[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: "Last Look" at the RADIUS Design Guidelines document
> -----Original Message-----
> From: Alan DeKok [mailto:aland@deployingradius.com]
> Sent: 19 January 2010 17:15
> To: Wojciech Dec (wdec)
> Cc: Dave Nelson; radiusext@ops.ietf.org
> Subject: Re: "Last Look" at the RADIUS Design Guidelines document
>
> Wojciech Dec (wdec) wrote:
> > Having a BCP document which states "don't do it", along with some
> > dubious arguments (eg security) really doesn't help.
>
> You carefully deleted the real argument that I had in my message:
>
> >> It *does* recommend against complex systems where simpler
> ones would
> >> suffice. This is an engineering practice going back 50+ years.
>
> Was that intentional, or accidental?
Yes, it was intentional because:
a) Expressing complex data using simple attributes generally requires an
elaborate rule set to be present, which happens to be where the
complexity is. It so happens that radius doesn't robustly define such
rules, and even simple ones like tags are flagged as an issue (in the
BCP no less). Thus using simple attributes actually makes the system
(composed of protocol + whatever sits on top) more complex and less
robust because it's the custom "on top" piece that has to encode any
such rules. The BCP doesn't hence provide useful guidance on how simple
attributes can be constructed to do something more complex, but we know
that.
B) it was a rather flippant remark
-Woj.
>
> Alan DeKok.
>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>