[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last call on extensions document?

To: Peter Deacon <peterd@iea-software.com>
Subject: Re: Last call on extensions document?
From: Alan DeKok <aland@deployingradius.com>
Date: Fri, 05 Aug 2011 07:47:32 -0400
Cc: 'radext mailing list' <radiusext@ops.ietf.org>
In-reply-to: <alpine.WNT.2.00.1108042112130.3484@SMURF>
References: <4E2ECDC5.5060207@deployingradius.com> <alpine.WNT.2.00.1108021337010.2140@littlesmurf> <4E386DFA.10904@deployingradius.com> <alpine.WNT.2.00.1108040938170.3484@SMURF> <4E3B3EB0.2040606@deployingradius.com> <alpine.WNT.2.00.1108042112130.3484@SMURF>
User-agent: Thunderbird 2.0.0.24 (Macintosh/20100228)

Peter Deacon wrote:
>>  Which is a disaster for maintainable systems.  Having the RADIUS
>> response change because of modifications to DNS is terrible.  I strongly
>> oppose that kind of setup.
> 
> Use of naming services to abstract network addresses is universal.  Kind
> of the whole point of using these systems in the first place.

  What I meant was that *unexpected* changes are a problem.  DNS is
nice, and useful for many things.  RADIUS policies are usually
relatively fixed.  Having them depend on DNS means that a non-RADIUS
admin can effectively update the RADIUS policies.

  I've seen this cause problems in practice, which makes me wary of it.

> Without combo IP the system needs *extra* intelligence to know the IPv4
> and IPv6 analogue for each attribute.  With combo IP this is unnecessary
> as the same attribute can be used and the system just works.

  The main way I can see combo IP being useful is if family-specific
attributes were to be deprecated.

  Unless there's a groundswell of support for it on this list, I don't
see combo-IP making it into the document.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: Last call on extensions document?
  - From: Peter Deacon <peterd@iea-software.com>

References:
- Last call on extensions document?
  - From: Alan DeKok <aland@deployingradius.com>
- Re: Last call on extensions document?
  - From: Peter Deacon <peterd@iea-software.com>
- Re: Last call on extensions document?
  - From: Alan DeKok <aland@deployingradius.com>
- Re: Last call on extensions document?
  - From: Peter Deacon <peterd@iea-software.com>
- Re: Last call on extensions document?
  - From: Alan DeKok <aland@deployingradius.com>
- Re: Last call on extensions document?
  - From: Peter Deacon <peterd@iea-software.com>

Prev by Date: Re: Last call on extensions document?
Next by Date: Re: Last call on extensions document?
Previous by thread: Re: Last call on extensions document?
Next by thread: Re: Last call on extensions document?
Index(es):
- Date
- Thread