[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[radext] RDTLS #63 (new): 4.1 session inactivity management

To: peterd@iea-software.com
Subject: [radext] RDTLS #63 (new): 4.1 session inactivity management
From: "radext issue tracker" <trac@tools.ietf.org>
Date: Mon, 21 Feb 2011 08:08:37 -0000
Auto-submitted: auto-generated
Cc: radiusext@ops.ietf.org
Reply-to: radiusext@ops.ietf.org

#63: 4.1 session inactivity management

 ''"4.1 ... When a session
 has not been used for a period of time, the server SHOULD pro-
 actively close it, and delete the DTLS session from the tracking
 table. The server MAY cache the TLS session parameters, in
 order to provide for fast session resumption.

 This session lifetime SHOULD be exposed as configurable setting.  It
 SHOULD NOT be set to less than 60 seconds, and SHOULD NOT be set to
 more than 600 seconds (10 minutes).  The minimum value useful value
 for this timer is determined by the application-layer watchdog
 mechanism defined in the following section."''

 s/lifetime/inactivity timeout/
 Lifetime implies static start point.

 Connections on server should be reasonably maintained for long haul (days)
 as there is no rapid method for clients to detect a session closed by the
 server.

 Closure alerts are unreliable and status beats are optional.  Every effort
 should be made to reduce the possibility of datagrams sent by a client
 being silently discarded on the servers DTLS stack.

 I prefer an algorithm where Established connections are maintained as long
 as possible.  Rather than refusing to create new records recommend oldest
 unused subject to a minimum threshold applicable only while there is
 pressure on the state table with between 60 and 600 seconds minimum before
 refusing new connections.

 ''"RADIUS/DTLS servers SHOULD also keep track of the total number of
 sessions in the tracking table, and refuse to create new sessions
 when a large number are already being tracked.  As system
 capabilities vary widely, we can only recommend that this number
 SHOULD be exposed as a configurable setting."''

 Possible replacement text:

 This session inactivity timeout SHOULD be exposed as a configurable
 setting.  Under normal conditions sessions inactive for a duration of
 several hours to days should be disconnected.

 Should the total number of sessions in the tracking table exceed an
 administrative threshold the session inactive for the longest period of
 time should be closed to make room for new sessions.  The server should
 enforce a minimum threshold of between 60 to 600 seconds of inactivity
 below which old sessions are no longer
 disconnected to make room for new sessions on a resource constrained
 server.  In this event new sessions are refused.

-- 
-------------------------------------+--------------------------------------
 Reporter:  peterd@â                 |       Owner:            
     Type:  defect                   |      Status:  new       
 Priority:  major                    |   Milestone:  milestone1
Component:  RDTLS                    |     Version:  1.0       
 Severity:  Active WG Document       |    Keywords:            
-------------------------------------+--------------------------------------

Ticket URL: <http://trac.tools.ietf.org/wg/radext/trac/ticket/63>
radext <http://tools.ietf.org/radext/>


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: [radext] RDTLS #63 (new): 4.1 session inactivity management
  - From: "radext issue tracker" <trac@tools.ietf.org>

Prev by Date: Re: Call for Adoption as a RADEXT WG Work item: draft-dekok-radext-radius-extensions-01.txt
Next by Date: [radext] RDTLS #64 (new): 4.1 source port inclusion in the tracking table
Previous by thread: FW: [Technical Errata Reported] RFC2868 (2714)
Next by thread: Re: [radext] RDTLS #63 (new): 4.1 session inactivity management
Index(es):
- Date
- Thread