There are two aspects: 1) How can you technically find the server you need to talk to? Diameter has defined a DNS based discovery procedure.
2) Is the Diameter entity you talk to indeed some entity you trust? The IETF Diameter specifications only talk about (1) and not about (2). They implicitly assume that (2) is addressed somehow outside the realm of the IETF. There is a relationship between the two issues. Depending on how you address (2) you may constraint the solutions for (1). Not only the AAA community had made that observation but also the RAI guys with their work on SIP when the had initially planned to model the proxy-to-proxy interaction according to email. In Diameter the DNS based discovery was not used by anyone at few years back; this was the time when I co-chaired the DIME group and helped to organize interop-events were we had gotten feedback from the other implementers. Everyone was using nailed-up connections (and they used IPsec) and so the need to dynamically discover servers did not arise. Ciao Hannes -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of ext Sam Hartman Sent: Monday, November 07, 2011 3:20 PM To: Josh Howlett Cc: [email protected] Subject: Re: [abfab] I-D Action: draft-ietf-abfab-aaa-saml-02.txt >>>>> "Josh" == Josh Howlett <[email protected]> writes: >> >> On 11/06/2011 09:56 PM, Sam Hartman wrote: >>>>>>>> "Josh" == Josh Howlett <[email protected]> writes: >>> Josh> While Diameter supports proxies, it does not require them >>> for Josh> trust establishment and routing between federated >>> partners as Josh> in the RADIUS case. >>> >>> what does this statement mean? I'm obviously missing some >>> important feature of Diameter, which is unsurprising because I >>> know very little about it. >> >> I think Josh is saying that Diameter uses SRV records much like >> RADSEC. Josh> Yes, that kind of thing. Yeah, but how does that help me without a trust relationship? _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
