[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Request for Review of RFC 3576 MIB documents

To: Bernard Aboba <aboba@internaut.com>
Subject: Re: Request for Review of RFC 3576 MIB documents
From: Murtaza Chiba <mchiba@cisco.com>
Date: Fri, 03 Jun 2005 13:58:47 -0700
Cc: radiusext@ops.ietf.org
In-reply-to: <Pine.LNX.4.56.0506021412480.30192@internaut.com>
References: <Pine.LNX.4.56.0506021331540.28439@internaut.com> <429F71C9.8020603@piuha.net> <Pine.LNX.4.56.0506021412480.30192@internaut.com>
User-agent: Mozilla Thunderbird 1.0 (X11/20041206)

Thanks Bernard!  Some responses inline.

Bernard Aboba wrote:

Review of
http://www.ietf.org/internet-drafts/draft-ietf-radext-dynauth-client-mib-00.txt

pp. 3:
No need to start each new Section on a separate page.

Ok!

Section 4:
I would prefer that these MIB documents use the same terminology as RFC
3576, rather than inventing new terminology.

Why can't we just state up front that a DynAuthClient = RADIUS Server,
DynAuthServer = RADIUS Client, and avoid using the DAC and DAS
abbreviations?

One reason is that the client need not be limited to a RADIUS Server. Infact it can be any entity that shares a secret and uses the interfaces specified by RFC3576, for e.g. a Rating Engine or a Captive Portal.

Section 5
"This table contains one row for each DAS that the DAC shares a secret with."

RFC 3576 only talks about secrets shared between RADIUS clients and
servers, not between a DAS and a DAC.

Kind of same as above.

Section 6

radiusDynAuthClientInvalidServerAddresses

Do we want to combine CoA and Disconnect statistics in one variable?

                "The number of RADIUS Disconnect-Response packets
                 which contained invalid Signature attributes
                 received from this Dynamic Authorization server."


I guess we can separate the stats for DM and CoA messages.

What is a Signature Attribute?  Do you mean Message-Authenticator? I
thought we decided that this attribute couldn't be used in RFC 3576.

I believe Stefaan was referring to the Authenticator in the packet. I agree that there is a bootstrapping problem with using Signature/Message-Authenticator attribute.


Thanks much for your review.

Regards,
Murtaza

Same issue on Signature Attribute in the Server document.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- Request for Review of RFC 3576 MIB documents
  - From: Bernard Aboba <aboba@internaut.com>
- Re: Request for Review of RFC 3576 MIB documents
  - From: Jari Arkko <jari.arkko@piuha.net>
- Re: Request for Review of RFC 3576 MIB documents
  - From: Bernard Aboba <aboba@internaut.com>

Prev by Date: Re: Request for Review of RFC 3576 MIB documents
Next by Date: Issue: Editorial comments on 3576 server MIB
Previous by thread: Re: Request for Review of RFC 3576 MIB documents
Next by thread: Re: Request for Review of RFC 3576 MIB documents
Index(es):
- Date
- Thread