[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPv6

To: "Wojciech Dec (wdec)" <wdec@cisco.com>
Subject: Re: IPv6
From: Alan DeKok <aland@deployingradius.com>
Date: Wed, 07 Oct 2009 15:08:21 +0200
Cc: "David B. Nelson" <dnelson@elbrysnetworks.com>, radiusext@ops.ietf.org
In-reply-to: <A16B9A4922C4A544A94565E870362B5067BFC0@XMB-AMS-111.cisco.com>
References: <BLU137-W314993506866F793EEB88693D70@phx.gbl> <BLU137-W4F78E3ECFED2F44FDB88493D70@phx.gbl> <BLU137-W338302372310BA3462DA2F93CF0@phx.gbl> <BLU137-W38787A2EDC24DC2F1A05393CE0@phx.gbl> <9E1DAF16-40C5-4A25-82D0-EEDB7561BA64@elbrysnetworks.com> <4ACB5A24.1000400@deployingradius.com> <BLU137-W1161C897A67368B338929193CE0@phx.gbl> <A16B9A4922C4A544A94565E870362B50622831@XMB-AMS-111.cisco.com> <4ACB9EBB.9010304@deployingradius.com> <A16B9A4922C4A544A94565E870362B5062292C@XMB-AMS-111.cisco.com> <30B10043-1F22-4AD6-8246-2F80DFA081AE@elbrysnetworks.com> <A16B9A4922C4A544A94565E870362B5067BFC0@XMB-AMS-111.cisco.com>
User-agent: Thunderbird 2.0.0.23 (Macintosh/20090812)

Wojciech Dec (wdec) wrote:
> Sure, that's fair. The point I was making is that with the string
> definition above, passing an IPv6 prefix (or anything else up to 255
> bytes really) did not require any new data-type and in terms of say the
> IPv6-prefix.

  From the design guidelines document:

   If the RADIUS Server simply passes the contents of an attribute to
   some non-RADIUS portion of the network, then the data is opaque, and
   SHOULD be defined to be of type String.  A concrete way of judging
   this requirement is whether or not the attribute definition in the
   RADIUS document contains delineated fields for sub-parts of the data.
   If those fields need to be delineated in RADIUS, then the data is not
   opaque, and it SHOULD be separated into individual RADIUS attributes.

> Furthermore rfc2868 provides plenty of precedent for
> structured attributes with "String", if one wants, eg Tunnel-Password.

  From the design guidelines document:

   As can be seen in Appendix B, most of the existing complex attributes
   involve authentication or security functionality.  Supporting this
   functionality requires code changes on both the RADIUS client and
   server, regardless of the attribute format.  As a result, in most
   cases, the use of complex attributes to represent these methods is
   acceptable, and does not create additional interoperability or
   deployment issues.

  All of these arguments are familiar, and have been hashed through in
detail in this WG.  There are good reasons for the current behavior.
The document explains that *changes* in behavior need good reasons, too.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- Re: IPv6
  - From: Bernard Aboba <bernard_aboba@hotmail.com>
- RE: IPv6
  - From: Bernard Aboba <bernard_aboba@hotmail.com>
- RE: IPv6
  - From: Bernard Aboba <bernard_aboba@hotmail.com>
- RE: IPv6
  - From: Bernard Aboba <bernard_aboba@hotmail.com>
- Re: IPv6
  - From: "David B. Nelson" <dnelson@elbrysnetworks.com>
- Re: IPv6
  - From: Alan DeKok <aland@deployingradius.com>
- RE: IPv6
  - From: Bernard Aboba <bernard_aboba@hotmail.com>
- RE: IPv6
  - From: "Wojciech Dec (wdec)" <wdec@cisco.com>
- Re: IPv6
  - From: Alan DeKok <aland@deployingradius.com>
- RE: IPv6
  - From: "Wojciech Dec (wdec)" <wdec@cisco.com>
- Re: IPv6
  - From: "David B. Nelson" <dnelson@elbrysnetworks.com>
- RE: IPv6
  - From: "Wojciech Dec (wdec)" <wdec@cisco.com>

Prev by Date: RE: IPv6
Next by Date: Re: IPv6
Previous by thread: RE: IPv6
Next by thread: RE: IPv6
Index(es):
- Date
- Thread