[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Issues with draft-ietf-radext-extended-attributes-05.txt

To: Bernard Aboba <bernard_aboba@hotmail.com>
Subject: Re: Issues with draft-ietf-radext-extended-attributes-05.txt
From: Alan DeKok <aland@deployingradius.com>
Date: Fri, 26 Dec 2008 10:37:35 +0100
Cc: Glen Zorn <glenzorn@comcast.net>, "David B. Nelson" <d.b.nelson@comcast.net>, "radiusext@ops.ietf.org" <radiusext@ops.ietf.org>
In-reply-to: <BLU137-W122031A6C76B26440DFFD293EA0@phx.gbl>
References: <004901c9664f$d36c4ef0$7a44ecd0$@net> <BLU137-W122031A6C76B26440DFFD293EA0@phx.gbl>
User-agent: Thunderbird 2.0.0.18 (Macintosh/20081105)

Bernard Aboba wrote:
> Issue 225 -- It would appear that the major point of contention here
> relates to the length field and
> fragmentation.  I believe that  this comment could be resolved by
> addition of some advice (a SHOULD
> might suffice) on fragmentation usage for senders and support on
> receivers.   The ability to include
> multiple attributes inside a VSA was allowed in RFC 2865, and so should
> not be a subject of dispute
> for this document.  Given that this issue is nearly resolved, I would
> suggest that you and Alan
> work out appropriate text.

  I'll see if I can suggest something.

> Issue 278 -- The remaining portion of this issue relates to whether IANA
> can allocate Extended
> Attributes 0-255, and if by doing so, confusion would be created with
> respect to existing
> RADIUS attributes.  What is interesting about this discussion is that it
> only arose once the
> size of the type field was expanded to 16 bits.  In general, we have not
> seen confusion
> relating to use of VSAs with Type Code values which overlap the
> standards range (which
> most do).  For example, do people confuse Example.com VSA #32 with the
> RADIUS
> NAS-Identifier attribute (32)?   Maybe this issue could be resolved by
> suggestion of appropriate
> nomenclature.  For example, the term "<Attribute name> Extended
> Attribute (#)"
> instead of today's usage "NAS-Identifier Attribute (32)". 

  I was thinking also API's.  Some systems have internal API's that
add/delete/lookup attributes based on a key.  The key is (vendor-id,
attribute).  The problem is that looking up traditional RFC attributes
is often done by setting vendor-id=0.

  If we allow vendor-id to be zero, AND allow attributes 1..255 to mean
something new, this will cause problems for many implementations.

  Using 1..255 also prevents the grouping of standard RFC attributes
into the extended-attribute format, which was one of Glens goals.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- RE: Issues with draft-ietf-radext-extended-attributes-05.txt
  - From: "Bernard Aboba" <Bernard_Aboba@hotmail.com>
- RE: Issue 278
  - From: "D. B. Nelson" <d.b.nelson@comcast.net>

References:
- Issues with draft-ietf-radext-extended-attributes-05.txt
  - From: "Glen Zorn" <glenzorn@comcast.net>
- RE: Issues with draft-ietf-radext-extended-attributes-05.txt
  - From: Bernard Aboba <bernard_aboba@hotmail.com>

Prev by Date: RE: FW: [Fwd: Question regarding draft-ietf-radext-design-05.txt.]
Next by Date: RE: I-D Action:draft-zorn-radius-pkmv1-03.txt
Previous by thread: RE: Issues with draft-ietf-radext-extended-attributes-05.txt
Next by thread: RE: Issue 278
Index(es):
- Date
- Thread