[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Windows 2000 and Cicsco router interoperability

To: Jan Vilhuber <vilhuber@cisco.com>
Subject: Re: Windows 2000 and Cicsco router interoperability
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Wed, 17 May 2000 02:26:13 -0400
Cc: Stephen Kent <kent@bbn.com>, "CHINNA N.R. PELLACURU" <pcn@cisco.com>, ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

In message <Pine.SOL.3.96.1000516215040.29630A-100000@jvilhube-ss20.cisco.com>,
 Jan Vilhuber writes:
>On Tue, 16 May 2000, Stephen Kent wrote:
>> The "features that AAA provides?"  AAA is a WG but there are no AAA 
>> standards yet. In fact, the WG drafts so far focusing only on 
>> requirements for the protocols that will be standardized, in the 
>> future. So  a reference to what "AAA provides"  or to "customers who 
>> are so fond of their AAA infrastructure" appears to be in the future, 
>> optimistic tense.
>> 
>That's patently false, I fear. What chinna is referring to is the interaction
>(well defined) of Radius Authentication, Authorization and accounting
>(generally referred to as AAA) and PPP (and I expect you knew all that).
>
>That the AAA group is back to the drawing board is not the issue. The
>"customers who are so fond of their AAA infrastructure" obviously refers to
>the radius infrastructure. While chinna could have been more precise, I
>always equate them in my mind as well.
>
>I can tell you from personal experience that people want to shoehorn
>EVERYTHING into radius. They'll want this here as well (I've already gotten
>multiple requests about this). I guarantee it'll happen (or your money back).

"Back" to the drawing board?  By intent of the IESG, they haven't left 
it yet.  Up until now, AAA has been focused on requirements.  The 
charter is at http://www.ietf.org/html.charters/aaa-charter.html; to 
save you the trouble, the actions for this group are to generate 
requirements, solicit candidate protocols, compare the candidates to 
the requirements, and then decide if a new working group is needed to 
finish development of the selected candidate.  The primary requirements
drafts were only published in late April (i.e., draft-irtf-aaaarch-generic-01.txt
and draft-irtf-aaaarch-authorization-reqs-01.txt).

Yes, RADIUS -- or, more precisely, DIAMETER, which is a next-generation 
version of RADIUS, in some ways -- is a strong contender.  RADIUS per 
se just doesn't cut it.  It's also an architectural nightmare, and the 
myriad requirements for new features are one reason that it's taken AAA 
this long to reach even this point.  

RADIUS as it exists today is inadequate.  A new protocol is needed, but 
at a guess it's a year until it reaches Proposed Standard.  And we have 
yet to figure out precisely how it will deal with IPsec, IPSRA, L2TP, 
etc.

		--Steve Bellovin

Follow-Ups:

Re: Windows 2000 and Cicsco router interoperability

From: Paul Krumviede <paul@mci.net>

Prev by Date: RE: Windows 2000 and Cicsco router interoperability
Next by Date: PPP over IPSec (Re: Windows 2000 and Cicsco router interoperability)
Prev by thread: RE: Windows 2000 and Cicsco router interoperability
Next by thread: Re: Windows 2000 and Cicsco router interoperability
Index(es):
- Main
- Thread