[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Issue 272 resolution

To: "'Bernard Aboba'" <Bernard_Aboba@hotmail.com>, "'Alan DeKok'" <aland@deployingradius.com>
Subject: RE: Issue 272 resolution
From: "Glen Zorn" <glenzorn@comcast.net>
Date: Tue, 14 Oct 2008 10:28:11 +0700
Cc: "'radext mailing list'" <radiusext@ops.ietf.org>
In-reply-to: <BLU137-DAV62E6579EF20CE5F82D54393310@phx.gbl>
References: <003c01c92c2a$f6316290$e29427b0$@net> <48F1A0FE.4090106@deployingradius.com> <004d01c92c4c$77879280$6696b780$@net> <48F2E276.3080109@deployingradius.com> <007d01c92cf9$2b09c830$811d5890$@net> <48F2EB58.6080503@deployingradius.com> <007e01c92d03$52a819f0$f7f84dd0$@net> <48F30A8A.9090303@deployingradius.com> <BLU137-DAV62E6579EF20CE5F82D54393310@phx.gbl>

Bernard Aboba [mailto:Bernard_Aboba@hotmail.com] writes:

> > I was sure the idea was brought up on this list, too.  What was the
> > result of that discussion?
> 
> The result of that discussion was not to go forward with it.

Just to refresh the memory, the idea in question was 'de-capsulating the
contents of the MS-CHAP-* attributes into multiple attributes...e.g.
MS-CHAP(foo=1, bar=2, ...)  3GPP does this, WiMAX does this'.  As I pointed
out in a previous message, both RFC 2865 VSAs and the current extended
attribute draft also allow this, just in a (perhaps predictably) half-assed
fashion: instead of (for example) defining & referring to an Extended
Attribute called MS-CHAP-CPW-2 which encapsulates various TLVs corresponding
to Old-NT-Hash, Old-LM-Hash, etc. one would either a) define a bunch of new
Extended Attributes corresponding to the fields in the MS-CAP-CPW-2
attribute and refer to it as the set of extended attributes containing the
same (unknown, run-time assigned) value in the Tag field or b) merely
replicate the RFC 2548 definition of MS-CHAP-CPW-2 with an Extended
Attribute header.  The latter approach, of course, forces the continued use
of the so-called "complex" Attributes that Alan (?!) so reviles in
http://www.ietf.org/internet-drafts/draft-ietf-radext-design-05.txt, while
the former forces the receiver to grovel through the entire message to find
the tagged attributes, check that all are present and check the validity of
each instead of just checking the validity of a single attribute.  I love
this idea!  Certainly far better to accept it than tamper with WG Consensus
(which apparently has become as holy as "backward compatibility" in this WG.
In any case, I'm not married to this solution; I've repeatedly requested
suggestions for a solution to the problem but nobody else has brought any
forward.  

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: Issue 272 resolution
  - From: Alan DeKok <aland@deployingradius.com>

References:
- Issue 272 resolution
  - From: "Glen Zorn" <glenzorn@comcast.net>
- Re: Issue 272 resolution
  - From: Alan DeKok <aland@deployingradius.com>
- RE: Issue 272 resolution
  - From: "Glen Zorn" <glenzorn@comcast.net>
- Re: Issue 272 resolution
  - From: Alan DeKok <aland@deployingradius.com>
- RE: Issue 272 resolution
  - From: "Glen Zorn" <glenzorn@comcast.net>
- Re: Issue 272 resolution
  - From: Alan DeKok <aland@deployingradius.com>
- RE: Issue 272 resolution
  - From: "Glen Zorn" <glenzorn@comcast.net>
- Re: Issue 272 resolution
  - From: Alan DeKok <aland@deployingradius.com>
- RE: Issue 272 resolution
  - From: "Bernard Aboba" <Bernard_Aboba@hotmail.com>

Prev by Date: RE: Issue 272 resolution
Next by Date: Re: Issue 272 resolution
Previous by thread: RE: Issue 272 resolution
Next by thread: Re: Issue 272 resolution
Index(es):
- Date
- Thread