Re: radius in draft-heinanen-radius-pe-discovery-03.txt

[Bernard Aboba <aboba@internaut.com>]

> Any chance you can wordsmith your note a bit so I can forward in to
> the ppvpn list (it does make a comment about the author's clue level
> that probably needs removing...). I don't think much editing is
> needed. The text speaks for itself.

Sure, I'll work on that.

> The ppvpn WG is wanting to take the document on as a WG document.
>
> 1) I want to say no, at least for now, as there are issues with this
>    document. *If* this is to become a work item, we need to better
>    understand what will be allowed, how it will get appropriate radius
>    review, how to minimize abuse, etc.

You could just reference RFC 2865, which says that RADIUS is only to be
used for authentication, authorization and accounting. Use for discovery
or other purposes is out of scope.

It's worth noting that AAA may well be appropriate for PPVPN
configuration; RFC 2867-2868 already handles VPN configuration, and
draft-congdon extends this to VLAN configuration. It's all the other
things that this draft does that are problematic.

> 2) It is alleged that there are some in the WG who will recognize that
>    this approach has problems. Posting something like this will prompt
>    them to chime in and or lead to a discussion about alternate
>    approaches.

> 3) WG needs to have a real discussion about what the options are for
>    doing discovery, and talk about approaches from the 10,000 foot
>    level. Taking this document on as a WG at this time probably
>    doesn't help here.

I hope that IEEE 802.11f has not legitimized RADIUS use for Discovery, but
that usage seems somewhat similar to what is happening here.  It's not
like there aren't enough other alternatives, so I'd just say no on that.