[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: PLEASE READ: RADEXT WG last call in progress on VLAN/Priority Draft
I believe that the document is in pretty good shape, I still have a few
comments which I believe are worth being considered.
Content:
1. [RFC2674] is now obsoleted by [RFC4363]. I suggest to modify this
reference.
2. The supplicant definition in 1.1 says:
A supplicant is an entity that is being authenticated by an
authenticator. The supplicant may be connected to the
authenticator at one end of a point-to-point LAN segment or
802.11 wireless link.
It is not clear why 'point-to-point' is mentioned here seemingly as
opposed to wireless. I believe that the point that is being made is
about connecting to a point-to-point or shared LAN segment. I suggest to
replace this by:
A supplicant is an entity that is being authenticated by an
authenticator. The supplicant may be connected to the
authenticator at one end of a point-to-point or shared LAN
segment
3. I believe that there is at least one other example of security attack
by insertion of attributes with a malicious content that is worth being
mentioned. This is the case when the user priority table is modified
causing either degradation of quality of service by downgrading user
priority of packets arriving at a port, or denial of service by
oversubscribing the switch or link capabilities by raising the level of
priority of traffic at multiple ports of a device.
Editorial:
1. It is recommended that abstract sections expand acronyms with the
exception of the obvious (IP, TCP, etc...). I would say that VLAN and
RADIUS are not in the obvious category.
2. NAS shows up first in section 1.3 and is not expanded.
3. The first phrase in Section 5 seems broken, I read it as the document
being vulnerable, which is not the intent, I believe.
Regards,
Dan
> -----Original Message-----
> From: owner-radiusext@ops.ietf.org
> [mailto:owner-radiusext@ops.ietf.org] On Behalf Of Bernard Aboba
> Sent: Tuesday, March 14, 2006 5:30 PM
> To: radiusext@ops.ietf.org
> Subject: PLEASE READ: RADEXT WG last call in progress on
> VLAN/Priority Draft
>
> There is a RADEXT WG last call in progress on the VLAN and
> Priority Attributes document, prior to sending it on to the
> IESG for consideration as a Proposed Standard.
>
> The document is available here:
> http://www.ietf.org/internet-drafts/draft-ietf-radext-vlan-00.txt
>
> RADEXT WG last call will last until Friday, March 17, 2006.
> Please send your comments to the RADEXT WG mailing list
> (radext@ops.ietf.org) in the format described on the RADEXT
> Issues list:
> http://www.drizzle.com/~aboba/RADEXT/
>
> NOTE: 5 reviews are required for the document to advance as a
> Proposed Standard. If you have read the document, please
> post your opinion to the list, even if you have no issues to file:
>
> So far, only two reviews have been received:
> http://ops.ietf.org/lists/radiusext/2006/msg00169.html
> http://ops.ietf.org/lists/radiusext/2006/msg00225.html
>
>
>
> --
> to unsubscribe send a message to
> radiusext-request@ops.ietf.org with the word 'unsubscribe' in
> a single line as the message text body.
> archive: <http://psg.com/lists/radiusext/>
>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>