March 2006IETF 65, Dallas1 Diameter NASreq (RFC 4005) and RADIUS Compatibility David Mitton RSA Security Inc. draft-mitton-diameter-radius-vsas-01.txt.

Slides:

Advertisements

Similar presentations

PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.

Advertisements

EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.

1 Features of IPv6 Larger Address Extended Address Hierarchy Flexible Header Format Improved Options Provision For Protocol Extension Support for Auto-configuration.

1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.

Version 1 of EAP-TTLS draft-ietf-pppext-eap-ttls-05.txt Paul Funk Funk Software.

4/1/98Common Generic RTP Payload Format 1 Common Generic RTP Payload Format Anders Klemets.

Doc.: IEEE /275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE David Halasz, Stuart Norman, Glen.

Some Thoughts on Data Representation 47th IETF AAAarch Research Group David Spence Merit Network, Inc.

Page 1 Building Reliable Component-based Systems Chapter 7 - Role-Based Component Engineering Chapter 7 Role-Based Component Engineering.

Memory Management Norman White Stern School of Business.

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 20 RADIUS and Internet Authentication Service.

CS 6401 IPv6 Outline Background Structure Deployment.

Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.

July 16, 2003AAA WG, IETF 571 AAA WG Meeting IETF 57 Vienna, Austria Wednesday, July 16,

Automatic Router Configuration Protocol (ARCP) v1.1, 18 Nov Jeb Linton, EarthLink

A RADIUS Attribute for SAML Messages draft-ietf-abfab-aaa-saml-01 ABFAB, IETF 80.

Draft-ietf-abfab-aaa-saml Josh Howlett, JANET IETF 82.

Requirements for DSML 2.0. Summary RFC 2251 fidelity Represent existing directory protocols with new transport syntax Backwards compatibility with DSML.

Aug 3, 2004AAA WG, IETF 60 San Diego1 Diameter NASReq Application Status David Mitton, Document Editor.

COMMUNICATION SYSTEMS, NETWORKS AND DIGITAL SIGNAL PROCESSING Fifth International Symposium July, 2006, Patras, Greece Security in Wireless Networks:

Doc: Submission September 2003 Dorothy Stanley (Agere Systems) IETF Liaison Report September 2003 Dorothy Stanley – Agere Systems IEEE.

Diameter Group Signaling Tuesday, July 31 st, 2012 draft-ietf-diameter-group-signaling-00 Mark Jones, Marco Liebsch IETF 84 Vancouver, Canada.

Slide 1/4 03/29/ rd IETF Paris, France, March 25-30, 2012 “EAP support in smartcards” draft-urien-eap-smartcard-22.txt.

68th IETF – OPS area – XML MIB Modules XML MIB Modules draft-stephan-ops-xml-mib-module-template-00 draft-stephan-ops-xml-mib-module-template-00.

12-July-2006IETF 66, Montreal1 Implementation Experience with a New Wireless EAP Method David Mitton RSA Security, Inc.

EAP Key Framework Draft-ietf-eap-keying-01.txt IETF 58 Minneapolis, MN Bernard Aboba Microsoft.

July 16, Diameter EAP Application (draft-ietf-aaa-eap-02.txt) on behalf of...

Draft-vandevelde-v6ops-addcon-00.txt IPv6 Unicast Address Assignment Considerations Gunter Van de Velde (editor) Tim Chown Ciprian Popoviciu IETF 65, March.

MISMO Trimester Meeting June 4 - 7, 2012 Santa Ana, CA XML, Xpath and XSLT Greg Alvord Senior Data Architect, RealEC David Krause AVP, Radian Guaranty.

EAP Extensions for EAP Re- authentication Protocol (ERP) draft-wu-hokey-rfc5296bis-01 Yang Shi Qin Wu Zhen Cao

Extended Attributes RADEXT - IETF 79 Alan DeKok FreeRADIUS Avi Lior Bridgewater.

E.Bertino, L.Matino Object-Oriented Database Systems 1 Chapter 5. Evolution Seoul National University Department of Computer Engineering OOPSLA Lab.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)

Source companies grant a free, irrevocable license to 3GPP2 and its Organizational Partners to incorporate text or other copyrightable material contained.

RADEXT WG IETF 91 Rechartering. Why? Current charter doesn’t allow us to take on new work that is waiting in the queue Has an anachronistic Diameter entanglement.

Considerations for Civic Addresses in PIDF-LO draft-wolf-civicaddresses-austria-01 IETF 71, Mar 2008, Philadelphia, PA, USA Karl Heinz Wolf Alexander Mayrhofer.

November 2005IETF 64, Vancouver, Canada1 EAP-POTP The Protected One-Time Password EAP Method Magnus Nystrom, David Mitton RSA Security, Inc.

Framework & Requirements for an Access Node Control Mechanism in Broadband Multi-Service Networks draft-ietf-ancp-framework-02.txt Presenter: Dong Sun.

ICOS BOF EAP Applicability Bernard Aboba IETF 62, Minneapolis, MN.

RADEXT WG RADIUS Attribute Guidelines Greg Weber March 21 st, 2006 IETF-65, Dallas v1 draft-weber-radius-attr-guidelines-02.txt draft-wolff-radext-ext-attribute-00.txt.

Emu wg, IETF 70 Steve Hanna, EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna,

Washinton D.C., November 2004 IETF 61 st – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-02) Gerardo.

Design Guidelines Thursday July 26, 2007 Bernard Aboba IETF 69 Chicago, IL.

Requirements and Selection Process for RADIUS Crypto-Agility December 5, 2007 David B. Nelson IETF 70 Vancouver, BC.

RADEXT WG RADIUS Attribute Guidelines Greg Weber IETF-63, Paris.

Channel Binding Support for EAP Methods Charles Clancy, Katrin Hoeper.

RADEXT WG draft-ietf-radext-ieee802ext-09 Bernard Aboba November 4, 2013 IETF 88 Please join the Jabber room:

Extended Attributes RADEXT - IETF 81 Alan DeKok FreeRADIUS Avi Lior Bridgewater.

DIME WG IETF 84 Diameter Design Guidelines draft-ietf-dime-app-design-guide-15 Tuesday, July 31, 2012 Lionel Morand.

Precision Time Protocol over MPLS draft-ronc-ptp-mpls-00.txt PWE3 WG IETF Chicago 2007 Ron Cohen

MIP6 RADIUS IETF-72 Update draft-ietf-mip6-radius-05.txt A. LiorBridgewater Systems K. ChowdhuryStarent Networks H. Tschofenig Nokia Siemens Networks.

IETF68 DIME WG Diameter Applications Design Guidelines Document (draft-fajardo-dime-app-design-guide-00.txt)

RADIUS attributes commonly used in fixed networks draft-klammorrissette-radext-very-common-vsas-00 Devasena Morrissette, Frederic Klamm, Lionel Morand.

11/20/2002IETF 55 - AAA WG, NASREQ-101 Diameter-Nasreq-10 Dave Mitton, Most recent Document Editor With Contributions from David Spence & Glen Zorn.

Jonathan Rosenberg dynamicsoft

draft-ietf-pim-join-attributes-01 draft-ietf-pim-rpf-vector-02

Informing AAA about what lower layer protocol is carrying EAP

RADEXT WG RADIUS Attribute Guidelines

Diameter NASreq (RFC 4005) and RADIUS Compatibility

August 2004 at IETF-60 Thoughts on RADIUS Data Model Issues and Some Possible New Approaches -- Including Diameter Compatibility.

Advanced QlikView Performance Tuning Techniques

Extending Option Space Discussion Overview and its requirements

RADEXT WG RADIUS Attribute Guidelines draft-weber-radius-attr-guidelines-01.txt Greg Weber November 8th, 2005 v1 IETF-64, Vancouver.

TCP Extended Option Space in the Payload of a Supplementary Segment

Migration-Issues-xx Where it’s been and might be going

RIPE October 2005 Geoff Huston APNIC

Data plane round-table Feedback

Sam hartman Painless Security IETF 80

Diameter ABFAB Application

Presentation transcript:

March 2006IETF 65, Dallas1 Diameter NASreq (RFC 4005) and RADIUS Compatibility David Mitton RSA Security Inc. draft-mitton-diameter-radius-vsas-01.txt

March 2006IETF 65, Dallas2 Overview Diameter designed to be upwards compatible with RADIUS There will be encodings in Diameter that are not expressible in RADIUS Most RADIUS attributes are supported in RFC 4005, exceptions are noted in Section 9. Difficulty arises with Vendor Specific Attributes (VSAs)

March 2006IETF 65, Dallas3 Problems RADIUS VSA typical practice involves unknown formats for sub-types and lengths. Gateway must know format to translate –RFC 4005 Section 9.6 only works for some RADIUS VSAs –Imposes limitations on Vendor type space Diameter VS AVPs must be restrained to fit into RADIUS –Diameter AVP type space larger than RADIUS suggested format –Diameter AVP data can be longer –Diameter AVPs have flags

March 2006IETF 65, Dallas4 RADIUS VSAs vs Diameter Vendor Specific AVPs Type: 8 != 32 Length: 8 != 24 RADIUS VSA format Diameter Vendor AVP format Suggested format

March 2006IETF 65, Dallas5 Goals Provide a mapping that allows bidirectional communication through a translating gateway system or bilingual server Minimize special cases and vendor specific knowledge in gateways Allow mix of Diameter and RADIUS speaking equipment and servers that don’t use different AVPs for same information

March 2006IETF 65, Dallas6 Proposal draft-mitton-diameter-radius-vsas-01.txt Translate RADIUS VSAs as Diameter AVP #26. This is NOT as described in RFC 4005 Sect 9.6 Translate Diameter VS AVPs to a new RADIUS attribute.

March 2006IETF 65, Dallas7 RADIUS VSAs as Diameter AVP 26 No transformation of attribute data – Avoids vendor specific knowledge which allows transparent pass-through Only end clients & servers need to know inner format No additional encoding overhead Length must be constrained to RADIUS limits.

March 2006IETF 65, Dallas8 Proposed RADIUS VSA to Diameter AVP 26 mapping RADIUS VSA Diameter AVP 26

March 2006IETF 65, Dallas9 Diameter Vendor Specific AVPs in a RADIUS attribute Add a new RADIUS attribute Provide fields of the proper length Define fragmentation and aggregation –Similar to EAP message attribute –Add segment number for concatenation –Suppress redundant VID and VType on non- first segment

March 2006IETF 65, Dallas10 Proposed RADIUS Diameter VS Attribute Diameter Vendor Attribute RADIUS Diameter VSA

March 2006IETF 65, Dallas11 Affects Documents: Changing Diameter Vendor Encapsulation Affects Diameter Base RFC 3588, and Diameter NAS Application RFC 4005 Specify RADIUS format of Diameter TLVs Affects RADIUS document ??? Need to make one !

March 2006IETF 65, Dallas12 Generic Diameter AVP to RADIUS Attribute While we’re at it, why not define a way to map Diameter AVPs (Type > 255) to RADIUS and vice versa. Use same format as VS mapping without Vendor stuff

March 2006IETF 65, Dallas13 Proposed RADIUS Diameter AVP Attribute Diameter Vendor Attribute RADIUS Diameter VSA

March 2006IETF 65, Dallas14 Conclusion If we get rid of the RADIUS VSAs transformation in RFC 4005 Section 9 and add AVP #26 can transit Diameter with no transformational knowledge or loss of data Add a RADIUS attribute to hold Diameter VS and regular AVPs The two vendor spaces end up independent, but can be used by either.