[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: The RADIUS attribute space: an assessment
- To: "Nelson, David" <dnelson@enterasys.com>, <radiusext@ops.ietf.org>
- Subject: RE: The RADIUS attribute space: an assessment
- From: "Glen Zorn \(gwz\)" <gwz@cisco.com>
- Date: Tue, 27 Jun 2006 21:45:12 -0700
- Authentication-results: sj-dkim-3.cisco.com; header.From=gwz@cisco.com; dkim=pass ( sig from cisco.com verified; );
- Dkim-signature: a=rsa-sha1; q=dns; l=2113; t=1151469916; x=1152333916; c=relaxed/simple; s=sjdkim3001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=gwz@cisco.com; z=From:=22Glen=20Zorn=20\(gwz\)=22=20<gwz@cisco.com> |Subject:RE=3A=20The=20RADIUS=20attribute=20space=3A=20=20an=20assessment; X=v=3Dcisco.com=3B=20h=3DGGNvRrkAIyMZEjEaTCFmDtHuSu4=3D; b=Dpew7A/nt16diF1pMLD9ucVDSBZiS1HbWyv5cmfTpSJdksb0HtgWezIuzquZJi6eVjXfmU5g ymtAR+E381VgTBLWbcu0/zc4nwqNe90z2EYKOjAEKMuTsFnGiCoW5qnD;
Nelson, David <> supposedly scribbled:
> Glen Zorn writes...
>
>> A far better idea might be for the IESG to finally take some action,
>> deprecating RADIUS and actually supporting Diameter to solve one of
>> the problems for which it was designed.
>
> Why would that be a better idea? Except, perhaps, on some
> self-congratulatory level?
Thanks for the insult.
> I've observed that the IESG doesn't have
> much influence over what the rest of the world chooses to implement.
> A recent, off list, discussion about some substantial enhancements to
> the RADIUS protocol as opposed to deployment of Diameter, has brought
> this home. The impediment to Diameter deployment in this instance is
> that lack of complete, robust, open source implementations of
> Diameter, coupled with readily available open source RADIUS
> implementations and wide deployment of RADIUS. The IETF can provide
> a standardized specification of a better protocol, but it can make
> vendors and operators deploy it.
It's not at all clear to me that Diameter (as specified) is actually a "better" protocol but at least it doesn't have the problem Bernard mentions; in any case, we're not talking about killing RADIUS, here, but whether to take heroic measures to keep it alive.
>
> What would likely happen, if the IESG were to "deprecate" RADIUS, is
> that implementers will simply continue to extend RADIUS using the
> Vendor Specific Attribute. I don't see any advantage in taking that
> route.
That would be near-suicidal for interoperability, of course. Oh wait, that might mean that RADIUS would go away...no wonder there is no visible advantage.
>
> The IESG could "support" Diameter by funding (or otherwise
> stimulating) the creation of complete, robust, well-documented open
> source implementations of Diameter. However, I don't think the IESG
> is in that business.
Hope this helps,
~gwz
Why is it that most of the world's problems can't be solved by simply
listening to John Coltrane? -- Henry Gabriel
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>