[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: request to recharter

To: "Bernard Aboba" <Bernard_Aboba@hotmail.com>, "Alan DeKok" <aland@nitros9.org>
Subject: RE: request to recharter
From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
Date: Thu, 21 Feb 2008 08:48:07 -0800
Cc: "Stefan Winter" <stefan.winter@restena.lu>, <radiusext@ops.ietf.org>
In-reply-to: <BLU127-DS31E8E5055385D727C3D1993250@phx.gbl>

I'm not in favor of taking RADSEC on as a working group item without a
better understanding of the goals.  There is more to RADSEC then just
TCP transport and algorithmic agility.  I think it would be appropriate
to have a BOF to understand that scope of what RADSEC is trying to
achieve. 

> -----Original Message-----
> From: owner-radiusext@ops.ietf.org 
> [mailto:owner-radiusext@ops.ietf.org] On Behalf Of Bernard Aboba
> Sent: Thursday, February 14, 2008 3:25 PM
> To: Alan DeKok
> Cc: Stefan Winter; radiusext@ops.ietf.org
> Subject: Re: request to recharter
> 
> >  The "RADIUS over TCP" document could reference existing RADIUS 
> > practices, and explain in excruciating detail why they 
> won't work for TCP.
> >
> >  Also, some issues relating to RADIUS PDU's over a stream transport 
> > may be discussed.  e.g. receiving half a RADIUS packet and 
> then a FIN 
> > is
> > *not* a problem.
> >
> > The MIB counters for
> > radiusAuthServMalformedAccessRequests should NOT be 
> incremented.  e.g.
> > receiving a PDU with malformed attributes means that the TCP 
> > connection SHOULD be closed.
> >
> >  Many RADIUS practices related to handling error cases 
> require a PDU 
> > to be "silently discarded".  This won't work for TCP.  The 
> connection 
> > has to be closed, too.
> >
> > The existing RFC's have to be audited, and a new document 
> issued which 
> > explains the correct behavior.
> 
> This sounds like an outline of the issues that need to be 
> handled in the RADSEC specification.
> Regardless of whether the RADEXT WG ends up adding the RADSEC 
> work to the Charter, it would be useful to include this 
> material in the document. 
> 
> 
> --
> to unsubscribe send a message to 
> radiusext-request@ops.ietf.org with the word 'unsubscribe' in 
> a single line as the message text body.
> archive: <http://psg.com/lists/radiusext/>
> 

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- Re: request to recharter
  - From: "Bernard Aboba" <Bernard_Aboba@hotmail.com>

Prev by Date: I-D Action:draft-ietf-radext-extended-attributes-01.txt
Next by Date: I-D Action:draft-ietf-radext-management-authorization-02.txt
Previous by thread: Re: request to recharter
Next by thread: LC cmts: Extended Attrs
Index(es):
- Date
- Thread