[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Last Call: IANA Considerations for RADIUS to Proposed Standard
At 10:04 AM 2/24/2003 -0500, Steven M. Bellovin wrote:
In message
<200302241448.h1OEmurC026462@rotala.raleigh.ibm.com>, Thomas Narten
writes:
>> If I understand this draft correctly, it represents the
most
>> pathetic and lame perversion of the IETF process I've ever
seen.
>
>If you have something of substance to say, the above doesn't
>communicate it very well.
>
>I'm serious.
Glenn, that was my reaction, too. I'm not sure what issue you're
trying to raise. BCP vs. Proposed? That's the only thing I
see.
Unfortunately, the only semi-technical issue with the draft is the use of
the term "allocated" in the last sentence of section 2.1,
paragraph 3: "A list of allocated RADIUS TypeCodes is given in
Appendix A.". Since only Type Codes 1-5 and 11-13 were
actually allocated by RFC 2865 or, for that matter, by IANA (though the
IANA registry does mention Type Codes 6-10 as "unassigned" and
255 as reserved), the sentence probably should be changed to something
like "RADIUS Type Codes 1-5 and 11-13 were allocated in RFC 2865,
while Type Codes 6-10 and 14-52 are allocated by this document. For
a list of Type Codes, see Appendix A". This
wording would more clearly explain the apparent purpose of this document,
since aside from some minor changes in the way Attribute Codes are
assigned, the major change to RFC 2865 is in the "allocation"
of those Type Codes. As you are no doubt aware, the author of this
draft is also a co-author of another draft
(draft-chiba-radius-dynamic-authorization-xx.txt) which was the object of
a recent IESG appeal. That appeal was based upon the fact that RFC
2865 requires Standards Action for the allocation of new Type Codes,
since "a new Packet Type has considerable impact on
interoperability". Interestingly, Bernard seems to agree with
this statement (maybe just for other people?), since the same words are
present in draft-aboba-radius-iana-01.txt. Indeed, if
draft-aboba-radius-iana-01.txt is published as a Proposed Standard, it
will fulfill the letter of the law, and allocate the Type Codes used in
draft-chiba-radius-dynamic-authorization-xx.txt (among others). I
doubt very much that it will satisfy the spirit of either RFC 2865 or of
BCP 26, though . I had thought that when BCP 26 defined
"Standards Action" as meaning that "Values are assigned
only for Standards Track RFCs approved by the IESG." it meant that
something other than just the numbers would be defined in the
"Standards Track RFCs"; perhaps not. I'm not sure if the
IESG goes on precedent, but this sure sets a neat one: Loathe to publish
your proprietary protocol? Spec too lame for the Standards
Track? IANA allocation blocked by some pesky RFC? No
problem, just "update" that pesky RFC to include the numbers
you need! To give a couple of random (but telling) examples,
draft-aboba-radius-iana-01.txt lists RFC 2882 as the reference for Type
Codes 29, 30 and 32. Here is the _entire_ text explaining these
three Type Codes:
5.2. Authentication Modes
Additional message types have been added to negotiate
passcode
changes for token card servers.
- Next Passcode
- New PIN
- Password Expired
They allow the NAS or RADIUS server negotiate passcode
changes with
an external security server.
That's it. If anyone would like to explain to me how to
build independent, interoperable implementations (presumably the purpose
of standards) for those RADIUS messages, I'd love to hear it.
Another example (also from RFC 2882, the cited reference in
draft-aboba-radius-iana-01.txt):
5.1. Password Change
Remotely requested password change operations were described
and
proposed, but rejected by the working group. None the
less, the
feature is still deployed in a number of products.
Message types:
- Password Request
- Password Ack or Reject
Here we have a set of messages (Type Codes 7-9) that were
_rejected_ (right or wrong) by an IETF WG legitimized as if by
magic! What is the format of these messages? What do they
contain? One would likely have to dig through the same set of
vendor manuals as Dave Mitton did when he was writing RFC 2882 to find
that out. I hope that I have clarified my use of the terms
"pathetic" and "lame" in my comment; however, my use
of the word "perversion" may not be quite clear. My usage
of the word is derived from definition 2 of "pervert" in the
Merriam-Webster Online Dictionary (hardly authoritative, but what the
heck): "2 a : to divert to a wrong end or purpose :
MISUSE b : to twist
the meaning or sense of : MISINTERPRET
synonym see
DEBASE".
--Steve
Bellovin,
http://www.research.att.com/~smb
(me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)