[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: I-D Action:draft-zorn-radius-pkmv1-03.txt

To: 'Alfred HÎnes' <ah@tr-sys.de>
Subject: RE: I-D Action:draft-zorn-radius-pkmv1-03.txt
From: "Dave Nelson" <d.b.nelson@comcast.net>
Date: Wed, 31 Dec 2008 18:25:01 -0500
Cc: <radiusext@ops.ietf.org>
In-reply-to: <200812301912.UAA24872@TR-Sys.de>
References: <200812301912.UAA24872@TR-Sys.de>

Alfred Hoenes writes...

> RADIUS was not designed for that kind and degree of extensibility:
>  o  very limited message size, which was ...
>  o  adjusted for, and coupled with, unreliable UDP transport;
>  o  hence a very limited namespace for attributes was good enough;
>  o  poor security.

I think that accurately summarizes the challenges of "classic" RADIUS.

> I already have been beaten in the past for asking questions like:
>  -  do we really need RADIUS Extended Attributes ?

Well, in order to support the use of RADIUS in certain application areas
that developers want to pursue, the answer is apparently yes.  Additionally,
this mechanism addresses the potential exhaustion of the standard RADIUS
attribute ID number-space, which only includes values 1 - 192.

> -  do we really need new transports for RADIUS, RADSEC, etc. ?

Need?  Well, I think that for specialized uses, i.e. large aggregation-proxy
deployments, there is a case to be made.

> -  do we really need to maintain in the IETF
>    a legacy AAA protocol side by side with its successor ?

We used to not think so.  Time has somewhat changed that perception.  RADIUS
continues to be a popular vehicle for implementing AAA solutions.  I have
heard various reasons for this -- none of which are verified, simply
reported as "heard on the street":

-- RADIUS is simple; Diameter is complicated.

-- RADIUS is easy to extend (since there are very few formal extension
rules, almost anything is considered fair game).

-- High-quality open source implementations of RADIUS are freely available.

-- Diameter lacks similar open source support.

-- Diameter has some IPR statements filed against its RFCs.

-- RADIUS is preferred by enterprise and academic market segments.

-- Diameter is preferred by carrier market segments.



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: RE: Question regarding draft-ietf-radext-design-05.txt
Next by Date: Re: [ISSUE] Status-Server
Previous by thread: RE: I-D Action:draft-zorn-radius-pkmv1-03.txt
Next by thread: Issue: Attribute Usage
Index(es):
- Date
- Thread