Re: New Technical Issues RE: WG last call in progress on VLAN/Priority Draft

["Alan DeKok" <aland@ox.org>]

"Avi Lior" <avi@bridgewatersystems.com> wrote:
> I know about policy files and GUIs and XmL and auto code etc...

  Yes, I didn't mean to presume otherwise.  My point was that we
should separate binary code changes from configuration file "code"
changes.  Binary code changes may be complicated and expensive to
deploy.  Configuration file changes can often be done by end users who
know little about the protocol or implementation.

> So whether I end up dealing with the attribute by pressing a few gui
> buttons to add another If rule, or I have to insert a new EAP method or
> Cryptography procedure do deal with the new attribute --- its all code
> change.

  That statement really masks the fact that some code changes are
pretty trivial to do.  Adding new policies based on recently updated
dictionary entries is usually pretty trivial.  Adding support for a
new authentication algorithm is usually non-trivial.

  Dictionaries allow a much more common set of use-cases for "code"
changes to be done trivially.  They follow the maxim of "simple things
should be simple to do".

> In a very simple world yes you can live within the limits of your
> dictionaries but in more complex scenarios, you  have to roll some good
> old fashion  C compiler.

  Agreed.  That's why I said the dictionaries catch the 99% common
case, not 100% of the situations.

  Alan DeKok.


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>