[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [radext] RDTLS #65 (new): Multiple dtls sessions in a tuple?
On Wed, 23 Feb 2011, Alan DeKok wrote:
What I propose is allocating two type codes used for all RDTLS requests.
They will be used in a simple 4-byte prefix before the DTLS data by
RADIUS clients and servers.
If we're doing that, we might as well solve the ID limitation at the
same time. Add a 64-bit unique "packet identifier", so that one DTLS
session can transport more than 256 RADIUS packets at the same time.
This is not needed since source port is also replaced with
RDTLS-Session-ID in the DTLS tracking table.
When source port is removed the effective ID space per DTLS session is the
same as RADIUS... ~2^16 (source ports) * 2^8 (Ids)
This worries me a little, though. It involves the creation of a new
protocol, which is neither RADIUS nor DTLS. I'm not sure it solves
enough problems to warrant the extra complexity.
To simplify somewhat the proposal is just stealing first 4 bytes for
session selection and sending the rest to the DTLS stack.
I don't know how it would be classified politically. In terms of Interop
whether RADIUS sees DTLS or 4 bytes + DTLS the reaction from RADIUS
implementations not supporting DTLS I would expect to materially be the
to unsubscribe send a message to firstname.lastname@example.org with
the word 'unsubscribe' in a single line as the message text body.