[prev in list] [next in list] [prev in thread] [next in thread]
List: hostap
Subject: Re: [PATCHv3 3/3] radius: report taxonomy assoc/probe IEs
From: Alan DeKok <aland () deployingradius ! com>
Date: 2021-08-19 20:52:27
Message-ID: DF2B139C-F118-4A51-8E7E-443BF41BF079 () deployingradius ! com
[Download RAW message or body]
On Aug 19, 2021, at 4:10 PM, Jouni Malinen <j@w1.fi> wrote:
> That should be clearly mentioned in the commit message to make this
> clear. The FreeRADIUS dictionary example is fine to include, but it is
> really confusing without there being first a clear indication that this
> patch defines those new vendor attributes and reserves the specified
> values for this purpose and only after that, giving an example on how
> this could be used on the RADIUS server side.
My preference would be to also include the files with FreeRADIUS. If every vendor \
did that, they wouldn't need to have documentation saying "please edit the \
dictionaries".
> As far as unconditional inclusion of these new attributes in RADIUS
> messages is concerned, I'm a bit concerned about potential
> interoperability issues with old deployed RADIUS servers. Maybe it would
> be safer to do this only based on a new explicit hostapd configuration
> parameter?
I would agree.
> Or is there clear data available to believe that the RFC 6929
> design has no issues without deployed servers?
I suspect a large number of legacy RADIUS servers don't support the RFC 6929 \
attributes. Worse, the numbers were used "illegally" by many vendors, so legacy \
RADIUS servers may in fact try to interpret the extended VSAs as some older format.
I also don't see why the RFC 6929 extended format is being used. If there's no \
existing "hostap" RADIUS dictionary, just use the normal Vendor-Specific space. That \
way the attributes will work with all possible RADIUS servers.
Alan DeKok.
_______________________________________________
Hostap mailing list
Hostap@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/hostap
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic