[dhcwg] Review/shepherding for draft-ietf-dhc-dhcpv6-radius-opt-09
Tomek Mrugalski <tomasz.mrugalski@gmail.com> Tue, 02 April 2013 20:07 UTC
Return-Path: <tomasz.mrugalski@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5784D21F8DAC for <dhcwg@ietfa.amsl.com>; Tue, 2 Apr 2013 13:07:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q2rXEfwfMR83 for <dhcwg@ietfa.amsl.com>; Tue, 2 Apr 2013 13:07:29 -0700 (PDT)
Received: from mail-ea0-x229.google.com (mail-ea0-x229.google.com [IPv6:2a00:1450:4013:c01::229]) by ietfa.amsl.com (Postfix) with ESMTP id 320A221F8D09 for <dhcwg@ietf.org>; Tue, 2 Apr 2013 13:07:29 -0700 (PDT)
Received: by mail-ea0-f169.google.com with SMTP id n15so394393ead.14 for <dhcwg@ietf.org>; Tue, 02 Apr 2013 13:07:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=u3gTkylzp5AXLSebwQBT9+XG8kcILcbW676QhnM7eG0=; b=B+yvZK/PHqDgbw440Ar9QGbWVxxSRDjom2wRsaGdkvVfQ6kWBcTpuwQvl+z/zgkYzQ UTxSXcUwXs05jl+sUYME/b1dozga9FkQX05EWpW+pz/PoUeC1S17jXLwxwPI2PfGYe7r M6iwiTOEUbKXu96yTeHNuPOjiKNdaCADPF1nc8j8ty7esIlmqr1peM88yfEoKhJReQVC g6cm7iZ1aQ/1DioddLZEz6X8iC8uax98oaBq5OAVHcFKXgFvH7t9RziXb/L4+rf3on5L DyslDq/NpAmJ31dH9jvWZ6vuWB68/NaNu3+Iy245ToUPRnaB04XG4K6csk/OxF7NDpdv X6Aw==
X-Received: by 10.15.35.193 with SMTP id g41mr52511307eev.45.1364933248302; Tue, 02 Apr 2013 13:07:28 -0700 (PDT)
Received: from ?IPv6:2001:470:6061:1:ac0f:d984:8369:5b40? ([2001:470:6061:1:ac0f:d984:8369:5b40]) by mx.google.com with ESMTPS id f47sm4715249eep.13.2013.04.02.13.07.26 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 02 Apr 2013 13:07:27 -0700 (PDT)
Message-ID: <515B3A7C.8040507@gmail.com>
Date: Tue, 02 Apr 2013 22:07:24 +0200
From: Tomek Mrugalski <tomasz.mrugalski@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130308 Thunderbird/17.0.4
MIME-Version: 1.0
To: dhcwg <dhcwg@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: [dhcwg] Review/shepherding for draft-ietf-dhc-dhcpv6-radius-opt-09
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Apr 2013 20:07:30 -0000
Leaf, Med, I'm writing a shepherding document for draft-yeh-dhc-dhcpv6-authorization-opt. As part of this process, I reviewed this document one more time and have a couple of questions/comments. Questions: 1. Was this document presented and reviewed in RADEXT? I'm satisfied with the depth and breadth of reviews this document received in DHC, but I'm concerned with the reviews from RADIUS perspective. I found only one post about it to RADEXT wg: http://www.ietf.org/mail-archive/web/radext/current/msg07717.html. Was this draft presented in RADEXT meeting? Was it discussed on RADEXT mailing list? If not, what is the reason? 2. There are 2 warnings reported by idnits: - lack of boilerplate RFC2119 text (there is a text in section 2, but you do not use exact wording as RFC2119 suggests, so idnits gets confused) - missing references in line 265 (some type codes are marked as [TBD], which confuse idnits as a to be defined references. Removing the brackets should solve this idnits issue). Can you please post updated version that solves this? Review comments: Title: "RADIUS Option for DHCPv6 Relay Agent on the Broadband Access Servers" While the primary usage scenario for this mechanism is NAS, this mechanism can be used in a generic case on any relay that happens to also be Radius client. I propose to remove "on the Broadband Access Servers" from the title. If you want to keep it, please add somewhere in the Introduction a text that explains that while deploying this mechanism on NAS is the primary use case, it may be useful in other deployment types as well. You may compare this with RFC4014 and its title. Section 1 introduction. Please remove "etc." from "The stateful configuration parameters include IPv6 address[RFC3315], IPv6 prefix [RFC3633], etc.". Currently there are no other stateful configuration parameters. You may add a text here about this being a generic mechanism and that NAS happen to be the obvious usage scenario. A single sentence will do the trick. Section 2: idnits (http://tools.ietf.org/tools/idnits/) reports that the RFC2119 boilerplate does not include exact expected text. Can you fix it? Section 3, figure 1 and 2: Can you rename the NAS box to NAS/DHCPv6 relay? Its double function is rather obvious from the types of received and transmitted messages, but it makes the figure a bit easier to understand. Section 4. Can you put the initial list of attributes in a separate subsection (4.1)? This will make it easier for IANA guys to understand. Make sure you reference this new 4.1 section from IANA considerations section. Section 4 says that the following attributes may be stored in the RADIUS option, but do not specify clearly how to encode them. There is a text that references section 5 of RFC2865 and inclusion of length and type fields, but this is still confusing. The current text is ambiguous if the type and length are 1 octet wide (Radius style) or 2 octets wide (DHCPv6 style). This should be clarified. It would also be helpful, if you could add a section 4.2 that provides a simple example. You may take a look at RFC6334, section 3. Section 5 enumerates several message types, DHCPv6 options and Radius attributes. Some of them are accompanied with values in parentheses and some of them are not. Please unify this - either mention values for all or for none. In section 5 you refer to RADIUS option as container option. Please call it just OPTION_RADIUS as you do in the rest of the text. Section 6 is called Server Behavior. Usually this is correct, but in this context "server" is ambiguous (DHCPv6 server or RADIUS server?). Please rename it to DHCPv6 Server Behavior. The same applies to sections 5. and 7. Section 6 has the following text "Upon receipt of the RELAY-FORW (12) message with OPTION_RADIUS from a relay agent, the DHCPv6 server SHOULD extract and interpret the RADIUS attributes in the OPTION_RADIUS, and use that information in selecting configuration parameters for the requesting client.". I would argue that SHOULD is too strong and MAY should be used instead. Whether the server uses or not the contents of RADIUS option is really a matter of server policy which is up to network administrator, so SHOULD is too strong here. Section 9 "IANA considerations" requires a small update. You ask IANA to define a new registry "RADIUS Attributes Permitted in the DHCPv6 RADIUS option". It is almost good, but you did not specify initial content of this new registry in the IANA consideration section. Adding a simple reference to section 4 (or a section 4.1 as suggested earlier in my mail) should do solve this issue. There's a formal question in IESG write-up that specifically asks about this and doing it now will save us a lot of hassles and delays later in the IESG review process. Why there is no reference to RFC4014 that defines exactly the same mechanism for DHCPv4? Once you'll address those comments (or respond that you chose to not change the text), please upload updated version. I'll then resume my work on shepherding this document. Make sure this new version do not have any issues reported by idnits. Tomek