[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: The RADIUS attribute space: an assessment

To: "Nelson, David" <dnelson@enterasys.com>
Subject: RE: The RADIUS attribute space: an assessment
From: "Glen Zorn \(gwz\)" <gwz@cisco.com>
Date: Wed, 28 Jun 2006 19:33:13 -0700
Authentication-results: sj-dkim-4.cisco.com; header.From=gwz@cisco.com; dkim=pass ( sig from cisco.com verified; );
Cc: <radiusext@ops.ietf.org>
Dkim-signature: a=rsa-sha1; q=dns; l=2404; t=1151548393; x=1152412393; c=relaxed/simple; s=sjdkim4001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=gwz@cisco.com; z=From:=22Glen=20Zorn=20\(gwz\)=22=20<gwz@cisco.com> |Subject:RE=3A=20The=20RADIUS=20attribute=20space=3A=20=20an=20assessment; X=v=3Dcisco.com=3B=20h=3DGGNvRrkAIyMZEjEaTCFmDtHuSu4=3D; b=v8BFysaXl+zvVtHOZyYNhDmsZVSxDTQPeBEfYaPPiUiiFPM53Rwk+Qz6whakNG+r6iYSdPPT ObUGGaDMyb4SA3xUTX0P1Ai5iswxFw/O/aT7kBubxzOqbHeFZjZSRFHL;

Nelson, David <mailto:dnelson@enterasys.com> supposedly scribbled:

> Glen Zorn writes...
> 
>>> Why would that be a better idea?  Except, perhaps, on some
>>> self-congratulatory level?
>> 
>> Thanks for the insult.
> 
> No insult intended.  My point is that an attempt by the IESG to
> suppress RADIUS extensions work will ultimately fail, and serve only
> an ivory-tower "Diameter wins, RADIUS loses" sort of objective.  

How is "not actively pursuing" equivalent to "suppressing"?

> 
>> It's not at all clear to me that Diameter (as specified) is actually
>> a "better" protocol but at least it doesn't have the problem Bernard
>> mentions; in any case, we're not talking about killing RADIUS, here,
>> but whether to take heroic measures to keep it alive.
> 
> Well, yes.  But you have authored several I-Ds that once could
> characterize as "heroic measures" to extend RADIUS and you told us
> during IETF-65 you were working on a method to extend the RADIUS PDU
> limit beyond 4095.  But perhaps you've changed your opinion, as all
> of us are wont to do from time to time.  

I would note that none of those I-Ds have been accepted as WG items, nor does that appear to be likely.  My position remains the same as it was 10 years ago: I want the IETF to have a AAA protocol that actually works, & does what is necessary.  This seems at odds w/the aim of the IESG (& unsurprisingly, the WG chairs), however, which seems happy to continue the current situation.
  
> 
>> That would be near-suicidal for interoperability, of course.  Oh
>> wait, that might mean that RADIUS would go away...no wonder there is
>> no visible advantage.
> 
> If the likely disastrous outcome of poor interoperability would
> actually prevent such further work, you might have a good point.  I
> suspect that it would not, and what we would end up with would be
> different, non-interoperable "dialects" of RADIUS promulgated by
> various SDOs, and possibly by vendors as well.   

Exactly.  The question is, why should we care?  If interoperability is not a goal of these unnamed SDOs & vendors, so be it.  If on the other hand, it is a goal, then they should follow the standard.  

Hope this helps,

~gwz

Why is it that most of the world's problems can't be solved by simply
  listening to John Coltrane? -- Henry Gabriel

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: RE: The RADIUS attribute space: an assessment
Next by Date: RE: The RADIUS attribute space: an assessment
Previous by thread: RE: The RADIUS attribute space: an assessment
Next by thread: RE: The RADIUS attribute space: an assessment
Index(es):
- Date
- Thread