|
Minutes of the RADEXT Virtual Interim Meeting Monday, October 11, 2010 8 AM - 10 AM Pacific Time Chairs Bernard Aboba <bernard_aboba at hotmail.com> Mauricio Sanchez <mauricio.sanchez at hp.com> Agenda 8 AM - 8:10 AM Preliminaries (10 minutes) Attendance Note takers Agenda bash Document Status Documents Completing IETF Last Call (40 minutes) 8:10 AM - 8:30 AM RADIUS over TCP, Alan DeKok (20 minutes) http://tools.ietf.org/html/draft-ietf-radext-tcp Major open issue is what port is to be reserved for Dynauth over TLS. Should this port be reserved in the RADIUS over TCP document or in the RTLS document? Since we are talking about Dynauth over TLS, not Dynauth over TCP, it's not clear why this has to be reserved in this document. Resolution is to remove the port reservation for Dynauth over TLS. 8:30AM - 8:50 AM Design Guidelines, Alan DeKok (20 minutes) http://tools.ietf.org/html/draft-ietf-radext-design-guidelines Went over open Issues: 52, 53, 54, 55, 57, 58. Most have been addressed in Design Guidelines -17. Remainder will be fixed in -18. Once -18 is issued, the document will need to go back to IETF last call; too many changes have been made to it. RADEXT WG Work Items (40 minutes) 8:50 AM - 9:20 AM Extended RADIUS Attributes, Alan DeKok (30 minutes) http://tools.ietf.org/html/draft-dekok-radext-radius-extensions Alan DeKok and Avi Lior have been working on a new proposal for Extended RADIUS attributes to replace the old (moribund) proposal. The requirements are to enable more RADIUS Attribute Type space, and provide standard support for "long" attributes as well as better grouping. The proposal is to "steal" one octet of "value" for extended types, and allocate 4 attributes for this format: 241, 242, 243, 244. This will allow for ~1K new attributes, which should last a few decades at least. To name the new attributes "dotted number" notation is proposed (e.g. 241.1). This is only relevant for the IANA registry, not the protocol itself. Grouping is enabled by defining a TLV data type. This is already in use in WiMAX, 3GPP2 and other SDOs. Multiple TLVs can be in one Extended Attribute, nested or concatenated, with nesting limited only by TLV length (253/3 = ~80). Depth of 5 is sufficient. For "Long" Attributes two attributes are allocated: 245, 246. A "flag" field is added to enable "more than 253 octets of data" to be indicated. The proposal also enables additional VSAs to be provided to vendors. Some vendors have run out (and their request for additional Enterprise Codes has been denied) so this will come in handy. How do we move forward? Some vendors (who can't get Enterprise Codes) need this now; others will need it in 2-3 years when the RADIUS attribute space could run out. Sense of the room is that the proposal is promising; the draft will be placed on the IETF 79 agenda for further discussion. 9:20 - 9:30 AM RADIUS over DTLS, Alan DeKok (10 minutes) http://tools.ietf.org/html/draft-ietf-radext-dtls-00.txt This document currently reuses existing RADIUS and Dynauth ports. This is convenient because no new ports are needed, and because DTLS and RADIUS can easily be distinguished from each other. If we asked for new ports for TLS, DTLS, for both RADIUS and Dynauth, some eyebrows would probably be raised (and rightfully so). Implementations are currently in progress in RadSecProxy, Jradius and FreeRADIUS (expected 1Q 2011). Review from the implementers is an outstanding item. Meeting Adjourned at 9:45 AM. |