security.com ([127.0.0.1]) by localhost (mail.suchdamage.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2-GB-kBCgOSt; Mon, 24 Mar 2014 13:19:17 -0400 (EDT) Received: from carter-zimmerman.suchdamage.org (unknown [10.1.10.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS; Mon, 24 Mar 2014 13:19:17 -0400 (EDT) Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id ACA5981B03; Mon, 24 Mar 2014 13:19:30 -0400 (EDT) From: Sam Hartman To: Peter Deacon References: <907DC0B0-6E00-4179-BE37-17C89810A9EC@gmail.com> <53306157.7060309@deployingradius.com> Date: Mon, 24 Mar 2014 13:19:30 -0400 In-Reply-To: (Peter Deacon's message of "Mon, 24 Mar 2014 10:09:25 -0700 (Pacific Daylight Time)") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain Archived-At: http://mailarchive.ietf.org/arch/msg/radext/GqF5UjNp8igpm7Qvs7rV3F2EM-E Cc: "radext@ietf.org" , Jouni Korhonen , "radext-chairs@tools.ietf.org" , Alan DeKok Subject: Re: [radext] Adoption call for draft-hartman-radext-bigger-packets X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Mar 2014 17:19:35 -0000 >>>>> "Peter" == Peter Deacon writes: Peter> On Mon, 24 Mar 2014, Alan DeKok wrote: Peter> A list of optional procedures are defined. What I don't see Peter> is where it says one of them must be followed or an Peter> implementation must not assume support for larger packets. I care about a deployment where we will assume sending large packets is supported and where that's reasonable. I've explained in the draft why I think there are cases where this is a reasonable assumption. I've also explained why I think there is no significant harm to the approach outlined in the draft. we are not in agreement on this issue, and the chairs will need to judge consensus on whether a change is required or on whether this should block adoption. thanks for sharing your concern. --Sam From nobody Mon Mar 24 10:20:12 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FF871A0251 for ; Mon, 24 Mar 2014 10:20:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zeAe8GjiYFEH for ; Mon, 24 Mar 2014 10:20:07 -0700 (PDT) Received: from power.freeradius.org (power.freeradius.org [88.190.25.44]) by ietfa.amsl.com (Postfix) with ESMTP id 3F7EA1A026A for ; Mon, 24 Mar 2014 10:20:07 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by power.freeradius.org (Postfix) with ESMTP id 3F09B224017C; Mon, 24 Mar 2014 18:20:06 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at power.freeradius.org Received: from power.freeradius.org ([127.0.0.1]) by localhost (power.freeradius.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ORiK4AdqCavz; Mon, 24 Mar 2014 18:20:05 +0100 (CET) Received: from Thor.local (bas1-ottawa11-1176224686.dsl.bell.ca [70.27.195.174]) by power.freeradius.org (Postfix) with ESMTPSA id 6A807224006A; Mon, 24 Mar 2014 18:20:05 +0100 (CET) Message-ID: <53306944.9090004@deployingradius.com> Date: Mon, 24 Mar 2014 13:20:04 -0400 From: Alan DeKok User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228) MIME-Version: 1.0 To: Peter Deacon References: <907DC0B0-6E00-4179-BE37-17C89810A9EC@gmail.com> <53306157.7060309@deployingradius.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/radext/O7PkPALiIU6-lPLd54KycvzcW4I Cc: "radext@ietf.org" , Jouni Korhonen , "radext-chairs@tools.ietf.org" Subject: Re: [radext] Adoption call for draft-hartman-radext-bigger-packets X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Mar 2014 17:20:08 -0000 Peter Deacon wrote: > There is no defined mechanism for coalescing accounting sessions. Exactly. Doing so is outside of the scope of RADIUS. > Multi-Session-Id is inter-session rather than intra-session. Not the way it's used in 3GPP / WiMAX. Check the list archives. This is the problem with RADIUS. So much is either left unsaid, or is ambiguous. Your assumptions about how *you* use RADIUS don't always translate to how others use it. > Binding CoA to authorization is not something we can support seeing > value in maintaining autonomy to manage admitted sessions separately > from authorization. That's an opinion. >>> If systems are to start transmitting more than max size I prefer a less >>> permissive environment where some indication of support is required up >>> front prior to transmitting larger messages. It can be a manual setting >>> or an automatic "discovery" yet would prefer something "MUST" be >>> indicated. > >> The draft discusses negotiation of large packets, which seems to >> address the above concerns. > > A list of optional procedures are defined. What I don't see is where it > says one of them must be followed or an implementation must not assume > support for larger packets. The draft explicitly discusses negotiation, prior to sending large packets. This directly addresses your concerns. Alan DeKok. From nobody Tue Mar 25 01:29:49 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 562F11A0369 for ; Tue, 25 Mar 2014 01:29:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.61 X-Spam-Level: X-Spam-Status: No, score=-2.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aQ9CFO0-TWUt for ; Tue, 25 Mar 2014 01:29:44 -0700 (PDT) Received: from xenon21.um.es (xenon21.um.es [155.54.212.161]) by ietfa.amsl.com (Postfix) with ESMTP id B09681A013B for ; Tue, 25 Mar 2014 01:29:43 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by xenon21.um.es (Postfix) with ESMTP id A52B43FAB6 for ; Tue, 25 Mar 2014 09:29:41 +0100 (CET) X-Virus-Scanned: by antispam in UMU at xenon21.um.es Received: from xenon21.um.es ([127.0.0.1]) by localhost (xenon21.um.es [127.0.0.1]) (amavisd-new, port 10024) with LMTP id imUGlFjwy8to for ; Tue, 25 Mar 2014 09:29:41 +0100 (CET) Received: from [10.42.0.18] (84.124.131.72.dyn.user.ono.com [84.124.131.72]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: alex) by xenon21.um.es (Postfix) with ESMTPSA id 5FA363F84B for ; Tue, 25 Mar 2014 09:29:40 +0100 (CET) Message-ID: <53313E73.4030502@um.es> Date: Tue, 25 Mar 2014 09:29:39 +0100 From: Alejandro Perez Mendez User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: radext@ietf.org References: <53285DE2.9040802@cisco.com> <035801cf42d2$99464b80$cbd2e280$@augustcellars.com> <5328C172.5080305@deployingradius.com> <53303FB2.8090002@restena.lu> In-Reply-To: <53303FB2.8090002@restena.lu> X-Enigmail-Version: 1.6 Content-Type: multipart/alternative; boundary="------------040604070403080604030700" Archived-At: http://mailarchive.ietf.org/arch/msg/radext/8gtbVo1pdvdbtt9NjCsw8H5Ln-k Subject: Re: [radext] Update RFC 6929 in draft-ietf-radext-radius-fragmentation X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Mar 2014 08:29:47 -0000 This is a multi-part message in MIME format. --------------040604070403080604030700 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit El 24/03/14 15:22, Stefan Winter escribió: > Hello, > > with my shiny new chair hat on: > >>> While it is true that an implementer of 6929 does not need to see this >>> document, it is also true that this document is effectively allocating a >>> bit from a structure that is in that document. If this document does >>> not update 6929, then it is possible that the next document to update >>> that structure will fail to notice this and allocate the same bit for a >>> different purpose. >> I hope we're all smart enough to remember that the bit is allocated. >> If we're not... the WG should be shut down. > I believe it's a bad idea to rely on collective memory or a mailing list > archive. > > So, regardless of what the consensus will be: try an "Updates" or not; > create an IANA registry or not - the fact that a loosely-knit > relationship to RFC6929 exists, and where the pitfalls are, should be > reflected inside the draft itself. > > As for where - I think it helps to keep in mind that that there will be > numerous rounds of reviewing going on after the document has cleared WGLC. > > In particular, the Operations Area will conduct an ops-dir review as > part of the IETF LC. There are very specific questions in the ops-dir > review template, one of which is: > > "Are there any coexistence issues?" > > The probability that an ops-dir reviewer will pick up the T-Bit > allocation coexistence issue during his reading are very high > (especially if the proto write-up mentions this as one of the > contentious points :-) ); so if that issue is not explicitly documented, > it will probably surface at that point, and we'll need to deal with it. > > We can of course wait for that to happen, but I'd rather preempt such a > useless extra round and fix the issue in the draft right now. > > Another question in the ops-dir review is > > "Is an operational considerations and/or manageability section part of > the document?" > > I believe the best way forward is to add such a section to the draft (it > could be a sub-section of Introduction, or be a section of its own). The > section would document what was argued on the mailing list, where the > pitfalls are, and that an "Updates" would be a reasonable possiblity to > avoid them if allowed by process. > > With that text in the document, the WG can then try to use Updates or > not - and the reason for doing so can then be found in the document > itself. If the actual Updates relationship later doesn't fly, the text > highlighting the issue will at least still be in there - and not in > someone's brain or deep down in the ML archives. I realise that the text > then wouldn't necessarily be found by someone implementing a follow-up > spec to RFC6929 due to lack of an Updated-By, but chances are at least > way better. > > (And as an individual: if we have an Operations/Manageability section > anyway at that point - wouldn't it be a good idea to move the "formal > violation of RFC2865" into that section as well? ) I think it is a good idea to have such a section, specially is you think it will be requested by ops-dir reviewers if not present. I would place it as section 10, right before "Security considerations" section, instead of in the Introduction section, to avoid basing the explanations on something that has not been described yet. I also think that the "formal violation..." discussion should be moved here. We could also include the "proxying based on User-Name" restriction too. Regards, Alejandro > > Greetings, > > Stefan Winter > >>> I believe that this update relationship needs to be retained. >> It may be useful, but IETF process may forbid it. >> >> Alan DeKok. >> >> _______________________________________________ >> radext mailing list >> radext@ietf.org >> https://www.ietf.org/mailman/listinfo/radext >> > > > > _______________________________________________ > radext mailing list > radext@ietf.org > https://www.ietf.org/mailman/listinfo/radext --------------040604070403080604030700 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit
El 24/03/14 15:22, Stefan Winter escribió:
Hello,

with my shiny new chair hat on:


While it is true that an implementer of 6929 does not need to see this
document, it is also true that this document is effectively allocating a
bit from a structure that is in that document.  If this document does
not update 6929, then it is possible that the next document to update
that structure will fail to notice this and allocate the same bit for a
different purpose.

  I hope we're all smart enough to remember that the bit is allocated.
If we're not... the WG should be shut down.

I believe it's a bad idea to rely on collective memory or a mailing list
archive.

So, regardless of what the consensus will be: try an "Updates" or not;
create an IANA registry or not - the fact that a loosely-knit
relationship to RFC6929 exists, and where the pitfalls are, should be
reflected inside the draft itself.

As for where - I think it helps to keep in mind that that there will be
numerous rounds of reviewing going on after the document has cleared WGLC.

In particular, the Operations Area will conduct an ops-dir review as
part of the IETF LC. There are very specific questions in the ops-dir
review template, one of which is:

"Are there any coexistence issues?"

The probability that an ops-dir reviewer will pick up the T-Bit
allocation coexistence issue during his reading are very high
(especially if the proto write-up mentions this as one of the
contentious points :-) ); so if that issue is not explicitly documented,
it will probably surface at that point, and we'll need to deal with it.

We can of course wait for that to happen, but I'd rather preempt such a
useless extra round and fix the issue in the draft right now.

Another question in the ops-dir review is

"Is an operational considerations and/or manageability section part of
the document?"

I believe the best way forward is to add such a section to the draft (it
could be a sub-section of Introduction, or be a section of its own). The
section would document what was argued on the mailing list, where the
pitfalls are, and that an "Updates" would be a reasonable possiblity to
avoid them if allowed by process.

With that text in the document, the WG can then try to use Updates or
not - and the reason for doing so can then be found in the document
itself. If the actual Updates relationship later doesn't fly, the text
highlighting the issue will at least still be in there - and not in
someone's brain or deep down in the ML archives. I realise that the text
then wouldn't necessarily be found by someone implementing a follow-up
spec to RFC6929 due to lack of an Updated-By, but chances are at least
way better.

(And as an individual: if we have an Operations/Manageability section
anyway at that point - wouldn't it be a good idea to move the "formal
violation of RFC2865" into that section as well? )

I think it is a good idea to have such a section, specially is you think it will be requested by ops-dir reviewers if not present. I would place it as section 10, right before "Security considerations" section, instead of in the Introduction section, to avoid basing the explanations on something that has not been described yet.

I also think that the "formal violation..." discussion should be moved here. We could also include the "proxying based on User-Name" restriction too.

Regards,
Alejandro

Greetings,

Stefan Winter


I believe that this update relationship needs to be retained.

  It may be useful, but IETF process may forbid it.

  Alan DeKok.

_______________________________________________
radext mailing list
radext@ietf.org
https://www.ietf.org/mailman/listinfo/radext






_______________________________________________
radext mailing list
radext@ietf.org
https://www.ietf.org/mailman/listinfo/radext

--------------040604070403080604030700-- From nobody Tue Mar 25 02:09:15 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 147D61A0386 for ; Tue, 25 Mar 2014 02:09:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.909 X-Spam-Level: X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01, WEIRD_PORT=0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oe4I-DClZUW3 for ; Tue, 25 Mar 2014 02:09:08 -0700 (PDT) Received: from smtprelay.restena.lu (smtprelay.restena.lu [IPv6:2001:a18:1::62]) by ietfa.amsl.com (Postfix) with ESMTP id 769C61A0369 for ; Tue, 25 Mar 2014 02:09:08 -0700 (PDT) Received: from smtprelay.restena.lu (localhost [127.0.0.1]) by smtprelay.restena.lu (Postfix) with ESMTP id B926D10583 for ; Tue, 25 Mar 2014 10:09:06 +0100 (CET) Received: from [IPv6:2001:a18:1:8:921b:eff:fe1b:d2e7] (unknown [IPv6:2001:a18:1:8:921b:eff:fe1b:d2e7]) by smtprelay.restena.lu (Postfix) with ESMTPS id A6D971057E for ; Tue, 25 Mar 2014 10:09:06 +0100 (CET) Message-ID: <53314783.6070802@restena.lu> Date: Tue, 25 Mar 2014 10:08:19 +0100 From: Stefan Winter User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: radext@ietf.org References: <53285DE2.9040802@cisco.com> <035801cf42d2$99464b80$cbd2e280$@augustcellars.com> <5328C172.5080305@deployingradius.com> <53303FB2.8090002@restena.lu> <53313E73.4030502@um.es> In-Reply-To: <53313E73.4030502@um.es> X-Enigmail-Version: 1.6 OpenPGP: id=8A39DC66; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="xrUW87ec0WFb2CeMkOA2etWpb009qOxCc" X-Virus-Scanned: ClamAV Archived-At: http://mailarchive.ietf.org/arch/msg/radext/PjRidLEM-r_RYNkHDIL4pcFCarY Subject: Re: [radext] Update RFC 6929 in draft-ietf-radext-radius-fragmentation X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Mar 2014 09:09:11 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --xrUW87ec0WFb2CeMkOA2etWpb009qOxCc Content-Type: multipart/mixed; boundary="------------000704070709050900020801" This is a multi-part message in MIME format. --------------000704070709050900020801 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hi, > I think it is a good idea to have such a section, specially is you thin= k > it will be requested by ops-dir reviewers if not present. I would place= > it as section 10, right before "Security considerations" section, > instead of in the Introduction section, to avoid basing the explanation= s > on something that has not been described yet. Great, please go ahead. > I also think that the "formal violation..." discussion should be moved > here. We could also include the "proxying based on User-Name" > restriction too. Sounds like a reasonable move to me. Note that none of this removes the need for the working group to settle on the questions: - should we try to achieve an "Updates" relationship to RFC6929? - should there be an IANA registry for the flags of extended attributes? Greetings, Stefan Winter >=20 > Regards, > Alejandro >> >> Greetings, >> >> Stefan Winter >> >>>> I believe that this update relationship needs to be retained. >>> It may be useful, but IETF process may forbid it. >>> >>> Alan DeKok. >>> >>> _______________________________________________ >>> radext mailing list >>> radext@ietf.org >>> https://www.ietf.org/mailman/listinfo/radext >>> >> >> >> >> _______________________________________________ >> radext mailing list >> radext@ietf.org >> https://www.ietf.org/mailman/listinfo/radext >=20 >=20 >=20 > _______________________________________________ > radext mailing list > radext@ietf.org > https://www.ietf.org/mailman/listinfo/radext >=20 --=20 Stefan WINTER Ingenieur de Recherche Fondation RESTENA - R=E9seau T=E9l=E9informatique de l'Education National= e et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473 PGP key updated to 4096 Bit RSA - I will encrypt all mails if the recipient's key is known to me http://pgp.mit.edu:11371/pks/lookup?op=3Dget&search=3D0xC0DE6A358A39DC66 --------------000704070709050900020801 Content-Type: application/pgp-keys; name="0x8A39DC66.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x8A39DC66.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.22 (GNU/Linux) mQINBFIplEwBEADTSz+DS8nio+RSvfSLLfaOnCGi1nqpn8Pb1laVUyEvnAAzZ5je miS88GxfiDH6hUGlWzcaW0hCfUHGiohr485adbjxRksPngWgAt/1bRxpifsW3zOb Fjgog01WWQV5Sihlwc4zr8zvYbFA5BJZ6YdkR9C5J015riv5OS30WTjA65SSXgYr b7zJWPwmegTFwE093uBFvC39waz3xYpVu5j87nO6w2MVQt/8sY2/2BFPEq+xfOaj l18UEwc7w8SCgnZdlVNcmEK4UBvJuwS/1lsR2JeQa8Gu1EDxC7PRgMgNXsDSWnnB e9aVmfG54+6ILe1QH2dwk9sPBQT5w2+vjijrb3Dv9ur+1kN+TNU2XE436jVpnnY/ 3OsLdix30STQn4Q/XOm7YoVMeDwwviefilRxzK0dXA+wKj92T68Od82CFxuZqPAg BCVmWfQM91iK9piqFK+QP+R3vF6+NGDBdwbe68iVKs0v5L8XmbxBQndjpmo+lo2a smBR2TAIfZHaKdgtBw13u3GPVVKlg/Mpko8ki9JOSem2aFyi3kQEVKptWgXT3POl 97DWJzsR5VyKz6GOx9kJAEISRyLZwm0wqh8+9LCza5oeIKW381lzq1b9x30vOh8C BSQQJ+cG9ko0yPHAj7Suw2TmPXx1qMctmE6Ahq82ZW30SljdZby8WQuR2wARAQAB tDxTdGVmYW4gV2ludGVyIChSRVNURU5BIGtleSAyMDEzKykgPHN0ZWZhbi53aW50 ZXJAcmVzdGVuYS5sdT6JAjkEEwECACMFAlIplEwCGwMHCwkIBwMCAQYVCAIJCgsE FgIDAQIeAQIXgAAKCRDA3mo1ijncZj7/D/99hVS+mJr8dSPCaDaUFFxBiT2eI1Lo R8VKEerTCRw5BsdL6pN2eRJZ9NmsqWo1ynWVHEzO91bNZ+oZGgyoNohcBAI7p+r0 qUTzkyqwdZO4kMm0pqKoM9xkP3tf2mjGujKjOz4Y7S7wnz2ZFokeUsecoRVJF/++ /qHnmeWLn44J1HUKLHYCjMu+QXGOgGXgz024jQ5eUrnPwzNp0Z90AFVHlWC+bymt y/ToIUUCQqS5Ff0jzdWLd8U695OG9iGvjBQT1LdEjsfbAwuKV5UcnpxNqUpUwKa5 9hdX5/2cMZP07FI1UXwnBlxa8rJfdb13FLjSKX4vUUHedYUZMjMPgcwl1a+zGE22 lHiSQWgP8QLA/W3BLsi22ERCEPZBfexOeOtaWIItDIz18fIaQoMDoRPshzar0JI2 CzLYsyeKySAtYJEHFVoLmMvhkwzBmgqA/BEswUA67CfCr1jFHRXdpmWM7YkyAmMa 9q6LwquWKS5+MXlUXe/3oZUcgpw/T9Uuy3Jo3RdS7B3jFcWaVr6KsO/A9u1gr/aY n5M+iJTQSj4vzqtkQaJTpSspRZoKa66HZt3IwSYiDiYZqtM83ynuj9kjnZzGfnuT aNIi996q6Mptr33mOzIE1wmMqnJYwTr3EcNtf483q/qrJwh5ES8Q9xY7aat/ZcSl 8fKubW4TlfVr8YhGBBARAgAGBQJSKZUGAAoJEPo5vdH/HhVmYTgAn24eoqO/O98o vNpt08Uab/+/tmYKAJ9kjXm9Njz5h33efzeelZUa484rr7kCDQRSKZRMARAAvBPp n7FQq7LQ5glohtbL6XIEo1U4X67S0TzUYieENSWSVYuWYIhCBldmWdmH8Bpj/qHe qdon7v+SLtR4WngzMR9toupKcFfHnbP9kpazTSB2ySHxXWGX1gJOpPXdCcg9iveK BHEsDn00ThTcPsvtXpnnzET16pXIvOXO0bxTmVZ4INIF1SWgvYma/g8kBbgXLpkj 8tOywBqFiiYPEZlDeCxDHiMgUDh6olda9K/0TZFTdMPUgjKuubfAeaDNCOrVt4Rj mFOaRLikcZocmgJhm3z/j25x7/mnNu+0di1H/S67YGQJ+pqCFInzIXDx7aRW2+JC iqsY2X3xOPWZZzjyis5SNnfOcPH3gt2hYz1fy+thsBGf4NgCN01JRqIJ2/MOQCgU dwh+9l8xqaJvCkUHM4hVh4W62MAe1u7UEqQbvvNEqxM5034vcvlE+/LRkrDCspw+ 2YJ9QyroLerVRwW5DVleP8Ifi8VB3yD80nqXYs9aqRy0BkDNIQ43ERhESMt8dJqr NkxgC6pemZrhNwyDh+hy2kPNGQh/iBpdKuH1o3E24TIZoV2v3YHvzob7aAYHddE/ PofAXhJW7I9mAs+HdWDmnI8ckuPDFpFH+Y/BFGvEXgcnJAJ1wEvf+4LuiIi0MHjR 4EWFn9vvoFDAIqD10h3FSd3D59HGtdSsNn4XaCsAEQEAAYkCHwQYAQIACQUCUimU TAIbDAAKCRDA3mo1ijncZhBtEACL036ddjc5pFoYIdoUY1vT8SMXJNquewCnL1qu DADzqDZFU5GNlQEy10krSfBwlTb9ahTtE0JFrOdZwUZtoa1Pgfr8nU6KOgrXPHbN jS/9dyc5CwGVVIpOavIm2CsMVDJ9LCF/NT+u/t1k6eGfHhPVl3dUQyDa/lzc1chK UIVQYQkFmr0A/iXP+29lFCaI+IeyU0bSdZhezDwUROn5vEx+fiPZyHDShCb+BxJv /o2LQp9JHenCiSbO+ioRZdxgbWfoKBuXOfmSStqMWXas/gZ5vS3xq72LNtKPRxgp jX3P8Zml1XDqpcBau7eK75VKE0Yd06YxnUIsbcEzInUc3uzW/u0DFpXYkMJb0XIv JyUt5yYPKfV13N8kSkPi5pLxm8yuftXMzfgeFMR7nafY3glTVj/TxElzg6xeZNqf C2ZjIbBtZg9ylHU8u8wwB+dX282crs0R3N9A064C71/cXlBqcjzjlKH2NUIWGxr+ od3TXFIFjszSU3NgMPKrWNhFLLwS81MpbkOe73s6aDhS8RDyNucoxtKXriLR+4Xi u4+pyj5ukYP1JqpB3ZobY/XZgCnJMye+7xeTpIDJ1LPORxM3NNAElyb26lxAK2P+ km+EpI0Zzz6rNSCfg5jYQ474+e/GBgaSG4MlaPoZ+XAfN46u1Xjjv1/AkkA4IA6m 5zP5og=3D=3D =3D3NUt -----END PGP PUBLIC KEY BLOCK----- --------------000704070709050900020801-- --xrUW87ec0WFb2CeMkOA2etWpb009qOxCc Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCgAGBQJTMUeIAAoJEMDeajWKOdxmzA0P/RP2CRES7toC36g2nvGj+CTw ns06V/rPiyIETtBZaT3HpNCaPfwJGr6guif+NxS3q0XiNPl5CFudiUzvcn2U++aq Sn8A5n0huR8y/b9oQTBgw6a4qTHemum3YOtcV+t6H6H9u5Jgc1xXzDyBCI5rmhUn 3HiduywdmsAGrAqNSxttp7QkJzbTDLafFvhsieVG5Op3L5yDiYoOMLFpEA3pcgGD MYLnxDCPUa37cnle5zyGPS1ArZJXT1gRHTKJYkOjaZaORw8s/ZtKmv6z6r+j75Lo FL4ElbRFo/MAaDBkXmIDZdrZf4mD7PtXIb+RKZj/4YV/5+kDIbZn+O5mNDxbyIk5 JPIwGOz69yjb1oxMPILut4A5cyQQyfxKRLIKC8gAI+MUrEUfsvehcZt3QyoGbVyo ZTm5A3E1v4jVuDs0+FPl9BjXw1rxzcr5dUQaKQ7xaXMe6hY2AaCw1l9948vAW7NQ jnFzQ3hSmKMc3gF30TwpcBEjW+TL6RJwfMtxwM/tSVwCMvFlzQ3UWflpyXr+z2qO 0WtJ4KhuwaMpSmCeel4c/vsYSB+B2XK5DSZEXuJq6SHZW4f0vgxIS2jWrU2R9vmm H7PHB4YqJAIIwdorn2YeN5Hk6i92f1b2DNfHORxV3BemeOqV33CijlqZAbJcmFqN CN5C6aHOXOY4B8krLieW =eWuI -----END PGP SIGNATURE----- --xrUW87ec0WFb2CeMkOA2etWpb009qOxCc-- From nobody Tue Mar 25 02:25:45 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 425BD1A03A3 for ; Tue, 25 Mar 2014 02:25:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.909 X-Spam-Level: X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01, WEIRD_PORT=0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dqrtzcOCL4JJ for ; Tue, 25 Mar 2014 02:25:43 -0700 (PDT) Received: from smtprelay.restena.lu (smtprelay.restena.lu [IPv6:2001:a18:1::62]) by ietfa.amsl.com (Postfix) with ESMTP id A9CEC1A038C for ; Tue, 25 Mar 2014 02:25:42 -0700 (PDT) Received: from smtprelay.restena.lu (localhost [127.0.0.1]) by smtprelay.restena.lu (Postfix) with ESMTP id 6D6B310583 for ; Tue, 25 Mar 2014 10:25:41 +0100 (CET) Received: from [IPv6:2001:a18:1:8:921b:eff:fe1b:d2e7] (unknown [IPv6:2001:a18:1:8:921b:eff:fe1b:d2e7]) by smtprelay.restena.lu (Postfix) with ESMTPS id 60EC01057E for ; Tue, 25 Mar 2014 10:25:41 +0100 (CET) Message-ID: <53314B6B.1060403@restena.lu> Date: Tue, 25 Mar 2014 10:24:59 +0100 From: Stefan Winter User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: "radext@ietf.org" X-Enigmail-Version: 1.6 OpenPGP: id=8A39DC66; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="paOUBrEedMT1NvgX9NmOqkJ9LjDeC9G8r" X-Virus-Scanned: ClamAV Archived-At: http://mailarchive.ietf.org/arch/msg/radext/5by3FNBzXpa2yT4uP0k20MVC1sw Subject: [radext] Nits for draft-ietf-radext-nai-05 X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Mar 2014 09:25:44 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --paOUBrEedMT1NvgX9NmOqkJ9LjDeC9G8r Content-Type: multipart/mixed; boundary="------------000701070001030701070408" This is a multi-part message in MIME format. --------------000701070001030701070408 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hello, I'm currently in the process of writing the PROTO Write-Up for draft-ietf-radext-nai-05. I found some nits and have a few questions; in their entirety, IMO these warrant a re-spin of an -06 version. I've submitted them to TRAC grouped into separate classes of comments. Greetings, Stefan Winter --=20 Stefan WINTER Ingenieur de Recherche Fondation RESTENA - R=E9seau T=E9l=E9informatique de l'Education National= e et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473 PGP key updated to 4096 Bit RSA - I will encrypt all mails if the recipient's key is known to me http://pgp.mit.edu:11371/pks/lookup?op=3Dget&search=3D0xC0DE6A358A39DC66 --------------000701070001030701070408 Content-Type: application/pgp-keys; name="0x8A39DC66.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x8A39DC66.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.22 (GNU/Linux) mQINBFIplEwBEADTSz+DS8nio+RSvfSLLfaOnCGi1nqpn8Pb1laVUyEvnAAzZ5je miS88GxfiDH6hUGlWzcaW0hCfUHGiohr485adbjxRksPngWgAt/1bRxpifsW3zOb Fjgog01WWQV5Sihlwc4zr8zvYbFA5BJZ6YdkR9C5J015riv5OS30WTjA65SSXgYr b7zJWPwmegTFwE093uBFvC39waz3xYpVu5j87nO6w2MVQt/8sY2/2BFPEq+xfOaj l18UEwc7w8SCgnZdlVNcmEK4UBvJuwS/1lsR2JeQa8Gu1EDxC7PRgMgNXsDSWnnB e9aVmfG54+6ILe1QH2dwk9sPBQT5w2+vjijrb3Dv9ur+1kN+TNU2XE436jVpnnY/ 3OsLdix30STQn4Q/XOm7YoVMeDwwviefilRxzK0dXA+wKj92T68Od82CFxuZqPAg BCVmWfQM91iK9piqFK+QP+R3vF6+NGDBdwbe68iVKs0v5L8XmbxBQndjpmo+lo2a smBR2TAIfZHaKdgtBw13u3GPVVKlg/Mpko8ki9JOSem2aFyi3kQEVKptWgXT3POl 97DWJzsR5VyKz6GOx9kJAEISRyLZwm0wqh8+9LCza5oeIKW381lzq1b9x30vOh8C BSQQJ+cG9ko0yPHAj7Suw2TmPXx1qMctmE6Ahq82ZW30SljdZby8WQuR2wARAQAB tDxTdGVmYW4gV2ludGVyIChSRVNURU5BIGtleSAyMDEzKykgPHN0ZWZhbi53aW50 ZXJAcmVzdGVuYS5sdT6JAjkEEwECACMFAlIplEwCGwMHCwkIBwMCAQYVCAIJCgsE FgIDAQIeAQIXgAAKCRDA3mo1ijncZj7/D/99hVS+mJr8dSPCaDaUFFxBiT2eI1Lo R8VKEerTCRw5BsdL6pN2eRJZ9NmsqWo1ynWVHEzO91bNZ+oZGgyoNohcBAI7p+r0 qUTzkyqwdZO4kMm0pqKoM9xkP3tf2mjGujKjOz4Y7S7wnz2ZFokeUsecoRVJF/++ /qHnmeWLn44J1HUKLHYCjMu+QXGOgGXgz024jQ5eUrnPwzNp0Z90AFVHlWC+bymt y/ToIUUCQqS5Ff0jzdWLd8U695OG9iGvjBQT1LdEjsfbAwuKV5UcnpxNqUpUwKa5 9hdX5/2cMZP07FI1UXwnBlxa8rJfdb13FLjSKX4vUUHedYUZMjMPgcwl1a+zGE22 lHiSQWgP8QLA/W3BLsi22ERCEPZBfexOeOtaWIItDIz18fIaQoMDoRPshzar0JI2 CzLYsyeKySAtYJEHFVoLmMvhkwzBmgqA/BEswUA67CfCr1jFHRXdpmWM7YkyAmMa 9q6LwquWKS5+MXlUXe/3oZUcgpw/T9Uuy3Jo3RdS7B3jFcWaVr6KsO/A9u1gr/aY n5M+iJTQSj4vzqtkQaJTpSspRZoKa66HZt3IwSYiDiYZqtM83ynuj9kjnZzGfnuT aNIi996q6Mptr33mOzIE1wmMqnJYwTr3EcNtf483q/qrJwh5ES8Q9xY7aat/ZcSl 8fKubW4TlfVr8YhGBBARAgAGBQJSKZUGAAoJEPo5vdH/HhVmYTgAn24eoqO/O98o vNpt08Uab/+/tmYKAJ9kjXm9Njz5h33efzeelZUa484rr7kCDQRSKZRMARAAvBPp n7FQq7LQ5glohtbL6XIEo1U4X67S0TzUYieENSWSVYuWYIhCBldmWdmH8Bpj/qHe qdon7v+SLtR4WngzMR9toupKcFfHnbP9kpazTSB2ySHxXWGX1gJOpPXdCcg9iveK BHEsDn00ThTcPsvtXpnnzET16pXIvOXO0bxTmVZ4INIF1SWgvYma/g8kBbgXLpkj 8tOywBqFiiYPEZlDeCxDHiMgUDh6olda9K/0TZFTdMPUgjKuubfAeaDNCOrVt4Rj mFOaRLikcZocmgJhm3z/j25x7/mnNu+0di1H/S67YGQJ+pqCFInzIXDx7aRW2+JC iqsY2X3xOPWZZzjyis5SNnfOcPH3gt2hYz1fy+thsBGf4NgCN01JRqIJ2/MOQCgU dwh+9l8xqaJvCkUHM4hVh4W62MAe1u7UEqQbvvNEqxM5034vcvlE+/LRkrDCspw+ 2YJ9QyroLerVRwW5DVleP8Ifi8VB3yD80nqXYs9aqRy0BkDNIQ43ERhESMt8dJqr NkxgC6pemZrhNwyDh+hy2kPNGQh/iBpdKuH1o3E24TIZoV2v3YHvzob7aAYHddE/ PofAXhJW7I9mAs+HdWDmnI8ckuPDFpFH+Y/BFGvEXgcnJAJ1wEvf+4LuiIi0MHjR 4EWFn9vvoFDAIqD10h3FSd3D59HGtdSsNn4XaCsAEQEAAYkCHwQYAQIACQUCUimU TAIbDAAKCRDA3mo1ijncZhBtEACL036ddjc5pFoYIdoUY1vT8SMXJNquewCnL1qu DADzqDZFU5GNlQEy10krSfBwlTb9ahTtE0JFrOdZwUZtoa1Pgfr8nU6KOgrXPHbN jS/9dyc5CwGVVIpOavIm2CsMVDJ9LCF/NT+u/t1k6eGfHhPVl3dUQyDa/lzc1chK UIVQYQkFmr0A/iXP+29lFCaI+IeyU0bSdZhezDwUROn5vEx+fiPZyHDShCb+BxJv /o2LQp9JHenCiSbO+ioRZdxgbWfoKBuXOfmSStqMWXas/gZ5vS3xq72LNtKPRxgp jX3P8Zml1XDqpcBau7eK75VKE0Yd06YxnUIsbcEzInUc3uzW/u0DFpXYkMJb0XIv JyUt5yYPKfV13N8kSkPi5pLxm8yuftXMzfgeFMR7nafY3glTVj/TxElzg6xeZNqf C2ZjIbBtZg9ylHU8u8wwB+dX282crs0R3N9A064C71/cXlBqcjzjlKH2NUIWGxr+ od3TXFIFjszSU3NgMPKrWNhFLLwS81MpbkOe73s6aDhS8RDyNucoxtKXriLR+4Xi u4+pyj5ukYP1JqpB3ZobY/XZgCnJMye+7xeTpIDJ1LPORxM3NNAElyb26lxAK2P+ km+EpI0Zzz6rNSCfg5jYQ474+e/GBgaSG4MlaPoZ+XAfN46u1Xjjv1/AkkA4IA6m 5zP5og=3D=3D =3D3NUt -----END PGP PUBLIC KEY BLOCK----- --------------000701070001030701070408-- --paOUBrEedMT1NvgX9NmOqkJ9LjDeC9G8r Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCgAGBQJTMUtrAAoJEMDeajWKOdxm3FkP/3Hsb+16Q3NkpCZWa8J898R1 Inj9M14hM5OujsDdw7g9DsR+dAjfICZ1XVlSImu+xrSPg6NcHt/uK8tfxPg6q+zr rJzR+WbHKnYLTD6u2gTAxO2sSTBdFdqW5VeTCNUO98P0YQtOcT7JwK6NtUrMGa28 IsxfxESiBVWzJhQYe37EQEnwL4OLCtVn3kxcGEF18ECuKJRdPQHs43LHDd2dcx/6 pKQJaFrnBEPYXfRCOOcHoF/6pHh1vKa5I2S6WHjD/lkqy8azppF7YI1f/ZCsYSHn doiTMXRWu891Onqt06j2zggqCGrcNnAnf0NSFqNHxj1ziuUM9ysOJu+H01Juairg xj6PRomkAZJ0AuB8+juPaNT+Nr7io3m6CAM4cTrdhgX+6ME43LY/o/UlesAZSobc w5o6owwXy6BCcdy0JATMsdjN7KR6MYBwdeo+C91+JgrJb0kAfjiW3IvtczmvB8Na UWgzUUXe3ht++OZa9qPfHfPwwIBXkMqH0lGewuiaDlBIfIQxW1qPWtFPhI1Yizgy FPOIWfcR0/BuF5nccXNaxCZZV1LSd7kQm60bxWVceQWBAo8FGE3oCckz3z5QT7vZ fFeBVlZlVzB+xsxqvNJ0uaIFP9EcY1QW/pE6g1M7IYAOH978y6jkc6UKSdy4i33K 8bd2cG0Q5HA+5E4U3UMS =L8wq -----END PGP SIGNATURE----- --paOUBrEedMT1NvgX9NmOqkJ9LjDeC9G8r-- From nobody Tue Mar 25 10:23:13 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FC321A01B9 for ; Tue, 25 Mar 2014 10:22:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lS5PBP8PJlnP for ; Tue, 25 Mar 2014 10:22:52 -0700 (PDT) Received: from power.freeradius.org (power.freeradius.org [88.190.25.44]) by ietfa.amsl.com (Postfix) with ESMTP id 1DA131A018D for ; Tue, 25 Mar 2014 10:22:51 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by power.freeradius.org (Postfix) with ESMTP id E5666224011C; Tue, 25 Mar 2014 18:22:18 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at power.freeradius.org Received: from power.freeradius.org ([127.0.0.1]) by localhost (power.freeradius.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XNFkNhdNUgWT; Tue, 25 Mar 2014 18:22:17 +0100 (CET) Received: from Thor.local (bas1-ottawa11-1176224686.dsl.bell.ca [70.27.195.174]) by power.freeradius.org (Postfix) with ESMTPSA id CA020224006A; Tue, 25 Mar 2014 18:22:16 +0100 (CET) Message-ID: <5331BB47.2010100@deployingradius.com> Date: Tue, 25 Mar 2014 13:22:15 -0400 From: Alan DeKok User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228) MIME-Version: 1.0 To: Stefan Winter References: <53314B6B.1060403@restena.lu> In-Reply-To: <53314B6B.1060403@restena.lu> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/radext/EABBJD7viWwja6vCRdqu7D4aKaA Cc: "radext@ietf.org" Subject: Re: [radext] Nits for draft-ietf-radext-nai-05 X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Mar 2014 17:22:54 -0000 Stefan Winter wrote: > I've submitted them to TRAC grouped into separate classes of comments. I see no tickets for radext in trac. i.e. *nothing*. I thought there were a few for the other documents... Alan DeKok. From nobody Tue Mar 25 11:54:15 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FFBF1A01DC for ; Tue, 25 Mar 2014 11:53:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AvFyLBp9g-SV for ; Tue, 25 Mar 2014 11:53:53 -0700 (PDT) Received: from mail-lb0-x22d.google.com (mail-lb0-x22d.google.com [IPv6:2a00:1450:4010:c04::22d]) by ietfa.amsl.com (Postfix) with ESMTP id 82C661A0198 for ; Tue, 25 Mar 2014 11:53:53 -0700 (PDT) Received: by mail-lb0-f173.google.com with SMTP id p9so703773lbv.4 for ; Tue, 25 Mar 2014 11:53:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=yutB/G+F+cV/hgpJow/g0glaKyHdEFJKVyE94CWJ7mk=; b=H/czvNyRhzgVUG9dXMGjRDiSEmVs5mZrO09LN9kkrQ4el7ybk4DfD2b2BJZN6k80VN wy76SteXH9p/SGztz3FL+6QOPl5strSzDmuy7JZfWYYYHUjdh76cI4op38wSoLCUWM13 5iWEA9XscnXZG/qGYo5a8f942LYCMg92BeSI0KZbScpS/rO4B+Ta/V4UhwrnK9Tiu/ei wRHTAfy3sADSH106IIbu4TGtCutMuL46MdH5XuEYA/yIHXsUky1CnrrFvFd/q1CR25ID /P2l7XZNEcvOmKZi5/ZtV/i4r9C6S+gfsj6VLS/tXMLuWtrh/CYvbgKvjMYUf6kLeOCM 4a6Q== X-Received: by 10.112.61.199 with SMTP id s7mr4101703lbr.25.1395773631560; Tue, 25 Mar 2014 11:53:51 -0700 (PDT) Received: from [188.117.15.107] ([188.117.15.107]) by mx.google.com with ESMTPSA id kz7sm17478183lab.16.2014.03.25.11.53.47 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 25 Mar 2014 11:53:48 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) From: Jouni Korhonen In-Reply-To: <75B21D97-8EC2-4321-9675-D75227527AC5@gmail.com> Date: Tue, 25 Mar 2014 20:53:50 +0200 Content-Transfer-Encoding: 7bit Message-Id: References: <75B21D97-8EC2-4321-9675-D75227527AC5@gmail.com> To: "radext@ietf.org" X-Mailer: Apple Mail (2.1510) Archived-At: http://mailarchive.ietf.org/arch/msg/radext/2CkETtrKAlFQccYk9eSNVWCox8A Cc: "radext-chairs@tools.ietf.org" Subject: Re: [radext] WGLC for draft-ietf-radext-dynamic-discovery X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Mar 2014 18:53:55 -0000 Seems that we are done with this I-D. The next step will be proto write-up and moving it out the WG. - Jouni & Stefan On Mar 18, 2014, at 6:15 AM, Jouni Korhonen wrote: > Folks, > > As mentioned during the London WG meeting we'll have another > quick WGLC for draft-ietf-radext-dynamic-discovery I-D. This > email starts a one week WGLC. The WGLC end 25th March. Voice > your comments on the list and document them also into the > issue tracker. Silence is counted as an acceptance of the > current I-D as-is. > > - Jouni & Stefan From nobody Tue Mar 25 12:53:04 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABB4E1A0235 for ; Tue, 25 Mar 2014 12:52:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 64bLBNA7dP5a for ; Tue, 25 Mar 2014 12:52:42 -0700 (PDT) Received: from power.freeradius.org (power.freeradius.org [88.190.25.44]) by ietfa.amsl.com (Postfix) with ESMTP id 9F71E1A0232 for ; Tue, 25 Mar 2014 12:52:42 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by power.freeradius.org (Postfix) with ESMTP id BF6602240145; Tue, 25 Mar 2014 20:52:10 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at power.freeradius.org Received: from power.freeradius.org ([127.0.0.1]) by localhost (power.freeradius.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kR9H8Y5eQfqc; Tue, 25 Mar 2014 20:52:10 +0100 (CET) Received: from Thor.local (bas1-ottawa11-1176224686.dsl.bell.ca [70.27.195.174]) by power.freeradius.org (Postfix) with ESMTPSA id 3EE06224006A; Tue, 25 Mar 2014 20:52:10 +0100 (CET) Message-ID: <5331DE69.3080009@deployingradius.com> Date: Tue, 25 Mar 2014 15:52:09 -0400 From: Alan DeKok User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228) MIME-Version: 1.0 To: Stefan Winter References: <53285DE2.9040802@cisco.com> <035801cf42d2$99464b80$cbd2e280$@augustcellars.com> <5328C172.5080305@deployingradius.com> <53303FB2.8090002@restena.lu> <53313E73.4030502@um.es> <53314783.6070802@restena.lu> In-Reply-To: <53314783.6070802@restena.lu> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/radext/PiqXlrnkyt8kyfza4MTZkwNBLaQ Cc: radext@ietf.org Subject: Re: [radext] Update RFC 6929 in draft-ietf-radext-radius-fragmentation X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Mar 2014 19:52:45 -0000 Stefan Winter wrote: > Note that none of this removes the need for the working group to settle > on the questions: > > - should we try to achieve an "Updates" relationship to RFC6929? I'm OK with or without the "Updates". It would probably be best to have it, unless the IETF process forbids Experimental drafts from updating Standards track documents. > - should there be an IANA registry for the flags of extended attributes? If we have an "Updates", there's no need. Because people would be expected to read the docs. If we don't have an "Updates", maybe. RFC 6929 marks the reserved fields as allocated via IETF consensus. So anyone uses the excuse of "no IANA registry" to "poach" on them is 100% at fault. For IETF consensus, I hope that the WG can track 2 documents, and ensure that any new specification doesn't overlap with the fragmentation doc. Alan DeKok. From nobody Tue Mar 25 13:57:58 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B174D1A0265 for ; Tue, 25 Mar 2014 13:57:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, WEIRD_PORT=0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ifqz_3nb8e80 for ; Tue, 25 Mar 2014 13:57:55 -0700 (PDT) Received: from smtp3.pacifier.net (smtp3.pacifier.net [64.255.237.177]) by ietfa.amsl.com (Postfix) with ESMTP id BD0801A0262 for ; Tue, 25 Mar 2014 13:57:55 -0700 (PDT) Received: from Philemon (static-50-34-22-58.evrt.wa.frontiernet.net [50.34.22.58]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp3.pacifier.net (Postfix) with ESMTPSA id 2E76838F20; Tue, 25 Mar 2014 13:57:54 -0700 (PDT) From: "Jim Schaad" To: "'Stefan Winter'" , References: <53285DE2.9040802@cisco.com> <035801cf42d2$99464b80$cbd2e280$@augustcellars.com> <5328C172.5080305@deployingradius.com> <53303FB2.8090002@restena.lu> <53313E73.4030502@um.es> <53314783.6070802@restena.lu> In-Reply-To: <53314783.6070802@restena.lu> Date: Tue, 25 Mar 2014 13:56:03 -0700 Message-ID: <082b01cf486c$a2e18430$e8a48c90$@augustcellars.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQHG4DswLDcHlHX0C+rPNIfO2Yg3wAI7OYFVActqnzUBuwTcfwGFM9EvA0O7iyaarsPEMA== Content-Language: en-us Archived-At: http://mailarchive.ietf.org/arch/msg/radext/bv_p3zB8xewweXpFMenQV0F_0iI Subject: Re: [radext] Update RFC 6929 in draft-ietf-radext-radius-fragmentation X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Mar 2014 20:57:57 -0000 > -----Original Message----- > From: radext [mailto:radext-bounces@ietf.org] On Behalf Of Stefan = Winter > Sent: Tuesday, March 25, 2014 2:08 AM > To: radext@ietf.org > Subject: Re: [radext] Update RFC 6929 in draft-ietf-radext-radius- > fragmentation >=20 > Hi, >=20 > > I think it is a good idea to have such a section, specially is you > > think it will be requested by ops-dir reviewers if not present. I > > would place it as section 10, right before "Security considerations" > > section, instead of in the Introduction section, to avoid basing the > > explanations on something that has not been described yet. >=20 > Great, please go ahead. >=20 > > I also think that the "formal violation..." discussion should be = moved > > here. We could also include the "proxying based on User-Name" > > restriction too. >=20 > Sounds like a reasonable move to me. >=20 > Note that none of this removes the need for the working group to = settle on > the questions: >=20 > - should we try to achieve an "Updates" relationship to RFC6929? yes > - should there be an IANA registry for the flags of extended = attributes? no - unless the updates fails for some reason. A registry seems like overkill unless we think there are going to be a number of updates jim >=20 > Greetings, >=20 > Stefan Winter >=20 > > > > Regards, > > Alejandro > >> > >> Greetings, > >> > >> Stefan Winter > >> > >>>> I believe that this update relationship needs to be retained. > >>> It may be useful, but IETF process may forbid it. > >>> > >>> Alan DeKok. > >>> > >>> _______________________________________________ > >>> radext mailing list > >>> radext@ietf.org > >>> https://www.ietf.org/mailman/listinfo/radext > >>> > >> > >> > >> > >> _______________________________________________ > >> radext mailing list > >> radext@ietf.org > >> https://www.ietf.org/mailman/listinfo/radext > > > > > > > > _______________________________________________ > > radext mailing list > > radext@ietf.org > > https://www.ietf.org/mailman/listinfo/radext > > >=20 >=20 > -- > Stefan WINTER > Ingenieur de Recherche > Fondation RESTENA - R=E9seau T=E9l=E9informatique de l'Education = Nationale et de > la Recherche 6, rue Richard Coudenhove-Kalergi > L-1359 Luxembourg >=20 > Tel: +352 424409 1 > Fax: +352 422473 >=20 > PGP key updated to 4096 Bit RSA - I will encrypt all mails if the recipient's key > is known to me >=20 > = http://pgp.mit.edu:11371/pks/lookup?op=3Dget&search=3D0xC0DE6A358A39DC6 > 6 From nobody Wed Mar 26 05:36:40 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF46E1A0326 for ; Wed, 26 Mar 2014 05:36:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ne9GSj-JkPh0 for ; Wed, 26 Mar 2014 05:36:37 -0700 (PDT) Received: from mail-la0-x233.google.com (mail-la0-x233.google.com [IPv6:2a00:1450:4010:c03::233]) by ietfa.amsl.com (Postfix) with ESMTP id 1B9F81A0324 for ; Wed, 26 Mar 2014 05:36:36 -0700 (PDT) Received: by mail-la0-f51.google.com with SMTP id pv20so1412802lab.24 for ; Wed, 26 Mar 2014 05:36:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=Cv6lPxTWcaMHi5krcfKQiFp4IpodF+yhR/6m+oIN6AE=; b=YCv+DMq0w/R/SlPmxsksHnhQlVJMHs68RXpSEg2yE7j1BFM3M2lZYXiYDQyeGos/Qw jgmPZUQLXeWMw9uC/8ALdS3F+yCfWPvhz4FcEof/2aV8xM6CM5Ml/YLoUng5j1eCVRTP xgRxlHf0tuSDuctwBhXJjgn/NHOXN3gtXRwgWmtvmLoJVAIBxrDJWWF3rhtt96T9A58m kmzk9IukfSc2hfEmoDvy4poEwhDsCoohXWiGHc6ZcTlT8ZjWE7kfbL1AF9MN1GEoc8Rx qeJ6zuOaIILtTUroGxsUZ97tR7nLNUpRxk+eB3MaUCvUd3e500W+k0k4miO7WlAxrF3i Alkg== X-Received: by 10.112.137.5 with SMTP id qe5mr51578538lbb.16.1395837395077; Wed, 26 Mar 2014 05:36:35 -0700 (PDT) Received: from [188.117.15.107] ([188.117.15.107]) by mx.google.com with ESMTPSA id a2sm13936200lbz.25.2014.03.26.05.36.29 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 26 Mar 2014 05:36:30 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) From: Jouni Korhonen In-Reply-To: <907DC0B0-6E00-4179-BE37-17C89810A9EC@gmail.com> Date: Wed, 26 Mar 2014 14:36:28 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <85876147-8E0A-419A-A6C5-9A8DF2A559C0@gmail.com> References: <907DC0B0-6E00-4179-BE37-17C89810A9EC@gmail.com> To: "radext@ietf.org" X-Mailer: Apple Mail (2.1510) Archived-At: http://mailarchive.ietf.org/arch/msg/radext/B1XYCu2PVjubjZu3JuF6cl5xC-E Cc: "radext-chairs@tools.ietf.org" Subject: Re: [radext] Adoption call for draft-hartman-radext-bigger-packets X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Mar 2014 12:36:38 -0000 Folks, The adoption call has ended for this I-D. I recon there is some voices against the adoption. However, the chairs still think the positive feedback we got in London and also on the list favours for the adoption. - Jouni & Stefan On Mar 18, 2014, at 5:48 AM, Jouni Korhonen = wrote: > Folks, >=20 > We had good support to adopt draft-hartman-radext-bigger-packets I-D = as a WG > item during the London WG meeting. However, we need to confirm the = adoption > in the mailing list. This mail starts a one week adoption call for the = I-D. >=20 > If you are against the adoption, voice your opinion and why. Silence = is > counted as an acceptance. The call ends 25th March. >=20 > - Jouni & Stefan >=20 From nobody Thu Mar 27 00:47:42 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 038301A02A3 for ; Thu, 27 Mar 2014 00:47:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.909 X-Spam-Level: X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01, WEIRD_PORT=0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FvebO6xCyz1J for ; Thu, 27 Mar 2014 00:47:38 -0700 (PDT) Received: from smtprelay.restena.lu (smtprelay.restena.lu [IPv6:2001:a18:1::62]) by ietfa.amsl.com (Postfix) with ESMTP id 8DC3D1A029D for ; Thu, 27 Mar 2014 00:47:37 -0700 (PDT) Received: from smtprelay.restena.lu (localhost [127.0.0.1]) by smtprelay.restena.lu (Postfix) with ESMTP id 810191058A; Thu, 27 Mar 2014 08:47:35 +0100 (CET) Received: from [IPv6:2001:a18:1:8:921b:eff:fe1b:d2e7] (unknown [IPv6:2001:a18:1:8:921b:eff:fe1b:d2e7]) by smtprelay.restena.lu (Postfix) with ESMTPS id 6C02C10589; Thu, 27 Mar 2014 08:47:35 +0100 (CET) Message-ID: <5333D76A.4000908@restena.lu> Date: Thu, 27 Mar 2014 08:46:50 +0100 From: Stefan Winter User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Alan DeKok References: <53314B6B.1060403@restena.lu> <5331BB47.2010100@deployingradius.com> In-Reply-To: <5331BB47.2010100@deployingradius.com> X-Enigmail-Version: 1.6 OpenPGP: id=8A39DC66; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="U1F37r7A63BdniMM5XG5HFNAurDWu99Fx" X-Virus-Scanned: ClamAV Archived-At: http://mailarchive.ietf.org/arch/msg/radext/pigZb8jW6bEFmFvx1N8vq3Nxl0M Cc: "radext@ietf.org" Subject: Re: [radext] Nits for draft-ietf-radext-nai-05 X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Mar 2014 07:47:41 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --U1F37r7A63BdniMM5XG5HFNAurDWu99Fx Content-Type: multipart/mixed; boundary="------------070709020601050106040906" This is a multi-part message in MIME format. --------------070709020601050106040906 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hi, >> I've submitted them to TRAC grouped into separate classes of comments.= >=20 > I see no tickets for radext in trac. i.e. *nothing*. >=20 > I thought there were a few for the other documents... I saw them after submitting, even after logging out and looking as an unauthenticated user. Jouni did not see any at no point in time. So I opened a ticket with ietf-action - no response, and today, I also don't see a single ticket. Something must be very odd around TRAC right now. I'm investigating this further ... I would appreciate if my ticket's contents were *not* lost. :-( Greetings, Stefan Winter --=20 Stefan WINTER Ingenieur de Recherche Fondation RESTENA - R=E9seau T=E9l=E9informatique de l'Education National= e et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473 PGP key updated to 4096 Bit RSA - I will encrypt all mails if the recipient's key is known to me http://pgp.mit.edu:11371/pks/lookup?op=3Dget&search=3D0xC0DE6A358A39DC66 --------------070709020601050106040906 Content-Type: application/pgp-keys; name="0x8A39DC66.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x8A39DC66.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.22 (GNU/Linux) mQINBFIplEwBEADTSz+DS8nio+RSvfSLLfaOnCGi1nqpn8Pb1laVUyEvnAAzZ5je miS88GxfiDH6hUGlWzcaW0hCfUHGiohr485adbjxRksPngWgAt/1bRxpifsW3zOb Fjgog01WWQV5Sihlwc4zr8zvYbFA5BJZ6YdkR9C5J015riv5OS30WTjA65SSXgYr b7zJWPwmegTFwE093uBFvC39waz3xYpVu5j87nO6w2MVQt/8sY2/2BFPEq+xfOaj l18UEwc7w8SCgnZdlVNcmEK4UBvJuwS/1lsR2JeQa8Gu1EDxC7PRgMgNXsDSWnnB e9aVmfG54+6ILe1QH2dwk9sPBQT5w2+vjijrb3Dv9ur+1kN+TNU2XE436jVpnnY/ 3OsLdix30STQn4Q/XOm7YoVMeDwwviefilRxzK0dXA+wKj92T68Od82CFxuZqPAg BCVmWfQM91iK9piqFK+QP+R3vF6+NGDBdwbe68iVKs0v5L8XmbxBQndjpmo+lo2a smBR2TAIfZHaKdgtBw13u3GPVVKlg/Mpko8ki9JOSem2aFyi3kQEVKptWgXT3POl 97DWJzsR5VyKz6GOx9kJAEISRyLZwm0wqh8+9LCza5oeIKW381lzq1b9x30vOh8C BSQQJ+cG9ko0yPHAj7Suw2TmPXx1qMctmE6Ahq82ZW30SljdZby8WQuR2wARAQAB tDxTdGVmYW4gV2ludGVyIChSRVNURU5BIGtleSAyMDEzKykgPHN0ZWZhbi53aW50 ZXJAcmVzdGVuYS5sdT6JAjkEEwECACMFAlIplEwCGwMHCwkIBwMCAQYVCAIJCgsE FgIDAQIeAQIXgAAKCRDA3mo1ijncZj7/D/99hVS+mJr8dSPCaDaUFFxBiT2eI1Lo R8VKEerTCRw5BsdL6pN2eRJZ9NmsqWo1ynWVHEzO91bNZ+oZGgyoNohcBAI7p+r0 qUTzkyqwdZO4kMm0pqKoM9xkP3tf2mjGujKjOz4Y7S7wnz2ZFokeUsecoRVJF/++ /qHnmeWLn44J1HUKLHYCjMu+QXGOgGXgz024jQ5eUrnPwzNp0Z90AFVHlWC+bymt y/ToIUUCQqS5Ff0jzdWLd8U695OG9iGvjBQT1LdEjsfbAwuKV5UcnpxNqUpUwKa5 9hdX5/2cMZP07FI1UXwnBlxa8rJfdb13FLjSKX4vUUHedYUZMjMPgcwl1a+zGE22 lHiSQWgP8QLA/W3BLsi22ERCEPZBfexOeOtaWIItDIz18fIaQoMDoRPshzar0JI2 CzLYsyeKySAtYJEHFVoLmMvhkwzBmgqA/BEswUA67CfCr1jFHRXdpmWM7YkyAmMa 9q6LwquWKS5+MXlUXe/3oZUcgpw/T9Uuy3Jo3RdS7B3jFcWaVr6KsO/A9u1gr/aY n5M+iJTQSj4vzqtkQaJTpSspRZoKa66HZt3IwSYiDiYZqtM83ynuj9kjnZzGfnuT aNIi996q6Mptr33mOzIE1wmMqnJYwTr3EcNtf483q/qrJwh5ES8Q9xY7aat/ZcSl 8fKubW4TlfVr8YhGBBARAgAGBQJSKZUGAAoJEPo5vdH/HhVmYTgAn24eoqO/O98o vNpt08Uab/+/tmYKAJ9kjXm9Njz5h33efzeelZUa484rr7kCDQRSKZRMARAAvBPp n7FQq7LQ5glohtbL6XIEo1U4X67S0TzUYieENSWSVYuWYIhCBldmWdmH8Bpj/qHe qdon7v+SLtR4WngzMR9toupKcFfHnbP9kpazTSB2ySHxXWGX1gJOpPXdCcg9iveK BHEsDn00ThTcPsvtXpnnzET16pXIvOXO0bxTmVZ4INIF1SWgvYma/g8kBbgXLpkj 8tOywBqFiiYPEZlDeCxDHiMgUDh6olda9K/0TZFTdMPUgjKuubfAeaDNCOrVt4Rj mFOaRLikcZocmgJhm3z/j25x7/mnNu+0di1H/S67YGQJ+pqCFInzIXDx7aRW2+JC iqsY2X3xOPWZZzjyis5SNnfOcPH3gt2hYz1fy+thsBGf4NgCN01JRqIJ2/MOQCgU dwh+9l8xqaJvCkUHM4hVh4W62MAe1u7UEqQbvvNEqxM5034vcvlE+/LRkrDCspw+ 2YJ9QyroLerVRwW5DVleP8Ifi8VB3yD80nqXYs9aqRy0BkDNIQ43ERhESMt8dJqr NkxgC6pemZrhNwyDh+hy2kPNGQh/iBpdKuH1o3E24TIZoV2v3YHvzob7aAYHddE/ PofAXhJW7I9mAs+HdWDmnI8ckuPDFpFH+Y/BFGvEXgcnJAJ1wEvf+4LuiIi0MHjR 4EWFn9vvoFDAIqD10h3FSd3D59HGtdSsNn4XaCsAEQEAAYkCHwQYAQIACQUCUimU TAIbDAAKCRDA3mo1ijncZhBtEACL036ddjc5pFoYIdoUY1vT8SMXJNquewCnL1qu DADzqDZFU5GNlQEy10krSfBwlTb9ahTtE0JFrOdZwUZtoa1Pgfr8nU6KOgrXPHbN jS/9dyc5CwGVVIpOavIm2CsMVDJ9LCF/NT+u/t1k6eGfHhPVl3dUQyDa/lzc1chK UIVQYQkFmr0A/iXP+29lFCaI+IeyU0bSdZhezDwUROn5vEx+fiPZyHDShCb+BxJv /o2LQp9JHenCiSbO+ioRZdxgbWfoKBuXOfmSStqMWXas/gZ5vS3xq72LNtKPRxgp jX3P8Zml1XDqpcBau7eK75VKE0Yd06YxnUIsbcEzInUc3uzW/u0DFpXYkMJb0XIv JyUt5yYPKfV13N8kSkPi5pLxm8yuftXMzfgeFMR7nafY3glTVj/TxElzg6xeZNqf C2ZjIbBtZg9ylHU8u8wwB+dX282crs0R3N9A064C71/cXlBqcjzjlKH2NUIWGxr+ od3TXFIFjszSU3NgMPKrWNhFLLwS81MpbkOe73s6aDhS8RDyNucoxtKXriLR+4Xi u4+pyj5ukYP1JqpB3ZobY/XZgCnJMye+7xeTpIDJ1LPORxM3NNAElyb26lxAK2P+ km+EpI0Zzz6rNSCfg5jYQ474+e/GBgaSG4MlaPoZ+XAfN46u1Xjjv1/AkkA4IA6m 5zP5og=3D=3D =3D3NUt -----END PGP PUBLIC KEY BLOCK----- --------------070709020601050106040906-- --U1F37r7A63BdniMM5XG5HFNAurDWu99Fx Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCgAGBQJTM9dqAAoJEMDeajWKOdxmHewQAKanrMKX0Q27UK9JkNI819rl SMeiPfaJp5YlnlKwFN1LV37DYE0h2VSVyghx8pcAgbdsz6D9zitfYZeLSI9sk4nP +YHYhyykrbl83JEKII8efYhyQekSgH2I1tQfQYOL8eedD5+u+YXUv+meGUlXKAy3 Ly73GYTT8avzMAOApweHPpaEGjvVfpQoHvS6i8VwZEX3lKzlhdF5EirLhLlz675x Qk7/5Uvu2yVe88trYzeo7Hx/BxMkCcnP+HnCqj9dDKnGFP3lQSbTnTOsR/HUO8BG hQ0H53nXijhRhjfdCvgsEt6UMG4qdG6YsM9cwF8HzYUGJqdp6Sh4faQTXYBRUa6a SQr90bj0wdVTbH+MKD2yNSE3t70kEUf+fG4IFymmXMIgP2CEFWXYopYXquEcM7OI LMjNX5K7hM3xytRa91NJ2NRXobc2HeDuuptNIOmLT3dUuJ3hGJm6wrxzZ0RAMDpj d7700/QgZf4VeLw/NDbTYETd14IkwamZtcMDWMk0YFx9mNeWqR5vuiSJAmMgiPpp 6tc+IzeSq3AcRBGrSOb2r3hKdgXag/JtPAdHoJfUaGTTmYDG8fI8oFmY3DicKLbu xUMgjmiw7Ga0PHX9376xQpHsaAm8KcYxVIs3E4zP+cPGO41dWEMphCYgaxiXvX+O KJY0X+dAYUrh3fZbpOMn =d8HP -----END PGP SIGNATURE----- --U1F37r7A63BdniMM5XG5HFNAurDWu99Fx-- From nobody Fri Mar 28 08:31:25 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0DF21A06E3; Fri, 28 Mar 2014 08:31:19 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hKBG6EmyMX5f; Fri, 28 Mar 2014 08:31:18 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 256361A069C; Fri, 28 Mar 2014 08:31:18 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 5.2.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <20140328153118.27807.88288.idtracker@ietfa.amsl.com> Date: Fri, 28 Mar 2014 08:31:18 -0700 Archived-At: http://mailarchive.ietf.org/arch/msg/radext/kB1Q6KwUNrTNJRdZAIajmkaYZwg Cc: radext@ietf.org Subject: [radext] I-D Action: draft-ietf-radext-ieee802ext-12.txt X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Mar 2014 15:31:20 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the RADIUS EXTensions Working Group of the IETF. Title : RADIUS Attributes for IEEE 802 Networks Authors : Bernard Aboba Jouni Malinen Paul Congdon Joseph Salowey Mark Jones Filename : draft-ietf-radext-ieee802ext-12.txt Pages : 27 Date : 2014-03-28 Abstract: RFC 3580 provides guidelines for the use of the Remote Authentication Dialin User Service (RADIUS) within IEEE 802 local area networks (LANs). This document defines additional attributes for use within IEEE 802 networks, as well as clarifying the usage of the EAP-Key- Name attribute and the Called-Station-Id attribute. This document updates RFC 3580 as well as RFC 4072. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-radext-ieee802ext/ There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-radext-ieee802ext-12 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=draft-ietf-radext-ieee802ext-12 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Mon Mar 31 12:07:53 2014 Return-Path: X-Original-To: radext@ietfa.amsl.com Delivered-To: radext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CA831A6F63; Mon, 31 Mar 2014 12:07:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id daPKtLBQGLS1; Mon, 31 Mar 2014 12:07:46 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 773241A6F2A; Mon, 31 Mar 2014 12:07:42 -0700 (PDT) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: The IESG To: IETF-Announce X-Test-IDTracker: no X-IETF-IDTracker: 5.2.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <20140331190742.27869.93147.idtracker@ietfa.amsl.com> Date: Mon, 31 Mar 2014 12:07:42 -0700 Archived-At: http://mailarchive.ietf.org/arch/msg/radext/zK5iz05IuXwe66uQBI4qVScnGKA Cc: radext mailing list , radext chair , RFC Editor Subject: [radext] Protocol Action: 'RADIUS Attributes for IEEE 802 Networks' to Proposed Standard (draft-ietf-radext-ieee802ext-12.txt) X-BeenThere: radext@ietf.org X-Mailman-Version: 2.1.15 List-Id: RADIUS EXTensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Mar 2014 19:07:48 -0000 The IESG has approved the following document: - 'RADIUS Attributes for IEEE 802 Networks' (draft-ietf-radext-ieee802ext-12.txt) as Proposed Standard This document is the product of the RADIUS EXTensions Working Group. The IESG contact persons are Benoit Claise and Joel Jaeggli. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-radext-ieee802ext/ Technical Summary RFC 3580 provides guidelines for the use of the Remote Authentication Dialin User Service (RADIUS) within IEEE 802 local area networks (LANs). This document proposes additional attributes for use within IEEE 802 networks, as well as clarifying the usage of the EAP-Key- Name attribute (updating RFC 4072) and the Called-Station-Id attribute (updating RFC 3580). The attributes defined in this document are usable both within RADIUS and Diameter. Working Group Summary The document has lingered in the RADEXT WG for a long time. There is a solid working group consensus behind the document. Document Quality There are no known full implementations of the document. However, some of the defined attributes are already in use but using either experimental or vendor specific RADIUS attribute Type code space. There are plans for implementations and also 3GPP has a dependency to this document in their Stage-3 specifications and 3GPP is actually waiting for this document to ship. Personnel Jouni Korhonen (jouni.nospam@gmail.com) is the document shepherd. Benoit Claise (bclaise@cisco.com) is the responsible AD.