RE: Comments on draft-carroll-dynmobileip-cdma-04.txt

["Glen Zorn \(gwz\)" <gwz@cisco.com>]

Carroll, Christopher P. <mailto:Christopher.Carroll@ropesgray.com>
supposedly scribbled:

> Hi Glen,
> 
> I find your request somewhat extreme.  

It wasn't really a serious request, more an observation.  The
document misuses RADIUS in the worst way (whether through ignorance
or arrogance is of little consequence) & to state that the document
in question shouldn't be used as a model is the weakest possible
statement.

> However, I would like to
> believe that your opinions are not influenced by Cisco's Mobile IP
> key distribution product entitled " "Mobile IP Dynamic Security
> Association and Key Distribution" which is interestingly similar
in
> title and purpose to the present draft. 

I'm unfamiliar with that product (document? draft? Can you supply a
reference?) but you may rest assured that if it similar in technique
to yours my criticism would be just as vehement.
 
> 
> Regards,
> 
> chris
> 
> 
>> -----Original Message-----
>> From: Glen Zorn (gwz) [mailto:gwz@cisco.com]
>> Sent: Monday, March 14, 2005 2:20 PM
>> To: 'Avi Lior'; 'Nelson, David'; 'Frank Quick'; 'Alan DeKok'; 'W.
>> Mark Townsley' Cc: 'Jari Arkko'; 'Barney Wolff'; 'Thomas Narten';
>> Carroll, Christopher P.; gerry.flynn@verizonwireless.com;
>> radiusext@ops.ietf.org 
>> Subject: RE: Comments on draft-carroll-dynmobileip-cdma-04.txt
>> 
>> Avi Lior <> supposedly scribbled:
>> 
>> _This document is practically a textbook example of how _not_ to
use
>> RADIUS.  Can the note say that?
>> 
>>> I support David's approach.
>>> 
>>>> -----Original Message-----
>>>> From: Nelson, David [mailto:dnelson@enterasys.com]
>>>> Sent: Monday, March 14, 2005 1:32 PM
>>>> To: Frank Quick; Alan DeKok; Avi Lior; W. Mark Townsley
>>>> Cc: Jari Arkko; Barney Wolff; Thomas Narten; Carroll,
Christopher
>>>> P.; gerry.flynn@verizonwireless.com; radiusext@ops.ietf.org
>>>> Subject: RE: Comments on draft-carroll-dynmobileip-cdma-04.txt
>>>> 
>>>> 
>>>> Frank Quick writes...
>>>> 
>>>>> This sounds very reasonable, but I think it actually goes
beyond
>>>>> the context of this draft.  I believe there is no clear
statement
>>>>> of this policy that the draft can reference, and it is not a
good
>>>>> idea for a draft of this nature to create new policy.  For
this
>>>>> draft maybe it is enough that we state that RFC 2865 forbids
VSA
>>>>> in Access-Reject, and that future work should consider using
>>>>> Access-Challenge instead.  That would avoid having to discuss
the
>>>>> semantics issue in the draft.
>>>> 
>>>> It is apparent that there is some disagreement within the
RADIUS
>>>> community within IETF about the usage of Access-Reject.  The
areas
>>>> of disagreement cover whether Access-Reject implies link-layer
>>>> disconnect and when Access-Reject or Access-Challenge is
>>>> appropriate (or permissible).  In RADEXT, we have added this
set
>>>> of issues to be considered in our RADIUS Issues and Fixes I-D.

>>>> Given this lack of clear consensus, it might be advisable to
craft
>>>> an IESG note along the lines that Frank describes.  Future RFCs
>>>> may provide more definitive guidance in this area.
Understanding
>>>> that, it is appropriate to discourage new work using *this*
>>>> document as a precedent.
>> 

Hope this helps,

~gwz

Why is it that most of the world's problems can't be solved by
simply
  listening to John Coltrane? -- Henry Gabriel

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>