Re-, Please see inline.
Cheers, Med > -----Message d'origine----- > DeΒ : Alan DeKok <[email protected]> > Envoyé : jeudi 13 octobre 2022 13:40 > ΓΒ : BOUCADAIR Mohamed INNOV/NET <[email protected]> > CcΒ : Ben Schwartz <[email protected]>; Joe Clarke (jclarke) > <[email protected]>; [email protected]; [email protected]; > [email protected] > ObjetΒ : Re: [Add] [OPSAWG] π WG LC: RADIUS Extensions for > Encrypted DNS > > On Oct 13, 2022, at 4:11 AM, [email protected] wrote: > > > > Hi Alan, all, > > > > FYI, we do already have the following in the draft to pass > RADIUS attributes in DHCPv6: > > > > In deployments where the NAS behaves as a DHCPv6 relay agent, > the > > procedure discussed in Section 3 of [RFC7037] can be followed. > To > > that aim, Section 6.3 updates the "RADIUS Attributes Permitted > in > > DHCPv6 RADIUS Option" registry ([DHCP-RADIUS]). > > I was thinking of the other way around: allowing DHCPv6 options > inside of a RADIUS attribute. [Med] Yes, I got that. But I wanted to highlight that, as we are already allowing to encapsulate radius attributes in dhcp, if we encapsulate dhcp in radius, then for the case in 7037, we will end up with dhcp_option(radius(dhcp_option)) encapsulation. > > > For the typical target deployment in the draft, I don' think we > have a valid case for long data. That's said, we may include a > provision to allow for multiple TLVs; each carrying self-contained > key=value data. > > If that's the target deployment, then that works. I'd suggest > updating the draft to explicitly mention this limitation, and > describe why it's acceptable. [Med] Yes, that's exactly what I have in mind. > > I'd also suggest changing the RADIUS attribute space from 241.X > to 245.X. See https://www.rfc-editor.org/rfc/rfc8044#section-3.16 [Med] Agree. Will fix that. Thanks. > > With 241.X, the maximum amount of data which can be carried is > 252 octets. This space has to encapsulate all child attributes, > including headers and contents. Which means that each individual > child attribute can carry much less than 253 octets. > > With 245.X, the maximum amount of data which can be carried is > limited only by the RADIUS packet length. Each child attribute > can then carry a full 253 octets of data. And there are no limits > on the number of child attributes which ca be carried. > > Alan DeKok. _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
