[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "Last Look" at the RADIUS Design Guidelines document

To: Dave Nelson <d.b.nelson@comcast.net>
Subject: Re: "Last Look" at the RADIUS Design Guidelines document
From: Avi Lior <avi@bridgewatersystems.com>
Date: Mon, 18 Jan 2010 23:05:48 -0500
Accept-language: en-US
Acceptlanguage: en-US
Cc: "radiusext@ops.ietf.org" <radiusext@ops.ietf.org>
In-reply-to: <A30B90B8BE4D4D5380AAC29024B19BFC@NEWTON603>
References: <A09F55D254546C4AB0A637169235F85F2B45DBD65F@m679t05.fpmis.bridgewatersys.com> <4B530F59.7030705@deployingradius.com> <8C27472D-C314-4690-8C99-7E0765B12B65@bridgewatersystems.com> <A30B90B8BE4D4D5380AAC29024B19BFC@NEWTON603>

See inline...

On 18-01-2010, at 04:08 , Dave Nelson wrote:

>> Complex attributes may also be added to the dictionary such that the
>> RADIUS server does not require code changes to process these attributes.
> 
> This may be true of a class of newer RADIUS server implementations, those
> with a "dynamic" data dictionary, but it is not true of another class of
> more "traditional" RADIUS servers, and it's those that this section intends
> to address.

It should be made clear.  Maybe it says that somewhere in the document. 

As a minimum it must be clearly stated that the intent of the BCP is to protect legacy. 
"the recommendation of this BCP are applicable in deployements that utilize legacy RADIUS servers/clients...."

Define legacy RADIUS servers/clients and I would be okay.

IMO the BCP should make a distinction and address both legacy and newer RADIUS servers.  Bu

> 
> As I said in a previous post, the plan is to recommend (via this BCP) that
> newly design RADIUS attributes not contribute to rendering a significant
> installed base of deployed RADIUS servers effectively obsolete.
> 
> If we were talking about VSAs, this wouldn't be a concern.  We're talking
> about standards-tack attributes.
Okay then we should make sure that the document makes this clear.

Perhaps we can clarify this -- In section 2.1 and section 2.2 or in section 2.0

>  If all you have to worry about is the
> class of "enhanced capability" RADIUS servers, then I would agree.  In the
> IETF, we need to take a broader view, I think.
Which is fine but I think you have to document this distinction.  That is a problem with this BCP only people who read these long email threads will understand what is really going on.  If the intent is to protect the existing radius base then we should be clear about that.  


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- RE: "Last Look" at the RADIUS Design Guidelines document
  - From: "Romascanu, Dan (Dan)" <dromasca@avaya.com>
- RE: "Last Look" at the RADIUS Design Guidelines document
  - From: "Dave Nelson" <d.b.nelson@comcast.net>

References:
- Re: "Last Look" at the RADIUS Design Guidelines document
  - From: Avi Lior <avi@bridgewatersystems.com>
- Re: "Last Look" at the RADIUS Design Guidelines document
  - From: Alan DeKok <aland@deployingradius.com>
- Re: "Last Look" at the RADIUS Design Guidelines document
  - From: Avi Lior <avi@bridgewatersystems.com>
- RE: "Last Look" at the RADIUS Design Guidelines document
  - From: "Dave Nelson" <d.b.nelson@comcast.net>

Prev by Date: Re: "Last Look" at the RADIUS Design Guidelines document
Next by Date: Re: "Last Look" at the RADIUS Design Guidelines document
Previous by thread: Re: "Last Look" at the RADIUS Design Guidelines document
Next by thread: RE: "Last Look" at the RADIUS Design Guidelines document
Index(es):
- Date
- Thread