[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: FW: DISCUSS and COMMENT: draft-ietf-radext-rfc3576bis
David B. Nelson wrote:
> IESG DISCUSS and COMMENT.
...
>> (1) Paul Hoffman has suggested that standards track would be more
>> appropriate than
>> informational for this specification. I understand this would necessitate
>> an issue-specific
>> IETF Last Call, but I tend to agree with Paul. Is there another reason
>> that I am missing
>> to stay at informational?
I have no objection to it being made standards track. On the other
hand, RFC 2866 (accounting) is still informational. It would be odd to
have a decade-old core RADIUS feature as informational, and a newer
feature as standards track.
>> (2) The security considerations section on Impersonation (section 6.2)
>> seem to apply to
>> implementations of RFC 2865, rather than this specification:
>>
>> To address these vulnerabilities RADIUS proxies one hop from the NAS
>> SHOULD check whether NAS identification attributes (see Section 3)
>> match the packet source address. Where one or more attributes do not
>>
>> As far as I can tell, the RADIUS proxy that SHOULD perform this check may
>> be entirely
>> unaware of this specification. Is that correct?
Yes.
>> This is a carryover from RFC 3567, so there is no value in blocking the
>> progression
>> of this specification.
The text appears identical to RFC 3576, Section 5.2.
Alan DeKok.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>