[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: REMINDER: RADEXT WG Last Call on Design Guidelines Document

To: Bernard Aboba <aboba@internaut.com>
Subject: Re: REMINDER: RADEXT WG Last Call on Design Guidelines Document
From: Alan DeKok <aland@deployingradius.com>
Date: Fri, 11 Jul 2008 16:19:41 +0200
Cc: "David B. Nelson" <d.b.nelson@comcast.net>, radiusext@ops.ietf.org
In-reply-to: <Pine.LNX.4.64.0807110653300.501@internaut.com>
References: <Pine.LNX.4.64.0807051158250.31226@internaut.com> <6A2BB8CCBEB94217B36A3D8B3F015564@xpsuperdvd2> <487369B7.2080109@deployingradius.com> <A55B370B1CBA4B85A66CD99B56068DC2@xpsuperdvd2> <487727BD.4030105@deployingradius.com> <01e201c8e352$c33df4a0$6401a8c0@NEWTON603> <Pine.LNX.4.64.0807110653300.501@internaut.com>
User-agent: Thunderbird 2.0.0.14 (X11/20080502)

Bernard Aboba wrote:
> Ugh.  I wonder how the RADSEC proxy would function when receiving packets 
> from an implementation like that.

  If both IP's are listed as clients, then all the packets get processed.

> RFC 5080 does suggest that NAS-Identifier be used to avoid 
> multi-homing confusion, at least within the RADIUS packet itself.  
> Using different source addresses does seem "novel" - and quite 
> likely to confuse.  One can imagine quite bizarre scenarios for an interop 
> torture test - like having a NAS sending RADIUS/EAP packets within the 
> same session from different IP addresses.  The RFC 5080 algorithm in 
> Section 2.1.2 references "source IP", so it would be confused by this, 
> wouldn't it? 

  Yes.  Luckily so far, devices do this only for accounting packets.

  Anyone crazy enough to do this for EAP will quickly discover that it
Just Doesn't Work.  They'll then fix their implementation.

  For accounting packets, it's harder to claim that this behavior
violates the spec.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- REMINDER: RADEXT WG Last Call on Design Guidelines Document
  - From: Bernard Aboba <aboba@internaut.com>
- RE: REMINDER: RADEXT WG Last Call on Design Guidelines Document
  - From: "David B. Nelson" <dnelson@elbrysnetworks.com>
- Re: REMINDER: RADEXT WG Last Call on Design Guidelines Document
  - From: Alan DeKok <aland@deployingradius.com>
- RE: REMINDER: RADEXT WG Last Call on Design Guidelines Document
  - From: "David B. Nelson" <dnelson@elbrysnetworks.com>
- Re: REMINDER: RADEXT WG Last Call on Design Guidelines Document
  - From: Alan DeKok <aland@deployingradius.com>
- RE: REMINDER: RADEXT WG Last Call on Design Guidelines Document
  - From: "David B. Nelson" <d.b.nelson@comcast.net>
- RE: REMINDER: RADEXT WG Last Call on Design Guidelines Document
  - From: Bernard Aboba <aboba@internaut.com>

Prev by Date: RE: REMINDER: RADEXT WG Last Call on Design Guidelines Document
Next by Date: RE: Question on draft-ietf-radext-management-authorization-04.txt
Previous by thread: RE: REMINDER: RADEXT WG Last Call on Design Guidelines Document
Next by thread: I-D Action:draft-ietf-radext-design-04.txt
Index(es):
- Date
- Thread