Re: FW: DISCUSS and COMMENT: draft-ietf-radext-rfc3576bis

[Alan DeKok <aland@nitros9.org>]

David B. Nelson wrote:
> IESG DISCUSS and COMMENT.
...
>> (1) Paul Hoffman has suggested that standards track would be more
>> appropriate than
>> informational for this specification.  I understand this would necessitate
>> an issue-specific
>> IETF Last Call, but I tend to agree with Paul.  Is there another reason
>> that I am missing
>> to stay at informational?

  I have no objection to it being made standards track.  On the other
hand, RFC 2866 (accounting) is still informational.  It would be odd to
have a decade-old core RADIUS feature as informational, and a newer
feature as standards track.

>> (2) The security considerations section on Impersonation (section 6.2)
>> seem to apply to
>> implementations of RFC 2865, rather than this specification:
>>
>>    To address these vulnerabilities RADIUS proxies one hop from the NAS
>>    SHOULD check whether NAS identification attributes (see Section 3)
>>    match the packet source address.  Where one or more attributes do not
>>
>> As far as I can tell, the RADIUS proxy that SHOULD perform this check may
>> be entirely
>> unaware of this specification.  Is that correct? 

  Yes.

>> This is a carryover from RFC 3567, so there is no value in blocking the
>> progression
>> of this specification.

  The text appears identical to RFC 3576, Section 5.2.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>