[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IESG review DISCUSS ondraft-ietf-radext-management-authorization-06.txt



Dan Romascanu wrote:

> > I was not asking this draft to fully solve the problems about
> > NAS-Port-Id.
> >
> > I was asking a very specific suggestion: given that many
> > NASes implementing this specification will probably send the
> > IP address (and possibly port number) of the SSH/NETCONF/etc.
> > client *somewhere* in the Access-Request packet, should the
> > document give some guidance on what attribute/format could be used?
> >
> > Do I understand correctly that you think it's better to *not*
> > give any guidance, leaving each vendor to do things differently?
> > (remembering that we're talking about new NASes that
> > implement the attributes from this draft, not old stuff)
> >
> > Best regards,
> > Pasi
> >
> 
> My opinion is that it is better to not give any guidance in this
> document, for the reasons mentioned by David. A proper and complete
> solution would require long discussions and I am not certain is within
> the scope here, and in the absence of a complete solution I prefer to
> leave this implementation dependent at this point in time.

We all know that proper and complete solution will never happen... but
since so many other RADIUS details are vendor-dependent, I guess this
one won't really change the overall interoperability situation.

I'll clear when David's proposed text for Section 5.4 (email 2009-04-15,
about management privilege levels) is there. An RFC editor note would
work for me.

Best regards,
Pasi

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>