[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Response to the review comments on draft-ietf-dhc-agentopt-radius-06.txt

To: "Bernard Aboba" <aboba@internaut.com>, <aaa-doctors@ops.ietf.org>
Subject: RE: Response to the review comments on draft-ietf-dhc-agentopt-radius-06.txt
From: "Nelson, David" <dnelson@enterasys.com>
Date: Fri, 25 Jun 2004 23:03:34 -0400
Cc: <narten@us.ibm.com>

Bernard Aboba writes...

> Ralph Droms has posted suggested resolutions to the AAA-Doctors
comments
> on draft-ietf-dhc-agentopt-radius-06.txt.  Earlier I sent out a
summary of
> the issues raised in the review.
> 
> Please respond to this list whether the proposed resolutions are
> acceptable to you.  I will collect the feedback and send it to Ralph.

I would like to propose that the RADIUS User-Name attribute MUST NOT be
included in a DHCP sub-option.  The response from Ralph Droms indicates
(to my reading) that there is no specific purpose for the inclusion of
User-Name, but that it causes no harm to include it, so that DHCP
servers have an accurate picture of the authentication and authorization
state of the session.

Since there is no specific requirement for the DHCP server to know the
User-Name (or other user identity), the provisioned authorization data
being sufficient, I would rather avoid the potential for future
expansion and abuse of this DHCP option such that DHCP servers
effectively become authentication and authorization servers, competing
with existing solutions such as RADIUS and Diameter.  I think that this
is an important restriction to impose.

-- Dave

Prev by Date: Mail moderation
Next by Date: RE: [owner-aaa-doctors@ops.ietf.org: BOUNCE aaa-doctors@ops.ietf. org: Non-member submission from [Ralph Droms <rdroms@cisco.com>]]
Previous by thread: Response to the review comments on draft-ietf-dhc-agentopt-radius-06.txt
Next by thread: [margaret@thingmagic.com: Re: FW: Discuss on draft-ietf-dhc-agentopt-radius-06.txt]
Index(es):
- Date
- Thread