ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Is it an error?

2001-03-08 15:30:02
from [David Mitton] [Permanent Link] 
Well,
I find it disappointing that this document became an RFC without be run past the RADIUS WG mailing list. It's also not clear if this came through any WG (I cannot find an attribution in any groups charter including PPPEXT).
It's clear that the author was unaware of RFC 2865 and it's preceding drafts. As Glen and the text points out, actual post RFC RADIUS values (other than VSAs) have to be assigned by IANA, and these are not there.
Some of us that worked in the RADIUS WG before it closed, thought that there would be some public notice and review before assignment. Per RADIUS RFC 2865 sect 6 IANA Considerations; 

<quote>
6.2.  Recommended Registration Policies

   For registration requests where a Designated Expert should be
   consulted, the IESG Area Director for Operations should appoint the
   Designated Expert.

   For registration requests requiring Expert Review, the ietf-radius
   mailing list should be consulted.

<endquote>

        Dave.

At 3/8/01 10:55 AM -0500, Glen Zorn wrote:
xu(_dot_)zhijun(_at_)mail(_dot_)zte(_dot_)com(_dot_)cn [<mailto:xu(_dot_)zhijun(_at_)mail(_dot_)zte(_dot_)com(_dot_)cn>mailto:xu(_dot_)zhijun(_at_)mail(_dot_)zte(_dot_)com(_dot_)cn] writes: 

> In Rfc2868 (RADIUS Attributes for Tunnel Protocol Support),
> Radius Attribute
> 91
> is given to Tunnel-Server-Auth-ID.
> However, In Rfc2888 (Secure Remote Access with L2TP),the same Radius
> Attribute
> 91 is given to IPSEC_MANDATE.
> Is it an error?

It's not clear to me that it's actually an error, since RFC 2888 says 'A new
RADIUS attribute IPSEC_MANDATE (91) _may_ be defined for each user.' (my
emphasis) but does not actually define the attribute (at least in the
traditional, RFC 2865 fashion).  RADIUS attribute 91 is registered w/IANA as
Tunnel-Server-Auth-ID (see
<http://www.isi.edu/in-notes/iana/assignments/radius-types>http://www.isi.edu/in-notes/iana/assignments/radius-types). BTW, RFC 2888 
describes using IPSEC _tunnel_ mode with L2TP, which is in direct
contradiction to the direction of the L2TP WG (as described in
draft-ietf-l2tpext-security-02.txt).


---------------------------------------------------------------
David Mitton                                  ESN: 248-4570
Advisor, Nortel Networks                      978-288-4570 Direct
Wireless Solutions, IP Mobility
Billerica, MA 01821                    dmitton(_at_)nortelnetworks(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Is it an error?, Glen Zorn
Next by Date:  Re: Curiosity, Fred Baker
Previous by Thread:  RE: Is it an error?, Glen Zorn
Next by Thread:  RE: Is it an error?, xu . zhijun
Indexes:  [Date] [Thread] [Top] [All Lists]