[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Comments on draft-ietf-radext-filter-rules-00.txt

To: <radiusext@ops.ietf.org>
Subject: Comments on draft-ietf-radext-filter-rules-00.txt
From: <jouni.korhonen@teliasonera.com>
Date: Wed, 26 Apr 2006 14:48:20 +0200

Hi,

I had a quick look at this draft. Few initial comments:

 o Introduction talks about 'home realm' and in the same
   sentence also about 'local operator'. Maybe changing
   home realm to home operator would be better?

 o Introduction also discusses VLANs. I think that text
   there does not really belong to this draft anymore.

 o terminology section lists Authenticator, Authentication
   Server and Supplicant even if those are not used in the
   text outside the terminology section. Imho a reference
   to 802.1X should be enough

 o hot-lining is also only mentioned in the terminology
   section. Should there be some more text in the draft
   itself about hot-lining e.g. in form of motivation for
   this draft? Actually I would like to see a general
   short motivation section somewhere under section 1

 o what is the purpose of the rule-delim in the
   NAS-Traffic-Rule ABNF? As far as I interpreted the
   ABNF there can be only one rule per attribute anyway?
   I could be wrong ;)

 o in the NAS-Traffic-Rule why there could not be
    - ip-proto = ["!"] d8
    - tcp-ports = ["!"] tcp-port *("," tcp-port)

   That would ease blocking of specific ports and 
   protocols. E.g. in case of trying to block some
   virus/worm generated traffic, while allowing 
   everything else..
 
 o tcp-port name might be a bit misleading as ports are
   also used for other protocols. Maybe just using
   ports or similar?

 o What's the intended use for the L2 filtering? I'd
   like to see some real use case described here 

 o section 3.1 Acct-NAS-Traffic-Rule attribute definition
    - the length should probably be >= 11
    - The 'String' should probably be 'Counter'
    - the description for 'Text' is missing

 o Security considerations mention VLAN-related attributes
   several times although those are now in a separate
   document.

Some nits:

 o section 2
   s/one new RADIUS authentication attributes/...attribute


Cheers,
	Jouni 

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Questions about draft-ietf-radext-filter-rules-00.txt
  - From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>

Prev by Date: REMINDER: RADEXT WG last call in progress on VLAN/Priority Attributes Document
Next by Date: Vlan draft - Usage mxture of "packet" and "frame" terms for Ethernet frames
Previous by thread: REMINDER: RADEXT WG last call in progress on VLAN/Priority Attributes Document
Next by thread: Questions about draft-ietf-radext-filter-rules-00.txt
Index(es):
- Date
- Thread