summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc3127.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/rfc/rfc3127.txt')
-rw-r--r--doc/rfc/rfc3127.txt4707
1 files changed, 4707 insertions, 0 deletions
diff --git a/doc/rfc/rfc3127.txt b/doc/rfc/rfc3127.txt
new file mode 100644
index 0000000..33aa145
--- /dev/null
+++ b/doc/rfc/rfc3127.txt
@@ -0,0 +1,4707 @@
+
+
+
+
+
+
+Network Working Group D. Mitton
+Request for Comments: 3127 Nortel Networks
+Category: Informational M. St.Johns
+ Rainmaker Technologies
+ S. Barkley
+ UUNET
+ D. Nelson
+ Enterasys Networks
+ B. Patil
+ Nokia
+ M. Stevens
+ Ellacoya Networks
+ B. Wolff
+ Databus Inc.
+ June 2001
+
+
+ Authentication, Authorization, and Accounting:
+ Protocol Evaluation
+
+Status of this Memo
+
+ This memo provides information for the Internet community. It does
+ not specify an Internet standard of any kind. Distribution of this
+ memo is unlimited.
+
+Copyright Notice
+
+ Copyright (C) The Internet Society (2001). All Rights Reserved.
+
+Abstract
+
+ This memo represents the process and findings of the Authentication,
+ Authorization, and Accounting Working Group (AAA WG) panel evaluating
+ protocols proposed against the AAA Network Access Requirements, RFC
+ 2989. Due to time constraints of this report, this document is not
+ as fully polished as it might have been desired. But it remains
+ mostly in this state to document the results as presented.
+
+
+
+
+
+
+
+
+
+
+
+
+
+Mitton, et al. Informational [Page 1]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+Table of Contents
+
+ 1. Process Description . . . . . . . . . . . . . . . . . . . . . .3
+ 1.1 WG Co-Chair's Note . . . . . . . . . . . . . . . . . . . . . .3
+ 1.2 Chairman's Note . . . . . . . . . . . . . . . . . . . . . . . .4
+ 1.3 Members Statements . . . . . . . . . . . . . . . . . . . . . .4
+ 1.4 Requirements Validation Process . . . . . . . . . . . . . . . .6
+ 1.5 Proposal Evaluation . . . . . . . . . . . . . . . . . . . . . .7
+ 1.6 Final Recommendations Process . . . . . . . . . . . . . . . . .7
+ 2. Protocol Proposals . . . . . . . . . . . . . . . . . . . . . . .8
+ 3. Item Level Compliance Evaluation . . . . . . . . . . . . . . . 8
+ 3.1 General Requirements . . . . . . . . . . . . . . . . . . . . . 9
+ 3.2 Authentication Requirements. . . . . . . . . . . . . . . . . .11
+ 3.3 Authorization Requirements . . . . . . . . . . . . . . . . . .12
+ 3.4 Accounting Requirements . . . . . . . . . . . . . . . . . . .12
+ 3.5 MOBILE IP Requirements . . . . . . . . . . . . . . . . . . . .13
+ 4. Protocol Evaluation Summaries . . . . . . . . . . . . . . . . .14
+ 4.1 SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
+ 4.2 Radius++ . . . . . . . . . . . . . . . . . . . . . . . . . . .14
+ 4.3 Diameter . . . . . . . . . . . . . . . . . . . . . . . . . . .14
+ 4.4 COPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
+ 4.5 Summary Recommendation . . . . . . . . . . . . . . . . . . .14
+ 5. Security Considerations . . . . . . . . . . . . . . . . . . . .14
+ 6. References . . . . . . . . . . . . . . . . . . . . . . . . . .15
+ 7. Authors' Addresses. . . . . . . . . . . . . . . . . . . . . . .15
+ A. Appendix A - Summary Evaluations . . . . . . . . . . . . . . .17
+ B. Appendix B - Review of the Requirements . . . . . . . . . . . .18
+ B.1 General Requirements. . . . . . . . . . . . . . . . . . . . . .18
+ B.2 Authentication Requirements . . . . . . . . . . . . . . . . . .19
+ B.3 Authorization Requirements. . . . . . . . . . . . . . . . . . .19
+ B.4 Accounting Requirements . . . . . . . . . . . . . . . . . . . .20
+ C. Appendix C - Position Briefs . . . . . . . . . . . . . . . . .21
+ C.1 SNMP PRO Evaluation . . . . . . . . . . . . . . . . . . . . .21
+ C.2 SNMP CON Evaluation . . . . . . . . . . . . . . . . . . . . .28
+ C.3 RADIUS+ PRO Evaluation . . . . . . . . . . . . . . . . . . . .33
+ C.4 RADIUS+ CON Evaluation . . . . . . . . . . . . . . . . . . . .37
+ C.5 Diameter PRO Evaluation . . . . . . . . . . . . . . . . . . .44
+ C.6 Diameter CON Evaluation . . . . . . . . . . . . . . . . . . .50
+ C.7 COPS PRO Evaluation . . . . . . . . . . . . . . . . . . . . .55
+ C.8 COPS CON Evaluation . . . . . . . . . . . . . . . . . . . . .59
+ D. Appendix D - Meeting Notes . . . . . . . . . . . . . . . . . .66
+ D.1 Minutes of 22-Jun-2000 Teleconference . . . . . . . . . . . .66
+ D.2 Minutes of 27-Jun-2000 Teleconference . . . . . . . . . . . .68
+ D.3 Minutes of 29-Jun-2000 Teleconference . . . . . . . . . . . .73
+ D.4 Minutes of 06-Jul-2000 Teleconference . . . . . . . . . . . .78
+ D.5 Minutes of 11-Jul-2000 Teleconference . . . . . . . . . . . .80
+ Full Copyright Statement . . . . . . . . . . . . . . . . . . . . .84
+
+
+
+
+Mitton, et al. Informational [Page 2]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+1. Process Description
+
+ Due to time constraints, the original draft of this document was
+ rushed to meet the publication deadline of the June 2000 Pittsburgh
+ meeting. Since the meeting has passed, we do not wish to
+ substantially revise the findings within this document, so that we
+ don't give the appearance of changing information after the
+ presentation. Only additional descriptions of the process,
+ formatting, layout editing and errors of fact have been corrected in
+ subsequent revisions.
+
+1.1. WG Co-Chair's Note:
+
+ After the AAA WG re-charter was approved, and the Network Access
+ Requirements document passed AAA WG Last Call, a Solicitation of
+ Protocol Submissions was issued on 4/13/2000. The Solicitation was
+ sent to the AAA WG mailing list, as well as to other IETF WG mailing
+ lists related to AAA, including NASREQ, Mobile IP, RAP, and SNMPv3.
+
+ Submissions were solicited effective immediately. Authors of
+ candidate protocols were requested to notify the AAA WG chairs of
+ their intent to submit a candidate protocol. It was suggested that
+ this notification be sent by May 1, 2000.
+
+ Protocol submissions and compliance description documents were to be
+ submitted in Internet Draft format by email to internet-
+ drafts@ietf.org. The deadline for submissions was June 1, 2000. To
+ be considered as a candidate, submissions needed to include an
+ unqualified RFC 2026 statement, as described at:
+ http://www.ietf.org/Sec10.txt
+
+ In order to assist the AAA WG in evaluating the protocol submissions
+ and compliance description documents, the AAA WG chairs then formed
+ an evaluation team, which was announced on May 20, 2000. The job of
+ the team was be to put together an Internet Draft documenting their
+ evaluation of the protocol submissions. The goal is to have a first
+ draft available prior to the July 14, 2000 submission deadline for
+ IETF 48.
+
+ In composing the evaluation draft, the evaluation team was asked to
+ draw from the protocol specifications, the compliance descriptions,
+ and other relevant documents, the Network Access Requirements
+ document, RFC 2989.
+
+ Mike St. Johns was asked to chair the evaluation team. The chairs of
+ WGs related to AAA were also invited to join the team. These
+ included Dave Mitton, co-chair of NASREQ WG, Basavaraj Patil, co-
+ chair of Mobile IP WG, and Mark Stevens, co-chair of the RAP WG.
+
+
+
+Mitton, et al. Informational [Page 3]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ Additional members of the evaluation team were chosen to represent
+ the interests of network operators as well as developers of AAA
+ client and server software.
+
+ As usual, the IESG advised the evaluation team. IESG advisors
+ included Randy Bush and Bert Wijnen, Directors of the Operations and
+ Management Area.
+
+1.2. Chairman's Note:
+
+ This document is the result of 6 weeks of intense work by the panel
+ listed below. Our mission was to evaluate the various AAA proposals
+ and provide recommendations to the AAA working group and to the IESG
+ on the viability of each of the proposals.
+
+ The evaluation process had three distinct phases. 1) Validate the
+ AAA requirements document [AAAReqts] against the base requirements
+ documents for NASREQ, MOBILEIP and ROAMOPS. 2) Evaluate each of the
+ SNMP, Radius++, Diameter and COPS proposal claims against the
+ validated requirements. 3) Provide final recommendations based on
+ side by side comparison for each proposal on a requirement by
+ requirement basis.
+
+ In general, the ONLY information the evaluators were allowed to use
+ throughout the process was that provided in the source documents (the
+ requirements document and the proposal) or documents referenced by
+ the source documents. In other words, if it wasn't written down, it
+ generally didn't exist. Our cutoff for acceptance of information was
+ 1 June 2000 - any submissions after that time were not considered in
+ the panel's deliberations.
+
+1.3. Members Statements
+
+ The group was chaired by Michael St.Johns. David Mitton was the
+ document editor. Following are the background statements and any
+ conflicts of interest from them and the rest of the panel.
+
+ Michael St. Johns, Rainmaker Technologies
+
+ I have no known conflicts of interest with respect to the AAA
+ process. I have neither advocated nor participated in the creation
+ of any of the submissions. My company is a service company (ISP) and
+ will not be involved in the manufacture or sale of AAA enabled
+ products. Other than my participation as the chair of the AAA
+ evaluation process, I have not had any contact with the AAA standards
+ process.
+
+
+
+
+
+Mitton, et al. Informational [Page 4]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ David Mitton, Nortel Networks
+
+ I have been Nasreq WG co-chair and author of several Nasreq drafts.
+ As well as, previously contributed to several RADIUS drafts.
+
+ I have been a RADIUS NAS implementor and Technical Prime on our
+ Server products, so know it extremely well. In my current job role I
+ am involved with Nortel's IP Mobility products, which support
+ Diameter.
+
+ I have written a presentation on COPS vs NASreq Requirements for a
+ Nasreq meeting, but have not implemented it, nor consider myself an
+ through expert on the subject.
+
+ Stuart Barkley, UUNET
+
+ I've been working for 5 years at UUNET on various parts of our dialup
+ network. I have extensive experience with designing, developing and
+ operating our SNMP based usage data gathering system. I've also been
+ involved in our radius based authentication and authorization systems
+ in an advisory position.
+
+ I've participated in radius/roamops/nasreq/aaa groups for the past
+ several years. I'm not an author or contributer on any of the
+ requirements or protocol documents being presented although I have
+ been peripherally involved in these working groups.
+
+ Dave Nelson, Enterasys Networks
+
+ Very active in the RADIUS WG, especially during the early years. No
+ involvement in the AAA submission. Have not contributed to the
+ development of Diameter.
+
+ No involvement with SNMPv3 or the AAA submission. David Harrington,
+ a proponent, works in a different group within my company. We have
+ not discussed the submission. No involvement with the COPS protocol.
+
+ Basavaraj Patil, Nokia
+
+ I am a contributor to the AAA requirements document (RFC 2977)
+ submitted by the Mobile IP WG. I was a member of the team that was
+ constituted to capture the Mobile IP requirements for AAA services.
+
+ As part of the co-chairing activity of the Mobile IP WG I have
+ realized the need for AAA services by Mobile IP and hence closely
+ followed the work done in the AAA WG, RADIUS, RoamOps and TR45.6.
+
+
+
+
+
+Mitton, et al. Informational [Page 5]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ My present work at Nokia does involve looking at AAA protocols (to
+ some extent at least) for use in wireless networks. I have also done
+ some work with AAA protocols such as Diameter in my previous job at
+ Nortel Networks.
+
+ Mark Stevens, Ellacoya Networks
+
+ I am the co-chair of the IETF RAP working group which is the working
+ group that has developed the COPS protocol. I have not contributed
+ to the documents describing how COPS can satisfy AAA requirements.
+
+ I participated in early AAA working group meetings, but have not been
+ an active participant since the group's rechartering. The company
+ that currently employees me builds devices might benefit from being
+ AAA enabled.
+
+ Barney Wolff, Databus Inc.
+
+ I have implemented RADIUS client, proxy and server software, under
+ contract to AT&T. That software is owned by AT&T and I have no
+ financial interest in it.
+
+ I have been a member of the RADIUS WG for several years, and consider
+ myself an advocate for RADIUS against what I consider unjustified
+ attacks on it.
+
+ I've never worked for any of the companies whose staff have produced
+ any of the proposals, although I obviously might at some future time.
+
+1.4. Requirements Validation Process
+
+ For each of the base requirements documents, the chair assigned a
+ team member to re-validate the requirement. The process was fairly
+ mechanical; the evaluator looked at what was said in [AAAReqts], and
+ verified that the references and supporting text in the basis
+ document supported the requirement in [AAAReqts] as stated. Where
+ the reference was wrong, too general, missing or otherwise did not
+ support the requirement, the evaluator either deleted or downgraded
+ the requirement. The results of that process were sent to the AAA
+ mailing list and are also included in this document in the
+ appendixes. The group's used [AAAReqts] as modified by our
+ validation findings to evaluate the AAA proposals.
+
+
+
+
+
+
+
+
+
+Mitton, et al. Informational [Page 6]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+1.5. Proposal Evaluation
+
+ For each of the four proposals, the chair assigned two panel members
+ to write evaluation briefs. One member was assigned to write a 'PRO'
+ brief and could take the most generous interpretation of the
+ proposal; he could grant benefit of doubt. The other member was
+ assigned to write a 'CON' brief and was required to use the strictest
+ criteria when doing his evaluation.
+
+ Each brief looked at each individual requirement and evaluated how
+ close the proposal came in meeting that requirement. Each item was
+ scored as one of an 'F' for failed to meet the requirement, 'P' for
+ partially meeting the requirement, or 'T' for totally meeting the
+ requirement. The proposals were scored only on the information
+ presented. This means that a particular protocol might actually meet
+ the specifics of a requirement, but if the proposal did not state,
+ describe or reference how that requirement was met, in might be
+ scored lower.
+
+ The panel met by teleconference to discuss each proposal and the PRO
+ and CON briefs. Each of the briefers discussed the high points of
+ the brief and gave his summary findings for the proposal. We then
+ discussed each individual requirement line-by-line as a group. At
+ the conclusion, the members provided their own line-by-line
+ evaluations which were used to determine the consensus evaluation for
+ the specific requirement relative to that proposal. The meeting
+ notes from those teleconferences as well as the individual briefs are
+ included in the appendixes.
+
+1.6. Final Recommendations Process
+
+ The panel met for one last time to compare the results for the four
+ proposals and to ensure we'd used consistent evaluation criteria. We
+ did a requirement by requirement discussion, then a discussion of
+ each of the protocols.
+
+ The final phase was for each member to provide his final summary
+ evaluation for each of the protocols. Each proposal was scored as
+ either Not Acceptable, Acceptable Only For Accounting, Acceptable
+ with Engineering and Fully Acceptable. Where a proposal was
+ acceptable with engineering, the member indicated whether it would be
+ a small, medium or large amount.
+
+ It should be noted that score indicated the opinion of the team
+ member. And they may have taken into consideration background
+ knowledge or additional issues not captured in the minutes presented
+ here.
+
+
+
+
+Mitton, et al. Informational [Page 7]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ Each member's scores were used within the group to develop the
+ group's consensus.
+
+2. Protocol Proposals
+
+ The following proposal documents were submitted to the AAA WG for
+ consideration by the deadline.
+
+ - SNMP:
+
+ [SNMPComp] "Comparison of SNMPv3 Against AAA Network Access
+ Requirements", Work in Progress.
+
+ - RADIUS Enhancements:
+
+ [RADComp] "Comparison of RADIUS Against AAA Network Access
+ Requirements", Work in Progress.
+
+ [RADExt] "Framework for the extension of the RADIUS(v2)
+ protocol", Work in Progress.
+
+ - Diameter
+
+ [DIAComp] "Comparison of Diameter Against AAA Network Access
+ Requirements", Work in Progress.
+
+ - COPS for AAA:
+
+ [COPSComp] "Comparison of COPS Against the AAA NA Requirements",
+ Work in Progress.
+
+ [COPSAAA] "COPS Usage for AAA", Work in Progress.
+
+3. Item Level Compliance Evaluation
+
+ For each requirement item, the group reviewed the proposal's level of
+ compliance. Where the proposal was lacking, the evaluators may have
+ made supposition on how hard it would be to resolve the problem. The
+ following shows the consensus results for each requirement item.
+
+ Key:
+ T = Total Compliance, Meets all requirements fully
+ P = Partial Compliance, Meets some requirements
+ F = Failed Compliance, Does not meet requirements acceptably
+
+ Where two are shown eg: P/T, there was a tie.
+
+
+
+
+
+Mitton, et al. Informational [Page 8]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ The sub-section numbering corresponds to the requirements document
+ section and item numbers. This relative numbering was also used in
+ the Protocol Position presentations, here in the appendices.
+
+3.1 General Requirements
+
+ 3.1.1 Scalability - SNMP:P, RADIUS:P, Diameter:T, COPS:T
+
+ SNMP was downgraded due to a lack of detail of how the current agent
+ model would be adapted to a client request based transaction. The
+ RADIUS proposal did not address the problem adequately. There are
+ open issues in all proposals with respect to webs of proxies.
+
+ 3.1.2 Fail-over - SNMP:P, RADIUS:P, Diameter:P, COPS:T/P
+
+ The group particularly noted that it didn't think any protocol did
+ well in this requirement. Insufficient work has been done to specify
+ link failure detection and primary server recovery in most
+ submissions. COPS has some mechanisms but not all. How these
+ mechanisms would work in a web of proxies has not been addressed.
+
+ 3.1.3 Mutual Authentication - SNMP:T, RADIUS:T/P, Diameter:T, COPS:T
+
+ Many of the submissions missed the point of the requirement. There
+ should be a way for the peers to authenticate each other, end-to-end,
+ or user-to-server. However, the group questions who really needs
+ this feature, and if it could be done at a different level.
+
+ Mutual authentication in RADIUS is only between hops.
+
+ 3.1.4 Transmission Level Security - SNMP:T, RADIUS:P, Diameter:T,
+ COPS:T
+
+ All protocols have methods of securing the message data.
+
+ 3.1.5 Data Object Confidentiality - SNMP:P, RADIUS:P, Diameter:T,
+ COPS:T
+
+ This requirement usually comes from third-party situations, such as
+ access outsourcing.
+
+ Diameter and COPS both use CMS formats to secure data objects. The
+ group is concerned if this method and it's support is perhaps too
+ heavy weight for NAS and some types of edge systems.
+
+
+
+
+
+
+
+Mitton, et al. Informational [Page 9]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 3.1.6 Data Object Integrity - SNMP:F, RADIUS:P, Diameter:T, COPS:T
+
+ How to guard the data object from changes was not adequately
+ described in the SNMP proposal. The RADIUS solution was not very
+ strong either.
+
+ 3.1.7 Certificate Transport - SNMP:T, RADIUS:T, Diameter:T, COPS:T
+
+ All protocols can figure out some way to transport a certificate.
+
+ 3.1.8 Reliable AAA Transport - SNMP:P, RADIUS:P, Diameter:T, COPS:T
+
+ The requirement does not give a definition of "how reliable" it must
+ be.
+
+ The SNMP and RADIUS proposals lacked in providing solutions to
+ message retransmission and recovery.
+
+ 3.1.9 Run over IPv4 - SNMP:T, RADIUS:T, Diameter:T, COPS:T
+
+ 3.1.10 Run over IPv6 - SNMP:P, RADIUS:T, Diameter:T, COPS:T
+
+ The SNMP proposal indicated that this area is still in the
+ experimental stages.
+
+ 3.1.11 Support Proxy and Routing Brokers - SNMP:F, RADIUS:P,
+ Diameter:T, COPS:P
+
+ The SNMP proposal did not address this requirement. COPS claims
+ support, but does not work through some of the issues. Diameter was
+ the only protocol that attempted to address this area to a fair
+ extent.
+
+ 3.1.12 Auditability - SNMP:F, RADIUS:F, Diameter:T, COPS:P
+
+ We treated this requirement as something like "non-repudiation".
+ There is a concern that digital signatures may be too computationally
+ expensive for some equipment, and not well deployed on those
+ platforms.
+
+ The SNMP and RADIUS proposals did not attempt to work this
+ requirement. COPS suggests that a History PIB will help solve this
+ problem but gives no description.
+
+
+
+
+
+
+
+
+Mitton, et al. Informational [Page 10]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 3.1.13 Shared Secret Not Required - SNMP:P/T, RADIUS:T, Diameter:T,
+ COPS:T
+
+ The requirement is interpreted to mean that any application level
+ security can be turned off in the presence of transport level
+ security.
+
+ Pretty much every protocol can use an enveloping secure transport
+ that would allow them not to use an internal secret.
+
+ 3.1.14 Ability to Carry Service Specific Attributes - SNMP:T,
+ RADIUS:T, Diameter:T, COPS:T
+
+3.2 Authentication Requirements
+
+ 3.2.1 NAI Support - SNMP:T, RADIUS:T, Diameter:T, COPS:T
+
+ 3.2.2 CHAP Support - SNMP:T, RADIUS:T, Diameter:T, COPS:T
+
+ 3.2.3 EAP Support - SNMP:T, RADIUS:T, Diameter:T, COPS:T
+
+ 3.2.4 PAP/Clear-text Passwords - SNMP:T, RADIUS:T, Diameter:T,
+ COPS:T
+
+ The requirement for clear-text passwords comes from one-time-password
+ systems and hard-token (SecurID) systems.
+
+ 3.2.5 Reauthentication on demand - SNMP:T, RADIUS:P, Diameter:P,
+ COPS:T
+
+ To supply this, the proposal must have asynchronous peer-to-peer
+ capabilities, and there must defined operation for such state
+ changes.
+
+ We also distinguished event-driven Reauthentication from timer-driven
+ (or lifetime-driven). Also concerned about how this would work in a
+ proxy environment.
+
+ 3.2.6 Authorization w/o Authentication - SNMP:P, RADIUS:T/P,
+ Diameter:T, COPS:T
+
+ This requirement really means authorization with trivial
+ authentications (e.g. by assertion or knowledge).
+
+
+
+
+
+
+
+
+Mitton, et al. Informational [Page 11]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+3.3 Authorization Requirements
+
+ 3.3.1 Static and Dynamic IP Addr Assignment - SNMP:P/F, RADIUS:T,
+ Diameter:T, COPS:T
+
+ There is difficulty in interpreting what is static or dynamic with
+ respect to the viewpoint of the client, server, administrator or
+ user.
+
+ 3.3.2 RADIUS Gateway Capability - SNMP:P, RADIUS:P, Diameter:T/P,
+ COPS:P
+
+ It was noted that any new capability in a new AAA protocol would not
+ be able to map directly back to RADIUS. But this is already a
+ problem within a RADIUS environment.
+
+ 3.3.3 Reject Capability - SNMP:T/P/F, RADIUS:T, Diameter:T, COPS:P
+
+ 3.3.4 Preclude Layer 2 Tunneling - SNMP:F, RADIUS:T, Diameter:T,
+ COPS:T
+
+ 3.3.5 Reauthorization on Demand - SNMP:P/F, RADIUS:P, Diameter:T/P,
+ COPS:T
+
+ Some evaluators wondered how the server will know that re-
+ authorization is supposed to be done? Will it interface to something
+ external, or have sufficient internals?
+
+ 3.3.6 Support for Access Rules & Filters - SNMP:P, RADIUS:P,
+ Diameter:P, COPS:T/P
+
+ Only the Diameter proposal actually tackled this issue, but the group
+ felt that the rules as designed were too weak to be useful. There
+ was also concern about standardizing syntax without defining
+ semantics.
+
+ 3.3.7 State Reconciliation - SNMP:F, RADIUS:P/F, Diameter:P, COPS:T/P
+
+ All of the protocols were weak to non-existent on specifying how this
+ would be done in a web of proxies situation.
+
+ 3.3.8 Unsolicited Disconnect - SNMP:T, RADIUS:P, Diameter:T, COPS:T
+
+3.4 Accounting Requirements
+
+ 3.4.1 Real Time Accounting - SNMP:T, RADIUS:T, Diameter:T, COPS:T
+
+
+
+
+
+Mitton, et al. Informational [Page 12]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 3.4.2 Mandatory Compact Encoding - SNMP:T, RADIUS:T, Diameter:T,
+ COPS:T
+
+ 3.4.3 Accounting Record Extensibility - SNMP:T, RADIUS:T,
+ Diameter:T, COPS:T
+
+ 3.4.4 Batch Accounting - SNMP:T, RADIUS:F, Diameter:P, COPS:P
+
+ Some members of the group are not sure how this fits into the rest of
+ the AAA protocol, which is primarily real-time and event driven.
+ Would this be better met with FTP?
+
+ 3.4.5 Guaranteed Delivery - SNMP:T, RADIUS:T, Diameter:T, COPS:T
+
+ 3.4.6 Accounting Timestamps - SNMP:T, RADIUS:T, Diameter:T,
+ COPS:T
+
+ 3.4.7 Dynamic Accounting - SNMP:T, RADIUS:T, Diameter:T, COPS:T
+
+3.5 MOBILE IP Requirements
+
+ 3.5.1 Encoding of MOBILE IP Registration Messages - SNMP:T,
+ RADIUS:T/P, Diameter:T, COPS:T
+
+ 3.5.2 Firewall Friendly - SNMP:F, RADIUS:T, Diameter:P, COPS:P
+
+ There was considerable discussion about what it means to be "firewall
+ friendly". It was suggested that not making the firewall look into
+ packets much beyond the application port number. Protocols such as
+ SNMP and COPS are at a disadvantage, as you must look far into the
+ packet to understand the intended operation. Diameter will have the
+ disadvantage of SCTP, which is not well deployed or recognized at the
+ moment.
+
+ SNMP and COPS also have the problem that they are used for other
+ types of operations than just AAA.
+
+ Should firewalls have AAA Proxy engines?
+
+ We didn't look at "NAT friendly" issues either.
+
+ COPS:T
+
+ The group is not clear on how this requirement impacts the actual
+ protocol. Raj explained it to us, but we mostly took it on faith.
+
+
+
+
+
+
+Mitton, et al. Informational [Page 13]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+4. Protocol Evaluation Summaries
+
+4.1. SNMP
+
+ SNMP is generally not acceptable as a general AAA protocol. There
+ may be some utility in its use for accounting, but the amount of
+ engineering to turn it into a viable A&A protocol argues against
+ further consideration.
+
+4.2. Radius++
+
+ Radius++ is not considered acceptable as an AAA protocol. There is a
+ fairly substantial amount of engineering required to make it meet all
+ requirements, and that engineering would most likely result in
+ something close to the functionality of Diameter.
+
+4.3. Diameter
+
+ Diameter is considered acceptable as an AAA protocol. There is some
+ minor engineering required to bring it into complete compliance with
+ the requirements but well within short term capabilities. Diameter
+ might also benefit from the inclusion of a broader data model ala
+ COPS.
+
+4.4. COPS
+
+ COPS is considered acceptable as an AAA protocol. There is some
+ minor to medium engineering required to bring it into complete
+ compliance with the requirements.
+
+4.5. Summary Recommendation
+
+ The panel expresses a slight preference for Diameter based on the
+ perception that the work for Diameter is further along than for COPS.
+ However, using SCTP as the transport mechanism for Diameter places
+ SCTP on the critical path for Diameter. This may ultimately result
+ in COPS being a faster approach if SCTP is delayed in any way.
+
+5. Security Considerations
+
+ AAA protocols enforce the security of access to the Internet. The
+ design of these protocols and this evaluation process took many
+ security requirements as critical issues for evaluation. A candidate
+ protocol must meet the security requirements as documented, and must
+ be engineered and reviewed properly as developed and deployed.
+
+
+
+
+
+
+Mitton, et al. Informational [Page 14]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+6. References
+
+ [AAAReqts] Aboba, B., Clahoun, P., Glass, S., Hiller, T., McCann, P.,
+ Shiino, H., Walsh, P., Zorn, G., Dommety, G., Perkins, C.,
+ Patil, B., Mitton, D., Manning, S., Beadles, M., Chen, X.,
+ Sivalingham, S., Hameed, A., Munson, M., Jacobs, S., Lim,
+ B., Hirschman, B., Hsu, R., Koo, H., Lipford, M.,
+ Campbell, E., Xu, Y., Baba, S. and E. Jaques, "Criteria
+ for Evaluating AAA Protocols for Network Access", RFC
+ 2989, April 2000.
+
+ [AAAComp] Ekstein, TJoens, Sales and Paridaens, "AAA Protocols:
+ Comparison between RADIUS, Diameter and COPS", Work in
+ Progress.
+
+ [SNMPComp] Natale, "Comparison of SNMPv3 Against AAA Network Access
+ Requirements", Work in Progress.
+
+ [RADComp] TJoens and DeVries, "Comparison of RADIUS Against AAA
+ Network Access Requirements", Work in Progress.
+
+ [RADExt] TJoens, Ekstein and DeVries, "Framework for the extension
+ of the RADIUS (v2) protocol", Work in Progress,
+
+ [DIAComp] Calhoun, "Comparison of Diameter Against AAA Network
+ Access Requirements", Work in Progress.
+
+ [COPSComp] Khosravi, Durham and Walker, "Comparison of COPS Against
+ the AAA NA Requirements", Work in Progress.
+
+ [COPSAAA] Durham, Khosravi, Weiss and Filename, "COPS Usage for
+ AAA", Work in Progress.
+
+7. Authors' Addresses
+
+ David Mitton
+ Nortel Networks
+ 880 Technology Park Drive
+ Billerica, MA 01821
+
+ Phone: 978-288-4570
+ EMail: dmitton@nortelnetworks.com
+
+
+
+
+
+
+
+
+
+Mitton, et al. Informational [Page 15]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ Michael StJohns
+ Rainmaker Technologies
+ 19050 Pruneridge Ave, Suite 150
+ Cupertino, CA 95014
+
+ Phone: 408-861-9550 x5735
+ EMail: stjohns@rainmakertechnologies.com
+
+ Stuart Barkley
+ UUNET
+ F1-1-612
+ 22001 Loudoun County Parkway
+ Ashburn, VA 20147 US
+
+ Phone: 703-886-5645
+ EMail: stuartb@uu.net
+
+ David B. Nelson
+ Enterasys Networks, Inc. (a Cabletron Systems company)
+ 50 Minuteman Road
+ Andover, MA 01810-1008
+
+ Phone: 978-684-1330
+ EMail: dnelson@enterasys.com
+
+ Basavaraj Patil
+ Nokia
+ 6000 Connection Dr.
+ Irving, TX 75039
+
+ Phone: +1 972-894-6709
+ EMail: Basavaraj.Patil@nokia.com
+
+ Mark Stevens
+ Ellacoya Networks
+ 7 Henry Clay Drive
+ Merrimack, NH 03054
+
+ Phone: 603-577-5544 ext. 325
+ EMail: mstevens@ellacoya.com
+
+ Barney Wolff, Pres.
+ Databus Inc.
+ 15 Victor Drive
+ Irvington, NY 10533-1919 USA
+
+ Phone: 914-591-5677
+ EMail: barney@databus.com
+
+
+
+Mitton, et al. Informational [Page 16]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+Appendix A - Summary Evaluations Consensus Results by Requirement
+ and Protocol
+
+ Requirement Section SNMP Radius++ Diameter COPS
+ 1.1.1 P P T T
+ 1.1.2 P P P T/P
+ 1.1.3 T T/P T T
+ 1.1.4 T P T T
+ 1.1.5 P P T T
+ 1.1.6 F P T T
+ 1.1.7 T T T T
+ 1.1.8 P P T T
+ 1.1.9 T T T T
+ 1.1.10 P T T T
+ 1.1.11 F P T P
+ 1.1.12 F F T P
+ 1.1.13 P/T T T T
+ 1.1.14 T T T T
+
+ 1.2.1 T T T T
+ 1.2.2 T T T T
+ 1.2.3 T T T T
+ 1.2.4 T T T T
+ 1.2.5 T P P T
+ 1.2.6 P T/P T T
+
+ 1.3.1 P/F T T T
+ 1.3.2 P T T/P P
+ 1.3.3 T/P/F T T P
+ 1.3.4 F T T T
+ 1.3.5 P/F P T/P T
+ 1.3.6 P P P T/P
+ 1.3.7 F P/F P T/P
+ 1.3.8 T P T T
+
+ 1.4.1 T T T T
+ 1.4.2 T T T T
+ 1.4.3 T T T T
+ 1.4.4 T F P P
+ 1.4.5 T T T T
+ 1.4.6 T T T T
+ 1.4.7 T T T T
+
+ 1.5.1 T T/P T T
+ 1.5.2 F T P P
+ 1.5.3 F P T T
+
+
+
+
+
+Mitton, et al. Informational [Page 17]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+Appendix B - Review of the Requirements
+
+ Comments from the Panel on then work in progress, "Criteria for
+ Evaluating AAA Protocols for Network Access" now revised and
+ published as RFC 2989. This became the group standard interpretation
+ of the requirements at the time.
+
+B.1 General Requirements
+
+ Scalability - In clarification [a], delete "and tens of thousands of
+ simultaneous requests." This does not appear to be supported by any
+ of the three base documents.
+
+ Transmission level security - [Table] Delete the ROAMOPS "M" and
+ footnote "6". This appears to be an over generalization of the
+ roaming protocol requirement not necessarily applicable to AAA.
+
+ Data object confidentiality - [Table] Delete the MOBILE IP "S" and
+ footnote "33". The base document text does not appear to support
+ this requirement.
+
+ Reliable AAA transport mechanism - In clarification [h] delete
+ everything after the "...packet loss" and replace with a ".". The
+ requirements listed here are not necessarily supported by the base
+ document and could be mistakenly taken as requirements for the AAA
+ protocol in their entirety.
+
+ Run over IPv4 - [Table] Replace the MOBILE IP footnote "17" with
+ footnote "33". This appears to be a incorrect reference.
+
+ Run over IPv6 - [Table] Replace the MOBILE IP footnote "18" with a
+ footnote pointing to section 8 of [8]. This appears to be an
+ incorrect reference.
+
+ Auditability - Clarification [j] does not appear to coincide with the
+ NASREQ meaning of Auditability. Given that NASREQ is the only
+ protocol with an auditability requirement, this section should be
+ aligned with that meaning.
+
+ Shared secret not required - [Table] General - This section is
+ misleadingly labeled. Our team has chosen to interpret it as
+ specified in clarification [k] rather than any of the possible
+ interpretations of "shared secret not required". We recommend the
+ tag in the table be replaced with "Dual App and Transport Security
+ Not Required" or something at least somewhat descriptive of [k].
+ Delete the NASREQ "S" and footnote "28" as not supported by the
+ NASREQ document. Delete the MOBILE IP "O" and footnotes "34" and 39"
+ as not supported.
+
+
+
+Mitton, et al. Informational [Page 18]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+B.2 Authentication Requirements
+
+ NAI Support - [Table] Replace MOBILE IP footnote "38" with "39".
+ This appears to be a more appropriate reference.
+
+ CHAP Support - [Table] Delete MOBILE IP "O" as unsupported.
+
+ EAP Support - [Table] Delete MOBILE IP "O" as unsupported.
+
+ PAP/Clear-Text Support - [Table] Replace NASREQ footnote "10" with
+ "26" as being more appropriate. Replace ROAMOPS "B" with "O". The
+ reference text appears to not explicitly ban this and specifically
+ references clear text for OTP applications. Delete MOBILE IP "O" as
+ unsupported.
+
+ Re-authentication on demand - Clarification [e] appears to go beyond
+ the requirements in NASREQ and MOBILE IP. [Table] Delete MOBILE IP
+ footnote "30" as inapplicable.
+
+ Authorization Only without Authentication - Clarification [f] does
+ not include all NASREQ requirements, specifically that unneeded
+ credentials MUST NOT be required to be filled in. Given that there
+ are no other base requirements (after deleting the MOBILE IP
+ requirement) we recommend that clarification [f] be brought in line
+ with NASREQ. [Table] Delete MOBILE IP "O" and footnote "30". The
+ referenced text does not appear to support the requirement.
+
+B.3 Authorization Requirements
+
+ Static and Dynamic... - Clarification [a] appears to use a
+ particularly strange definition of static and dynamic addressing.
+ Recommend clarification here identifying who (e.g. client or server)
+ thinks address is static/dynamic. [Table] ROAMOPS "M" appears to be
+ a derived requirement instead of directly called out. The footnote
+ "1" should be changed to "5" as being more appropriate. A text
+ clarification should be added to this document identifying the
+ derived requirement.
+
+ RADIUS Gateway capability - [Table] Delete the MOBILE IP "O" and
+ footnote "30". The referenced text does not appear to support the
+ requirement.
+
+ Reject capability - [Table] Delete the NASREQ "M" and footnote "12".
+ The NASREQ document does not appear to require this capability.
+
+
+
+
+
+
+
+Mitton, et al. Informational [Page 19]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ Reauthorization on Demand - [Table] Delete the MOBILE IP "S" and
+ footnotes "30,33" The referenced text does not support this
+ requirement.
+
+ Support for Access Rules... - Clarification [e] has a overbroad list
+ of requirements. NASREQ only requires 5-8 on the list, and as The
+ MOBILE IP requirement is not supported by its references, this
+ clarification should match NASREQ requirements. [Table] Delete the
+ MOBILE IP "O" and footnotes "30,37" as not supported.
+
+ State Reconciliation - Clarification [f] should be brought in line
+ with NASREQ requirements. The clarification imposes overbroad
+ requirements not required by NASREQ and NASREQ is the only service
+ with requirements in this area.
+
+B.4 Accounting Requirements
+
+ Real-Time accounting - [Table] Replace MOBILE IP footnote [39] with a
+ footnote pointing to section 3.1 of [3] as being more appropriate.
+
+ Mandatory Compact Encoding - [Table] Delete MOBILE IP "M" and
+ footnote "33" as the reference does not support the requirement.
+
+ Accounting Record Extensibility - [Table] Delete NASREQ "M" and
+ footnote "15" as the reference does not support the requirement.
+
+ Accounting Time Stamps - [Table] Delete MOBILE IP "S" and footnote
+ "30" as they don't support the requirement. Replace MOBILE IP
+ footnote "40" with a footnote pointing to section 3.1 of [3] as being
+ more appropriate.
+
+ Dynamic Accounting - [Table] Replace the NASREQ footnote "18" with a
+ footnote pointing to section 8.4.1.5 of [3]. Delete the MOBILE IP
+ "S" and footnote "30" as the reference does not support the
+ requirement.
+
+ Footnote section.
+
+ [40] should be pointing to 6.1 of [4].
+ [41] should be pointing to 6.2.2 of [4].
+ [45] should be pointing to 6.4 of [4].
+ [46] should be pointing to 8 of [4].
+
+
+
+
+
+
+
+
+
+Mitton, et al. Informational [Page 20]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+Appendix C - Position Briefs
+
+C.1 SNMP PRO Evaluation
+
+ Evaluation of SNMP AAA Requirements
+ PRO Evaluation
+ Evaluator - Stuart Barkley
+
+ Ref [1] is "Comparison of SNMPv3 Against AAA Network Access
+ Requirements", aka 'the document'
+ Ref [2] is the aaa eval criteria as modified by us, aka 'the
+ requirements'
+
+ The document uses T to indicate total compliance, P to indicate
+ partial compliance and F to indicate no compliance. For each section
+ I've indicated my grade for the section. If there is a change, I've
+ indicated that and the grade given by the authors.
+
+ 1 Per item discussion
+
+ 1.1 General Requirements
+
+ 1.1.1 Scalability - Grade T
+
+ The document indicates that SNMP can adequately handle that scale
+ from the requirements document. Since most current uses are ppp
+ connections and SNMP is already capable of handling the interface
+ table and other per session tables it is clear that basic capacity
+ exists. Additions to support other tables and variables scales in a
+ simple linear fashion with the number of additional variables and
+ protocol interactions. Regardless of the final selected protocol
+ handling the scaling required is not a trivial undertaking. SNMP can
+ draw upon existing network management practices to assist in this
+ implementation.
+
+ 1.1.2 Fail-over - Grade T
+
+ SNMP is of vital importance to the operation of most networks.
+ Existing infrastructures can handle required failover or other
+ redundant operations.
+
+ 1.1.3 Mutual Authentication - Grade T
+
+ The use of shared secrets described in the document is a well
+ understood method of integrity control. Although shared secrets
+ don't necessarily provide full authentication since other parties may
+ also have the same secrets, the level of authentication is sufficient
+ for the task at hand. In many cases the SNMP infrastructure will
+
+
+
+Mitton, et al. Informational [Page 21]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ already exist and shared secrets should already be properly managed
+ on an operational network. A failure of the SNMP shared secret
+ approach regardless of the AAA protocol will likely leave equipment
+ and systems open to substantial misuse bypassing any more elaborate
+ AAA authentication.
+
+ 1.1.4 Transmission Level Security - Grade T
+
+ SNMPv3 provides many additional security options which were not
+ available or were more controversial in previous SNMP versions.
+
+ 1.1.5 Data Object Confidentiality - New Grade P (from T)
+
+ The document discusses SNMPv3 which can provide data confidentially
+ for data passing over the wire. There is substantial implied AAA
+ architecture (brokers and proxies) in the requirements that full
+ conformance is difficult to determine. In particular, the evaluator
+ has difficulty with the concept of "the target AAA entity for whom
+ the data is ultimately destined", but will concede that the desired
+ requirement is only partially met (most especially with the transfer
+ of a PAP password).
+
+ 1.1.6 Data Object Integrity - New Grade T (from P)
+
+ SNMP has full capabilities that allow the authentication of the data.
+ Brokers, proxies or other intermediaries in the data chain can verify
+ the source of the information and determine that the data has not
+ been tampered with. The document downgrades the grade to P because
+ of confusion over the integrity checking role of intermediaries.
+
+ 1.1.7 Certificate Transport - Grade T
+
+ The requirements require the capability of transporting certificates
+ but do not have any specific use for the certificates. The
+ requirements make assumptions that the protocol selected will be
+ dependent upon certificates, but this is not necessarily true. SNMP
+ can transport arbitrary objects and can transport certificates if
+ necessary. The document indicates some issues with size of
+ certificates and current maximum practical data sizes, however if the
+ compact encoding requirement extends to the internal certificate
+ information this should be less of an issue.
+
+ 1.1.8 Reliable AAA Transport - New Grade T (from P)
+
+ The requirements is stated rather strongly and makes substantial
+ assumptions of AAA protocol architecture and based upon current
+ protocols and their failings. SNMP allows for great flexibility in
+ retransmission schemes depending upon the importance of the data.
+
+
+
+Mitton, et al. Informational [Page 22]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.1.9 Run over IPv4 - Grade T
+
+ SNMP has operated in this mode for many years.
+
+ 1.1.10 Run over IPv6 - New Grade T (from P)
+
+ SNMP must support IPv6 for many other systems so support for this
+ should be possible by the time the requirement becomes effective.
+ The document indicates that experimental versions satisfying this
+ requirement are already in existence.
+
+ 1.1.11 Support Proxy and Routing Brokers - New Grade T (from P)
+
+ The requirements make significant assumptions about the final
+ architecture. It is well within the capabilities of SNMP to provide
+ intermediaries which channel data flows between multiple parties.
+ The document downgrades SNMPs compliance with this requirement due to
+ issues which are covered more specifically under "Data Object
+ Confidentially" which the evaluator has downgraded to P.
+
+ 1.1.12 Auditability - New Grade T (from F)
+
+ Data flows inside SNMP are easily auditable by having secondary data
+ flows established which provide copies of all information to
+ auxiliary servers. The document grades this as a failure, but this
+ support is only minor additions within a more fully fleshed out set
+ of data flows.
+
+ 1.1.13 Shared Secret Not Required - Grade T
+
+ Shared secrets are not required by SNMP. They are desirable in many
+ instances where a lower level does not provide the necessary
+ capabilities. The document supplies pointers to various security
+ modes available.
+
+ 1.1.14 Ability to Carry Service Specific Attributes - Grade T
+
+ SNMP has long had the ability for other parties to create new
+ unambiguous attributes.
+
+ 1.2 Authentication Requirements
+
+ 1.2.1 NAI Support - Grade T
+
+ SNMP easily supports this. NAIs were defined to be easily carried in
+ existing protocols.
+
+
+
+
+
+Mitton, et al. Informational [Page 23]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.2.2 CHAP Support - Grade T
+
+ SNMP can easily provide objects to pass the necessary information for
+ CHAP operation.
+
+ 1.2.3 EAP Support - New Grade T (from P)
+
+ SNMP can easily provide objects to pass the necessary information for
+ EAP operation. As with CHAP or PAP MIB objects can be created to
+ control this operation thus the upgrade from the document grade.
+
+ 1.2.4 PAP/Clear-text Passwords - New Grade P (from T)
+
+ SNMP can easily provide objects to pass the necessary information for
+ PAP operation. The requirement about non-disclosure of clear text
+ passwords make assumptions about the protocol implementation. The
+ choice to use clear text passwords is inherently insecure and forced
+ protocol architecture don't really cover this. This requirement
+ grade is downgraded to P (partial) because the document does not
+ really address the confidentially of the data at application proxies.
+
+ 1.2.5 Reauthorization on demand - Grade T
+
+ SNMP can easily provide objects to control this operation.
+
+ 1.2.6 Authorization w/o Authentication - New Grade T (from T)
+
+ The document makes an incorrect interpretation of this requirement.
+ However, SNMP makes no restriction which prevents to desired
+ requirements. No actual change of grade is necessary, since both the
+ actual requirements and the incorrect interpretation are satisfied by
+ SNMP.
+
+ 1.3 Authorization Requirements
+
+ 1.3.1 Static and Dynamic IP Addr Assignment - Grade T
+
+ SNMP can easily provide objects to control this operation.
+
+ 1.3.2 RADIUS Gateway Capability - Grade T
+
+ As the document describes, with the addition of any necessary
+ compatibility variables SNMP can be gatewayed to RADIUS applications.
+
+
+
+
+
+
+
+
+Mitton, et al. Informational [Page 24]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.3.3 Reject Capability - Grade T
+
+ Any of the active components in the SNMP based structure could decide
+ to reject and authentication request for any reason. Due to mixing
+ different levels of requirements the document doesn't attempt to
+ directly address this, instead indicating that a higher level
+ application can cause this operation.
+
+ 1.3.4 Preclude Layer 2 Tunneling - New Grade T (from ?)
+
+ Nothing in SNMP explicitly interacts with the selection of any
+ tunneling mechanisms the client may select. The document author was
+ unclear about the needs here.
+
+ 1.3.5 Reauth on Demand - Grade T
+
+ SNMP can easily provide objects to control this operation.
+
+ 1.3.6 Support for ACLs - Grade T
+
+ The document indicates that should it be desired SNMP can provide
+ objects to control these operations. In addition, active components
+ can apply substantial further configurable access controls.
+
+ 1.3.7 State Reconciliation - Grade T
+
+ The requirements describe an over broad set of required capabilities.
+ The document indicates concern over incompatibilities in the
+ requirements, however SNMP can provide methods to allow active
+ components to reacquire lost state information. These capabilities
+ directly interact with scalability concerns and care needs to be
+ taken when expecting this requirement to be met at the same time as
+ the scalability requirements.
+
+ 1.3.8 Unsolicited Disconnect - Grade T
+
+ The document indicates that SNMP can easily provide objects to
+ control this operation.
+
+ 1.4 Accounting Requirements
+
+ 1.4.1 Real Time Accounting - Grade T
+
+ SNMP can provide this mode of operation. The document outlines
+ methods both fully within SNMP and using SNMP to interface with other
+ transfer methods. Many providers already use SNMP for real time
+
+
+
+
+
+Mitton, et al. Informational [Page 25]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ notification of other network events. This capability can directly
+ interact with scalability concerns and implementation care needs to
+ be taken to make this properly interact is large scale environments.
+
+ 1.4.2 Mandatory Compact Encoding - Grade T
+
+ The document indicates the possibility of controlling external
+ protocols to handle data transmissions where the BER encoding of SNMP
+ objects would be considered excessive. SNMP BER encoded protocol
+ elements are generally in a fairly compact encoding form compared
+ with text based forms (as used in some existing radius log file
+ implementations). This interacts with the general requirement for
+ carrying service specific attributes and the accounting requirement
+ for extensibility. With careful MIB design and future work on SNMP
+ payload compression the SNMP coding overhead can be comparable with
+ other less extensible protocols.
+
+ 1.4.3 Accounting Record Extensibility - Grade T
+
+ SNMP has a strong tradition of allowing vendor specific data objects
+ to be transferred.
+
+ 1.4.4 Batch Accounting - Grade T
+
+ There are many methods which a SNMP based system could use for batch
+ accounting. The document discusses SNMP parameters to control the
+ batching process and indicates that certain existing MIBs contain
+ examples of implementation strategies. SNMP log tables can provide
+ accounting information which can be obtained in many methods not
+ directly related to real time capabilities. The underlying system
+ buffering requirements are similar regardless of the protocol used to
+ transport the information.
+
+ 1.4.5 Guaranteed Delivery - Grade T
+
+ SNMP is very amenable to providing guaranteed delivery. Particularly
+ in a pull model (versus the often assumed push model) the data
+ gatherer can absolutely know that all data has been transfered. In
+ the common push model the data receiver does not know if the
+ originator of the data is having problems delivering the data.
+
+ 1.4.6 Accounting Timestamps - Grade T
+
+ Timestamps are used for many SNMP based operations. The document
+ points at the DateAndTime textual convention which is available for
+ use. As with all environments the timestamps accuracy needs
+ evaluation before the information should be relied upon.
+
+
+
+
+Mitton, et al. Informational [Page 26]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.4.7 Dynamic Accounting - Grade T
+
+ As long as there is some way to relate multiple records together
+ there are no problems resolving multiple records for the same
+ session. This interacts with the scalability requirement and care
+ must be taken when implementing a system with both of these
+ requirements.
+
+ 1.5 MOBILE IP Requirements
+
+ 1.5.1 Encoding of MOBILE IP Registration Messages - Grade T
+
+ SNMP can easily provide objects to transfer this information.
+
+ 1.5.2 Firewall Friendly - New Grade T (from P)
+
+ SNMP is already deployed in many operational networks. SNMPv3
+ addresses most concerns people had with the operation of previous
+ versions. True SNMPv3 proxies (as opposed to AAA proxies) should
+ become commonplace components in firewalls for those organizations
+ which require firewalls.
+
+ 1.5.3 Allocation of Local Home Agent - New Grade T (from ?)
+
+ SNMP is not concerned with the LHA. This can be under control of the
+ Local network to meet its needs.
+
+ 2. Summary Discussion
+
+ SNMP appears to meet most stated requirements. The areas where the
+ SNMP proposal falls short are areas where specific AAA architectures
+ are envisioned and requirements based upon that architecture are
+ specified.
+
+ Scaling of the protocol family is vital to success of a AAA suite.
+ The SNMP protocol has proved scalable in existing network management
+ and other high volume data transfer operations. Care needs to be
+ taken in the design of a large scale system to ensure meeting the
+ desired level of service, but this is true of any large scale
+ project.
+
+ 3. General Requirements
+
+ SNMP is well understood and already supported in many ISP and other
+ operational environments. Trust models already exist in many cases
+ and can be adapted to provide the necessary access controls needed by
+ the AAA protocols. Important issues with previous versions of SNMP
+ have been corrected in the current SNMPv3 specification.
+
+
+
+Mitton, et al. Informational [Page 27]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ The SNMP proposal is silent on the specific data variables and
+ message types to be implemented. This is largely due to the
+ requirements not specifying the necessary data elements and the time
+ constraints in extracting that information from the base document
+ set. Such a data model is necessary regardless of the ultimate
+ protocol selected.
+
+ 4. Summary Recommendation
+
+ SNMP appears to fully meet all necessary requirements for the full
+ AAA protocol family.
+
+C.2 SNMP CON Evaluation
+
+ Evaluation of SNMP AAA Requirements
+ CON Evaluation
+ Evaluator - Michael StJohns
+
+ Ref [1] is "Comparison of SNMPv3 Against AAA Network Access
+ Requirements", aka 'the document'
+ Ref [2] is the aaa eval criteria as modified by us.
+
+ The document uses T to indicate total compliance, P to indicate
+ partial compliance and F to indicate no compliance. For each section
+ I've indicated my grade for the section. If there is no change, I've
+ indicated that and the grade given by the authors.
+
+ Section 1 - Per item discussion
+
+ 1.1 General Requirements
+
+ 1.1.1 Scalability - Although the document indicates compliance with
+ the requirement, its unclear how SNMP actually meets those
+ requirements. The document neither discusses how SNMP will scale,
+ nor provides applicable references. The argument that there is an
+ existence proof given the deployed SNMP systems appears to assume
+ that one manager contacting many agents maps to many agents (running
+ AAA) contacting one AAA server. A server driven system has
+ substantially different scaling properties than a client driven
+ system and SNMP is most definitely a server (manager) driven system.
+ Eval - F
+
+ 1.1.2 Fail-over - The document indicates the use of application level
+ time outs to provide this mechanism, rather than the mechanism being
+ a characteristic of the proposed protocol. The protocol provides
+ only partial compliance with the requirement. Eval - P
+
+
+
+
+
+Mitton, et al. Informational [Page 28]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.1.3 Mutual Authentication - There is some slight handwaving here,
+ but the protocol's USM mode should be able to support this
+ requirement. Eval - No Change (T)
+
+ 1.1.4 Transmission Level Security - The authors should elaborate on
+ the specific use of the SNMPv3 modes to support these requirements,
+ but the text is minimally acceptable. Eval - No Change (T)
+
+ 1.1.5 Data Object Confidentiality - The authors describe a mechanism
+ which does not appear to completely meet the requirement. VACM is a
+ mechanism for an end system (agent) to control access to its data
+ based on manager characteristics. This mechanism does not appear to
+ map well to this requirement. Eval - P
+
+ 1.1.6 Data Object Integrity - There appears to be some handwaving
+ going on here. Again, SNMP does not appear to be a good match to
+ this requirement due to at least in part a lack of a proxy
+ intermediary concept within SNMP. Eval - F
+
+ 1.1.7 Certificate Transport - The document does indicate compliance,
+ but notes that optimization might argue for use of specialized
+ protocols. Eval - No Change (T)
+
+ 1.1.8 Reliable AAA Transport - The document indicates some confusion
+ with the exact extent of this requirement. Given the modifications
+ suggested by the eval group to the explanatory text in [2] for the
+ related annotation, the point by point explanatory text is not
+ required. The document does indicate that the use of SNMP is
+ irrespective of the underlying transport and the support of this
+ requirement is related at least partially to the choice of transport.
+ However, SNMP over UDP - the most common mode for SNMP - does not
+ meet this requirement. Eval - No Change (P)
+
+ 1.1.9 Run over IPv4 - While the evaluator agrees that SNMPv3 runs
+ over V4, the authors need to point to some sort of reference. Eval -
+ No Change (T)
+
+ 1.1.10 Run over IPv6 - The document indicates both experimental
+ implementations and future standardization of SNMPv3 over IPv6. Eval
+ - No Change (P)
+
+ 1.1.11 Support Proxy and Routing Brokers - The section of the
+ document (5.5.3) that, by title, should have the discussion of SNMP
+ proxy is marked as TBD. The section notes that the inability to
+ completely comply with the data object confidentiality and integrity
+ requirements might affect the compliance of this section and the
+ evaluator agrees. Eval - F
+
+
+
+
+Mitton, et al. Informational [Page 29]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.1.12 Auditability - The document indicates no compliance with this
+ requirement. Eval - No Change (F)
+
+ 1.1.13 Shared Secret Not Required - Slight handwaving here, but
+ SNMPv3 does not necessarily require use of its security services if
+ other security services are available. However, the interaction with
+ VACM in the absence of USM is not fully described and may not have
+ good characteristics related to this requirement. Eval - P
+
+ 1.1.14 Ability to Carry Service Specific Attributes - SNMP complies
+ via the use of MIBs. Eval - No Change (T)
+
+ 1.2 Authentication Requirements
+
+ 1.2.1 NAI Support - The document indicates that MIB objects can be
+ created to meet this requirement, but gives no further information.
+ Eval - P
+
+ 1.2.2 CHAP Support - The document indicates that MIB objects can be
+ created to meet this requirement, but gives no further information.
+ Given the normal CHAP model, its unclear exactly how this would work.
+ Eval - F
+
+ 1.2.3 EAP Support - The document notes that EAP payloads can be
+ carried as specific MIB objects, but also notes that further design
+ work would be needed to fully incorporate EAP. Eval - No Change (P)
+
+ 1.2.4 PAP/Clear-text Passwords - The document notes the use of MIB
+ objects to carry the clear text passwords and the protection of those
+ objects under normal SNMPv3 security mechanisms. Eval - No Change
+ (T)
+
+ 1.2.5 Reauthorization on demand - While there's some handwaving here,
+ its clear that the specific applications can generate the signals to
+ trigger reauthorization under SNMP. Eval - No Change (T)
+
+ 1.2.6 Authorization w/o Authentication - The author appears to be
+ confusing the AAA protocol authorization with the AAA user
+ authorization and seems to be over generalizing the ability of SNMP
+ to deal with general AAA user authorization. Eval - F
+
+ 1.3 Authorization Requirements
+
+ 1.3.1 Static and Dynamic IP Addr Assignment - The reference to MIB
+ objects without more definite references or descriptions continues to
+ be a negative. While the evaluator agrees that MIB objects can
+ represent addresses, the document needs to at least lead the reader
+ in the proper direction. Eval - F
+
+
+
+Mitton, et al. Informational [Page 30]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.3.2 RADIUS Gateway Capability - The transport and manipulation of
+ Radius objects appears to be only a part of what is required. Eval -
+ P
+
+ 1.3.3 Reject Capability - Again, a clarification of how SNMP might
+ accomplish this requirement would be helpful. The overall document
+ lacks a theory of operation for SNMP in an AAA role that might have
+ clarified the various approaches. Eval - F
+
+ 1.3.4 Preclude Layer 2 Tunneling - Document indicates lack of
+ understanding of this requirement. Eval - F
+
+ 1.3.5 Reauth on Demand - See response in 1.3.3 above. None of the
+ text responding to this requirement, nor any other text in the
+ document, nor any of the references describes the appropriate
+ framework and theory. Eval - F
+
+ 1.3.6 Support for ACLs - The response text again references MIB
+ objects that can be defined to do this job. There is additional
+ engineering and design needed before this is a done deal. Eval - P
+
+ 1.3.7 State Reconciliation - The text fails to address the basic
+ question of how to get the various parts of the AAA system back in
+ sync. Eval - F
+
+ 1.3.8 Unsolicited Disconnect - Assuming that the NAS is an SNMP agent
+ for an AAA server acting as an SNMP manager the evaluator concurs.
+ Eval - No Change (T).
+
+ 1.4 Accounting Requirements
+
+ 1.4.1 Real Time Accounting - SNMP Informs could accomplish the
+ requirements. Eval - No Change (T)
+
+ 1.4.2 Mandatory Compact Encoding - This is a good and reasonable
+ response. SNMP can vary the style and type of reported objects to
+ meet specific needs. Eval - No Change (T).
+
+ 1.4.3 Accounting Record Extensibility - MIBs are extensible. Eval -
+ No Change (T)
+
+ 1.4.4 Batch Accounting - MIBs provide data collection at various
+ times. Eval - No Change (T)
+
+ 1.4.5 Guaranteed Delivery - There's some weasel wording here with
+ respect to what guaranteed means, but the description of mechanisms
+ does appear to meet the requirements. Eval - No Change (T)
+
+
+
+
+Mitton, et al. Informational [Page 31]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.4.6 Accounting Timestamps - Accounting records can use the
+ DateAndTime Textual Convention to mark their times. Eval - No Change
+ (T)
+
+ 1.4.7 Dynamic Accounting - The author may have partially missed the
+ point on this requirement. While the number of records per session
+ is not of great interest, the delivery may be. The author should go
+ a little more into depth on this requirement. Eval - No Change (T)
+
+ 1.5 MOBILE IP Requirements
+
+ 1.5.1 Encoding of MOBILE IP Registration Messages - Registration
+ messages can probably be encoded as SNMP messages. Eval - No Change
+ (T)
+
+ 1.5.2 Firewall Friendly - There's a chicken and egg problem with the
+ response to the requirement in that the author hopes that SNMP as an
+ AAA protocol will encourage Firewall vendors to make SNMP a firewall
+ friendly protocol. Eval - F
+
+ 1.5.3 Allocation of Local Home Agent - The author disclaims an
+ understanding of this requirement. Eval - F
+
+ 2. Summary Discussion
+
+ The documents evaluation score was substantially affected by a lack
+ of any document, reference or text which described a theory of
+ operation for SNMP in AAA mode. Of substantial concern are the items
+ relating to the AAA server to server modes and AAA client to server
+ modes and the lack of a map to the SNMP protocol for those modes.
+
+ The evaluator also notes that the scaling issues of SNMP in SNMP
+ agent/manager mode are in no way indicative of SNMP in AAA
+ client/server mode. This has a possibility to substantially impair
+ SNMPs use in an AAA role.
+
+ However, SNMP may have a reasonable role in the Accounting space.
+ SNMP appears to map well with existing technology, and with the
+ requirements.
+
+ 3. General Requirements
+
+ SNMP appears to meet the general requirements of an IP capable
+ protocol, but may not have a proper field of use for all specific
+ requirements.
+
+
+
+
+
+
+Mitton, et al. Informational [Page 32]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 4. Summary Recommendation
+
+ Recommended in Part. SNMP is NOT RECOMMENDED for use as either an
+ authentication or authorization protocol, but IS RECOMMENDED for use
+ as an accounting protocol.
+
+C.3 RADIUS+ PRO Evaluation
+
+ Evaluation of RADIUS AAA Requirements PRO Evaluation
+
+ Evaluator - Mark Stevens
+
+ Ref [1] is "Comparison of RADIUS Against AAA Network Access
+ Requirements"
+ Ref [2] is "Framework for the extension of the RADIUS(v2) protocol"
+ Ref [3] is the aaa eval criteria as modified by us.
+
+ The documents uses T to indicate total compliance, P to indicate
+ partial compliance and F to indicate no compliance.
+
+ For each section I've indicated my grade for the section. I have
+ indicated whether or not my evaluation differs from the statements
+ made with respect to RADIUS++. The evaluation ratings as given below
+ may differ from the evaluations codified in the document referred to
+ as, "Comparison of RADIUS Against AAA Network Access Requirements"
+ without any indication.
+
+ 1.1 General Requirements
+
+ 1.1.1 [a] Scalability - In as much as a protocol's scalability can be
+ measured, the protocol seems to transmit information in a fairly
+ efficient manner.So, in that the protocol appears not to consume an
+ inordinate amount of bandwidth relative to the data it is
+ transmitting, this protocol could be considered scalable. However,
+ the protocol has a limit in the number of concurrent sessions it can
+ support between endpoints. Work arounds exist and are in use. Eval
+ - P (no change)
+
+ 1.1.2 [b] Fail-over - The document indicates the use of application
+ level time outs to provide this mechanism, rather than the mechanism
+ being a characteristic of the proposed protocol. The fail-over
+ requirement indicates that the protocol must provide the mechanism
+ rather than the application. The implication is that the application
+ need not be aware that the fail-over and subsequent correction when
+ it happens. The application using the RADIUS++ protocol will be
+ involved in fail-over recovery activities. The protocol layer of the
+ software does not appear to have the capability built-in. Given the
+ wording of the requirement: Eval - P (changed from T)
+
+
+
+Mitton, et al. Informational [Page 33]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.1.3 [c] Mutual Authentication - The RADIUS++ protocol provides
+ shared-secret as a built-in facility for mutual authentication. The
+ authors of the document suggest the use of IPSec to obtain mutual
+ authentication functions. The RADIUS++ protocol provides no road
+ blocks to obtaining mutual authentication between instances of AAA
+ applications, however the protocol provides no facilities for doing
+ so.
+
+ 1.1.4 [d] Transmission Level Security - The RADIUS++ protocol
+ provides no transmission level security features, nor does it
+ preclude the use of IPSec to obtain transmission level security.
+ Eval - P (no change)
+
+ 1.1.5 [e] Data Object Confidentiality - The document describes a
+ RAIDUS++ message designed to server as an envelope in which encrypted
+ RADIUS messages (attributes) may be enclosed. Eval - T (no change)
+
+ 1.1.6 [f] Data Object Integrity - Using visible signatures, the
+ RADIUS++ protocol appears to meet this requirement. Eval - T (no
+ change)
+
+ 1.1.7 [g] Certificate Transport - The document indicates compliance
+ through the use of the CMS-Data Radius Attribute (message). Eval - T
+ (no change)
+
+ 1.1.8 [h] Reliable AAA Transport - The document points out that
+ RADIUS++ can be considered a reliable transport when augmented with
+ Layer 2 Tunneling Protocol. The protocol itself does not provide
+ reliability features. Reliability remains the responsibility of the
+ application or a augmenting protocol. Eval - P (no change)
+
+ 1.1.9 [i] Run over IPv4 - Eval - T (no change)
+
+ 1.1.10 [j] Run over IPv6 - an IPv6 Address data type must be defined.
+ Eval - T (no change)
+
+ 1.1.11 [k] Support Proxy and Routing Brokers - There is no mechanism
+ for rerouting requests, but an extension can be made to do so. Eval
+ - T (no change)
+
+ 1.1.12 [l] Auditability - The document indicates no compliance with
+ this requirement. Eval - F (no change)
+
+ 1.1.13 [m] Shared Secret Not Required - RADIUS++ can be configured to
+ run with empty shared secret values. Eval - T (no change)
+
+
+
+
+
+
+Mitton, et al. Informational [Page 34]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.1.14 [n] Ability to Carry Service Specific Attributes - Vendor
+ escape mechanism can be used for this purpose.. Eval - T (no
+ change)
+
+ 1.2 Authentication Requirements
+
+ 1.2.1 [a] NAI Support - Eval - T (no change)
+
+ 1.2.2 [b] CHAP Support - Subject to dictionary attacks. Eval - P
+ (changed from T)
+
+ 1.2.3 [c] EAP Support - Eval - T (no change)
+
+ 1.2.4 [d] PAP/Clear-text Passwords - No end-to-end security, but
+ potential for encapsulation exists within current paradigm of the
+ protocol. - Eval -T (no change)
+
+ 1.2.5 [e] Reauthentication on demand - The RADIUS protocol
+ supports re-authentication. In case re-authentication is initiated
+ by the user or AAA client, the AAA client can send a new
+ authentication request. Re-authentication can be initiated from the
+ visited or home AAA server by sending a challenge message to the AAA
+ client. Eval - T (no change)
+
+ 1.2.6 [f] Authorization w/o Authentication - A new message type can
+ be created to enable RADIUS++ to support Aw/oA . Eval - T (no
+ change)
+
+ 1.3 Authorization Requirements
+
+ 1.3.1[a] Static and Dynamic IP Addr Assignment - Both supported.
+ IPv6 would require the definition of a new address data type. Eval -
+ P (no change)
+
+ 1.3.2 [b] RADIUS Gateway Capability - The transport and manipulation
+ of RADIUS objects appears to be only a part of what is required.
+ Requirement seems to be worded to preclude RADIUS. Eval - P (changed
+ from T)
+
+ 1.3.3 [c] Reject Capability - Eval -T
+
+ 1.3.4 [d] Preclude Layer 2 Tunneling - I do not see a definition in
+ the AAA eval criteria document. Eval - ?
+
+
+
+
+
+
+
+
+Mitton, et al. Informational [Page 35]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.3.5 [e] Reauthorization on Demand - Implementation in the field
+ demonstrate that extensions to RADIUS can support the desired
+ behavior. Re-authentication is currently coupled to re-
+ authorization. Eval - P (no change)
+
+ 1.3.6 [f] Support for ACLs - Currently done in the applications
+ behind the RADIUS end points, not the within the protocol. RADIUS++
+ could define additional message types to deal with expanded access
+ control within new service areas. Eval - P (no change)
+
+ 1.3.7 [g] State Reconciliation - Eval - F (no change)
+
+ 1.3.8 [h] Unsolicited Disconnect - RADIUS++ extensions to support.
+ Eval - T. (no change)
+
+ 1.4 Accounting Requirements
+
+ 1.4.1 [a] Real Time Accounting - Eval - T (no change)
+
+ 1.4.2 [b] Mandatory Compact Encoding - Eval - T (no change)
+
+ 1.4.3 [c] Accounting Record Extensibility - Eval - T (no change)
+
+ 1.4.4 [d] Batch Accounting - RADIUS++ offers no new features to
+ support batch accounting. Eval - F No change)
+
+ 1.4.5 [e] Guaranteed Delivery - Retransmission algorithm employed.
+ Eval - T (no change)
+
+ 1.4.6 [f] Accounting Timestamps - RADIUS++ extensions support
+ timestamps. Eval - T (no change)
+
+ 1.4.7 [g] Dynamic Accounting - RADIUS++ extensions to support. Eval
+ - T (no change)
+
+ 1.5 MOBILE IP Requirements
+
+ 1.5.1 [a] Encoding of MOBILE IP Registration Messages - RADIUS++
+ extensions can be made to include registration messages as an opaque
+ payload. Eval - T (no change)
+
+ 1.5.2 [b] Firewall Friendly - RADIUS is known to be operational
+ in environments where firewalls acting as a proxy are active. Eval -
+ T (no change)
+
+ 1.5.3 [c] Allocation of Local Home Agent -Requirement statement needs
+ some clarification and refinement. Eval - F (no change)
+
+
+
+
+Mitton, et al. Informational [Page 36]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 2. Summary Discussion
+
+ The RADIUS protocol, and its associated extensions, is presently not
+ fully compliant with the AAA Network Access requirements.
+ However, it is possible with a small effort to extend present
+ procedures to meet the requirements as listed in, while maintaining a
+ high level of interoperability with the wide deployment and
+ installed base of RADIUS clients and servers.
+
+ 3. General Requirements
+
+ RADIUS++ the protocol and the application meet the majority of the
+ requirements and can be extended to meet the requirements where
+ necessary.
+
+ 4. Summary Recommendation
+
+ RADIUS++ as it could be developed would provide a level of backward
+ compatibility that other protocols cannot achieve. By extending
+ RADIUS in the simple ways described in the documents listed above,
+ the transition from existing RADIUS-based installations to RADIUS++
+ installations would be easier. Although accounting continues to be
+ weaker than other approaches, the protocol remains a strong contender
+ for continued use in the areas of Authorization and Authentication.
+
+C.4 RADIUS+ CON Evaluation
+
+ Evaluation of RADIUS++ (sic) AAA Requirements CON Evaluation
+ Evaluator - David Nelson
+
+ Ref [1] is "Comparison of RADIUS Against AAA Network Access
+ Requirements", a.k.a. 'the document'
+ Ref [2] is "Framework for the extension of the RADIUS(v2) protocol",
+ a.k.a. 'the protocol'
+ Ref [3] is the AAA evaluation criteria as modified by us.
+ Ref [4] is RFC 2869.
+ Ref [5] is an expired work in progress "RADIUS X.509 Certificate
+ Extensions".
+ Ref [6] is RFC 2868
+
+ The document uses T to indicate total compliance, P to indicate
+ partial compliance and F to indicate no compliance. Evaluator's
+ Note: The document [1] pre-dates the protocol [2]. It is clear from
+ reading [2], that some of the issues identified as short comings in
+ [1] are now addressed in [2]. The evaluator has attempted to take
+ note of these exceptions, where they occur.
+
+
+
+
+
+Mitton, et al. Informational [Page 37]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ Section 1 - Per item discussion
+
+ 1.1 General Requirements
+
+ 1.1.1 Scalability - The document [1] indicates partial compliance,
+ largely in deference to the "tens of thousands of simultaneous
+ requests" language in [3], that has been deprecated. The issue of
+ simultaneous requests from a single AAA client is addressed in [1],
+ indicating that the apparent limitation of 256 uniquely identifiable
+ outstanding request can be worked around using well known techniques,
+ such as the source UDP port number of the request. The document
+ claims "P", and the evaluator concurs.
+
+ 1.1.2 Fail-over - The document [1] indicates the use of application
+ level time outs to provide the fail-over mechanism. Since the AAA
+ protocol is indeed an application-layer protocol, this seems
+ appropriate. There are significant issues of how to handle fail-
+ over in a proxy-chain environment that have not been well addressed,
+ however. The document claims "T", and the evaluator awards "P".
+
+ 1.1.3 Mutual Authentication - The document [1] indicates that mutual
+ authentication exists in the presence of a User-Password or CHAP-
+ Password attribute in an Access-Request packet or the Message-
+ Authenticator [4] in any packet. Once again, this addresses hop-by-
+ hop authentication of RADIUS "peers", but does not fully address
+ proxy-chain environments, in which trust models would need to be
+ established. The document further indicates that strong mutual
+ authentication could be achieved using the facilities of IPsec. This
+ claim would apply equally to all potential AAA protocols, and cannot
+ be fairly said to be a property of the protocol itself. The document
+ claims "T", and the evaluator awards "F".
+
+ 1.1.4 Transmission Level Security - The document [1] indicates that
+ transmission layer security, as defined in [3], is provided in the
+ protocol, using the mechanisms described in section 1.1.3. It should
+ be noted that this requirement is now a SHOULD in [3]. The document
+ claims "P", and the evaluator concurs.
+
+ 1.1.5 Data Object Confidentiality - The document [1] indicates that
+ end-to-end confidentiality is not available in RADIUS, but goes on to
+ say that it could be added. The protocol [2] actually makes an
+ attempt to specify how this is to be done, in section 4.3.2.2 of [2],
+ using a CMS-data attribute, based in large part upon RFC 2630. The
+ evaluator has not, at this time, investigated the applicability of
+ RFC 2630 to the AAA work. The document claims "F", but in light of
+ the specifics of the protocol [2], the evaluator awards "P".
+
+
+
+
+
+Mitton, et al. Informational [Page 38]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.1.6 Data Object Integrity - The document [1] indicates that end-
+ to-end integrity is not available in RADIUS, but goes on to say that
+ it could be added. The protocol [2] actually makes an attempt to
+ specify how this is to be done, in section 4.3.2.1 of [2], using a
+ CMS-data attribute, based in large part upon RFC 2630. The evaluator
+ has not, at this time, investigated the applicability of RFC 2630 to
+ the AAA work. The document claims "F", but in light of the specifics
+ of the protocol [2], the evaluator awards "P".
+
+ 1.1.7 Certificate Transport - The document [1] indicates that
+ certificate transport is not available in RADIUS, but goes on to say
+ that it could be added. The protocol [2] actually makes an attempt
+ to specify how this is to be done, in section 4.3.2.3 of [2], using a
+ CMS-data attribute, based in large part upon RFC 2630. The evaluator
+ has not, at this time, investigated the applicability of RFC 2630 to
+ the AAA work. Other relevant work in the area of certificate support
+ in RADIUS may be found in an expired work in progress, "RADIUS X.509
+ Certificate Extensions" [5]. The document claims "F", but in light
+ of the specifics of the protocol [2], the evaluator awards "P".
+
+ 1.1.8 Reliable AAA Transport - The document [1] indicates that RADIUS
+ provides partial compliance with the requirements of the original AAA
+ requirements document. However, in [3], the requirement has been
+ simplified to "resilience against packet loss". Once again, the
+ evaluator finds that the protocol [2] meets this criteria on a hop-
+ by-hop basis, but fails to effectively address these issues in a
+ proxy-chain environment. The document claims "P", and the evaluator
+ awards "F".
+
+ 1.1.9 Run over IPv4 - RADIUS is widely deployed over IPv4. The
+ document claims "T", and the evaluator concurs.
+
+ 1.1.10 Run over IPv6 - The document [1] indicates that adoption of a
+ limited number of new RADIUS attributes to support IPv6 is
+ straightforward. Such discussion has transpired on the RADIUS WG
+ mailing list, although that WG is in the process of shutting down.
+ The document claims "P", and the evaluator concurs.
+
+ 1.1.11 Support Proxy and Routing Brokers - The document [1] indicates
+ that RADIUS is widely deployed in proxy-chains of RADIUS servers.
+ This is equivalent to the Proxy Broker case, but the Routing Broker
+ case is a different requirement. The protocol [2] does not describe
+ any detail of how a Routing Broker might be accommodated, although it
+ opens the door by indicating that the RADIUS++ protocol is peer-to-
+ peer, rather than client/server. The document claims "P", and the
+ evaluator awards "F".
+
+
+
+
+
+Mitton, et al. Informational [Page 39]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.1.12 Auditability - The document [1] indicates no compliance with
+ this requirement. The document claims "F", and the evaluator
+ concurs.
+
+ 1.1.13 Shared Secret Not Required - The document [1] indicates that
+ RADIUS may effectively skirt the requirement of application-layer
+ security by using a value of "zero" for the pre-shared secret. While
+ this is a bit creative, it does seem to meet the requirement. The
+ document claims "T" and the evaluator concurs.
+
+ 1.1.14 Ability to Carry Service Specific Attributes - RADIUS has a
+ well defined Vendor-Specific Attribute, which, when properly used,
+ does indeed provide for the ability to transport service-specific
+ attributes. The document claims "T", and the evaluator concurs.
+
+ 1.2 Authentication Requirements
+
+ 1.2.1 NAI Support - The document [1] indicates that RADIUS specifies
+ the NAI as one of the suggested formats for the User-Name attribute.
+ The document claims "T", and the evaluator agrees.
+
+ 1.2.2 CHAP Support - CHAP support is widely deployed in RADIUS. The
+ document claims [1] "T", and the evaluator concurs.
+
+ 1.2.3 EAP Support - The document [1] indicates that EAP support in
+ RADIUS is specified in [4]. The document claims [1] "T", and the
+ evaluator concurs.
+
+ 1.2.4 PAP/Clear-text Passwords - The document [1] indicates that
+ RADIUS provides protection of clear-text passwords on a hop-by-hop
+ basis. The protocol [2] indicates how additional data
+ confidentiality may be obtained in section 4.3.2.2 of [2], using a
+ CMS-data attribute, based in large part upon RFC 2630. The evaluator
+ has not, at this time, investigated the applicability of RFC 2630 to
+ the AAA work. The document claims [1] "F", but in light of the
+ specifics of the protocol [2], the evaluator awards "P".
+
+ 1.2.5 Reauthentication on demand - The document [1] indicates that
+ RADIUS may accomplish re-authentication on demand by means of an
+ Access-Challenge message sent from a server to a client. The
+ evaluator disagrees that this is likely to work for a given session
+ once an Access-Accept message has been received by the client. The
+ document claims "T", and the evaluator awards "F".
+
+ 1.2.6 Authorization w/o Authentication - This requirement, as applied
+ to the protocol specification, mandates that non- necessary
+ authentication credentials not be required in a request for
+ authorization. The actual decision to provide authorization in the
+
+
+
+Mitton, et al. Informational [Page 40]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ absence of any authentication resides in the application (e.g. AAA
+ server). RADIUS does require some form of credential in request
+ messages. The document [1] claims "F", and the evaluator concurs.
+
+ 1.3 Authorization Requirements
+
+ 1.3.1 Static and Dynamic IP Addr Assignment - The document [1]
+ indicates that RADIUS can assign IPv4 addresses, and can easily be
+ extended to assign IPv6 addresses (see section 1.1.10). Of greater
+ concern, however, is the issue of static vs. dynamic addresses. If
+ dynamic address has the same meaning as it does for DHCP, then there
+ are issues of resource management that RADIUS has traditionally not
+ addressed. The document claims "P", and the evaluator concurs.
+
+ 1.3.2 RADIUS Gateway Capability - The document [1] maintains that a
+ RADIUS++ to RADIUS gateway is pretty much a tautology. The document
+ claims "T", and the evaluator concurs.
+
+ 1.3.3 Reject Capability - The document [1] maintains that RADIUS
+ Proxy Servers, and potentially RADIUS++ Routing Brokers, have the
+ ability to reject requests based on local policy. The document
+ claims "T" and the evaluator concurs.
+
+ 1.3.4 Preclude Layer 2 Tunneling - The document [1] indicates that
+ [6] defines support for layer two tunneling in RADIUS. The document
+ claims "T", and the evaluator concurs.
+
+ 1.3.5 Reauth on Demand - The document [1] indicates that RADIUS
+ provides this feature by means of the Session-Timeout and
+ Termination- Action attributes. While this may, in fact, be
+ sufficient to provide periodic re-authorization, it would not provide
+ re- authorization on demand. The protocol [2] does not address this
+ further. The document claims "P", and the evaluator awards "F".
+
+ 1.3.6 Support for ACLs - The document [1] describes the attributes in
+ RADIUS that are used to convey the access controls described in [3].
+ Certain of these (e.g. QoS) are not currently defined in RADIUS, but
+ could easily be defined as new RADIUS attributes. The document
+ claims "P", and the evaluator concurs.
+
+ 1.3.7 State Reconciliation - The document [1] addresses each of the
+ sub- items, as listed in the original AAA requirements document. In
+ reviewing the document against the modified requirements of [3],
+ there is still an issue with server-initiated state reconciliation
+ messages. While the protocol [2] makes provision for such messages,
+ as servers are allowed to initiate protocol dialogs, no detailed
+
+
+
+
+
+Mitton, et al. Informational [Page 41]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ message formats are provided. This is an area that has traditionally
+ been a short coming of RADIUS. The document claims "P", and the
+ evaluator awards "F".
+
+ 1.3.8 Unsolicited Disconnect - Much of the discussion from the
+ previous section applies to this section. The document [1] claims
+ "F", and the evaluator concurs.
+
+ 1.4 Accounting Requirements
+
+ 1.4.1 Real Time Accounting - RADIUS Accounting is widely deployed and
+ functions within the definition of real time contained in [3]. The
+ document [1] claims "T", and the evaluator concurs.
+
+ 1.4.2 Mandatory Compact Encoding - RADIUS Accounting contains TLVs
+ for relevant accounting information, each of which is fairly compact.
+ Note that the term "bloated" in [3] is somewhat subjective. The
+ document [1] claims "T", and the evaluator concurs.
+
+ 1.4.3 Accounting Record Extensibility - RADIUS Accounting may be
+ extended by means of new attributes or by using the Vendor-Specific
+ attribute. While it has been argued that the existing attribute
+ number space is too small for the required expansion capabilities,
+ the protocol [2] addresses this problem in section 3.0, and its
+ subsections, of [2]. The document [1] claims "T", and the evaluator
+ concurs.
+
+ 1.4.4 Batch Accounting - RADIUS has no explicit provisions for batch
+ accounting, nor does the protocol [2] address how this feature might
+ be accomplished. The document [1] claims "F", and the evaluator
+ concurs.
+
+ 1.4.5 Guaranteed Delivery - RADIUS Accounting is widely deployed and
+ provides guaranteed delivery within the context of the required
+ application-level acknowledgment. The document [1] claims "T", and
+ the evaluator concurs.
+
+ 1.4.6 Accounting Timestamps - The document [1] indicates that this
+ feature is specified in [4] as the Event-Timestamp attribute. The
+ document claims [1] "T", and the evaluator concurs.
+
+ 1.4.7 Dynamic Accounting - The document [1] indicates that this
+ requirement is partially met using the accounting interim update
+ message as specified in [4]. In addition, there was work in the
+ RADIUS WG regarding session accounting extensions that has not been
+ included in [4], i.e., some expired works in progress. The document
+ claims [1] "P", and the evaluator concurs.
+
+
+
+
+Mitton, et al. Informational [Page 42]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.5 MOBILE IP Requirements
+
+ 1.5.1 Encoding of MOBILE IP Registration Messages - The document [1]
+ claims "F", and the evaluator concurs.
+
+ 1.5.2 Firewall Friendly - The document [1] indicates that RADIUS
+ deployment is know to have occurred in fire-walled environments. The
+ document claims "T", and the evaluator concurs.
+
+ 1.5.3 Allocation of Local Home Agent - The document [1] claims "F",
+ and the evaluator concurs.
+
+ 2. Summary Discussion
+
+ The document [1] and the protocol [2] suffer from having been written
+ in a short time frame. While the protocol does provide specific
+ guidance on certain issues, citing other relevant documents, it is
+ not a polished protocol specification, with detailed packet format
+ diagrams. There is a pool of prior work upon which the RADIUS++
+ protocol may draw, in that many of the concepts of Diameter were
+ first postulated as works in progress within the RADIUS WG, in an
+ attempt to "improve" the RADIUS protocol. All of these works in
+ progress have long since expired, however.
+
+ 3. General Requirements
+
+ RADIUS++ meets many of the requirements of an AAA protocol, as it is
+ the current de facto and de jure standard for AAA. There are long-
+ standing deficiencies in RADIUS, which have been well documented in
+ the RADIUS and NASREQ WG proceedings. It is technically possible to
+ revamp RADIUS to solve these problems. One question that will be
+ asked, however, is: "What significant differences would there be
+ between a finished RADIUS++ protocol and the Diameter protocol?".
+
+ 4. Summary Recommendation
+
+ Recommended in part. What may possibly be learned from this
+ submission is that it is feasible to have a more RADIUS-compliant
+ RADIUS-compatibility mode in Diameter.
+
+
+
+
+
+
+
+
+
+
+
+
+Mitton, et al. Informational [Page 43]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+C.5 Diameter PRO Evaluation
+
+ Evaluation of Diameter against the AAA Requirements
+ PRO Evaluation
+ Evaluator - Basavaraj Patil
+
+ Ref [1] is "Diameter Framework Document".
+ Ref [2] is "Diameter NASREQ Extensions".
+ Ref [3] is the AAA evaluation criteria as modified by us.
+ Ref [4] is "Diameter Accounting Extensions".
+ Ref [5] is "Diameter Mobile IP Extensions".
+ Ref [6] is "Diameter Base Protocol".
+ Ref [7] is "Diameter Strong Security Extension".
+ Ref [8] is "Comparison of Diameter Against AAA Network Access
+ Requirements".
+
+ The document uses T to indicate total compliance, P to indicate
+ partial compliance and F to indicate no compliance.
+
+ Evaluator's note : The Diameter compliance document [8] claims Total
+ "T" compliance with all the requirements except : - 1.2.5 - 1.5.2
+
+ Section 1 - Per item discussion
+
+ 1.1 General Requirements
+
+ 1.1.1 Scalability
+
+ Diameter is an evolution of RADIUS and has taken into consideration
+ all the lessons learned over many years that RADIUS has been in
+ service. The use of SCTP as the transport protocol reduces the need
+ for multiple proxy servers (Sec 3.1.1 Proxy Support of [1]) as well
+ as removing the need for application level acks. The use and support
+ of forwarding and redirect brokers enhances scalability. Evaluator
+ concurs with the "T" compliance on this requirement.
+
+ 1.1.2 Fail-over
+
+ Again with the use of SCTP, Diameter is able to detect disconnect
+ indications upon which it switches to an alternate server (Sec 4.0
+ [6]). Also Requests and Responses do not have to follow the same
+ path and this increases the reliability. Evaluator concurs with the
+ "T" compliance on this requirement.
+
+
+
+
+
+
+
+
+Mitton, et al. Informational [Page 44]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.1.3 Mutual Authentication
+
+ The compliance document quotes the use of symmetric transforms for
+ mutual authentication between the client and server (Sec 7.1 of
+ [6]). The use of IPSec as an underlying security mechanism and
+ thereby use the characteristics of IPSec itself to satisfy this
+ requirement is also quoted. Evaluator concurs with the "T"
+ compliance on this requirement.
+
+ 1.1.4 Transmission Level Security
+
+ Although this requirement has been deprecated by the AAA evaluation
+ team the document complies with it based on the definition (referring
+ to hop-by-hop security). Section 7.1 of [6] provides the details of
+ how this is accomplished in Diameter. Evaluator concurs with the "T"
+ compliance on this requirement.
+
+ 1.1.5 Data Object Confidentiality
+
+ This requirement seems to have come from Diameter. Ref [7] explains
+ in detail the use of Cryptographic Message Syntax (CMS) to achieve
+ data object confidentiality. A CMS-Data AVP is defined in [7].
+ Evaluator concurs with the "T" compliance on this requirement.
+
+ 1.1.6 Data Object Integrity
+
+ Using the same argument as above and the hop-by-hop security feature
+ in the protocol this requirement is completely met by Diameter.
+ Evaluator concurs with the "T" compliance on this requirement.
+
+ 1.1.7 Certificate Transport
+
+ Again with the use of the CMS-Data AVP, objects defined as these
+ types of attributes allow the transport of certificates. Evaluator
+ concurs with the "T" compliance on this requirement.
+
+ 1.1.8 Reliable AAA Transport
+
+ Diameter recommends that the protocol be run over SCTP. SCTP
+ provides the features described for a reliable AAA transport.
+ Although the compliance is not a perfect fit for the definition of
+ this tag item, it is close enough and the functionality achieved by
+ using SCTP is the same. Evaluator concurs with the "T" compliance
+ on this requirement.
+
+
+
+
+
+
+
+Mitton, et al. Informational [Page 45]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.1.9 Run over IPv4
+
+ Is an application layer protocol and does not depend on the
+ underlying version of IP. Evaluator concurs with the "T" compliance
+ on this requirement.
+
+ 1.1.10 Run over IPv6
+
+ Is an application layer protocol and does not depend on the
+ underlying version of IP. Evaluator concurs with the "T" compliance
+ on this requirement.
+
+ 1.1.11 Support Proxy and Routing Brokers
+
+ Section 3.1.1/2 of the framework document [1] provides an explanation
+ of how Diameter supports proxy and routing brokers. In fact it
+ almost appears as though the requirement for a routing broker came
+ from Diameter. Evaluator concurs with the "T" compliance on this
+ requirement.
+
+ 1.1.12 Auditability
+
+ With the use of CMS-Data AVP [7] a trail is created when proxies are
+ involved in the transaction. This trail can provide auditability.
+ Evaluator concurs with the "T" compliance on this requirement.
+
+ 1.1.13 Shared Secret Not Required
+
+ With the use of IPSec as the underlying security mechanism, Diameter
+ does not require the use of shared secrets for message
+ authentication. Evaluator concurs with the "T" compliance on this
+ requirement.
+
+ 1.1.14 Ability to Carry Service Specific Attributes
+
+ The base protocol [6] is defined by Diameter and any one else can
+ define specific extensions on top of it. Other WGs in the IETF can
+ design an extension on the base protocol with specific attributes and
+ have them registered by IANA. Evaluator concurs with the "T"
+ compliance on this requirement.
+
+
+
+
+
+
+
+
+
+
+
+Mitton, et al. Informational [Page 46]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.2 Authentication Requirements
+
+ 1.2.1 NAI Support
+
+ The base protocol [6] defines an AVP that can be used to support
+ NAIs. Diameter goes one step further by doing Message forwarding
+ based on destination NAI AVPs. Evaluator concurs with the "T"
+ compliance on this requirement.
+
+ 1.2.2 CHAP Support
+
+ Reference [2] section 3.0 describes the support for CHAP. Evaluator
+ concurs with the "T" compliance on this requirement.
+
+ 1.2.3 EAP Support
+
+ Reference [2] section 4.0 describes the support for EAP. Evaluator
+ concurs with the "T" compliance on this requirement.
+
+ 1.2.4 PAP/Clear-text Passwords
+
+ Reference [2] section 3.1.1.1 describes the support for PAP.
+ Evaluator concurs with the "T" compliance on this requirement.
+
+ 1.2.5 Reauthentication on demand
+
+ The use of Session-Timeout AVP as the mechanism for reauthentication
+ is claimed by the compliance document. However no direct references
+ explaining this in the base protocol [6] document were found.
+
+ Evaluator deprecates the compliance on this to a "P"
+
+ Note: However this is a trivial issue.
+
+ 1.2.6 Authorization w/o Authentication
+
+ Diameter allows requests to be sent without having any authentication
+ information included. A Request-type AVP is defined in [2] and it
+ can specify authorization only without containing any authentication.
+ Evaluator concurs with the "T" compliance on this requirement.
+
+
+
+
+
+
+
+
+
+
+
+Mitton, et al. Informational [Page 47]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.3 Authorization Requirements
+
+ 1.3.1 Static and Dynamic IP Addr Assignment
+
+ The base protocol includes an AVP for carrying the address.
+ References [6.2.2 of 2] and [4.5 of 5] provide detailed explanations
+ of how this can be done. Evaluator concurs with the "T" compliance
+ on this requirement.
+
+ 1.3.2 RADIUS Gateway Capability
+
+ One of the basic facets of Diameter is to support backward
+ compatibility and act as a RADIUS gateway in certain environments.
+ Evaluator concurs with the "T" compliance on this requirement.
+
+ 1.3.3 Reject Capability
+
+ Based on the explanation provided in the compliance document for this
+ requirement evaluator concurs with the "T" compliance on this
+ requirement.
+
+ 1.3.4 Preclude Layer 2 Tunneling
+
+ Ref [2] defines AVPs supporting L2 tunnels Evaluator concurs with
+ the "T" compliance on this requirement.
+
+ 1.3.5 Reauth on Demand
+
+ A session timer defined in [6] is used for reauthorization. However
+ Diameter allows reauthorization at any time. Since this is a peer-
+ to-peer type of protocol any entity can initiate a reauthorization
+ request. Evaluator concurs with the "T" compliance on this
+ requirement.
+
+ 1.3.6 Support for ACLs
+
+ Diameter defines two methods. One that supports backward
+ compatibility for RADIUS and another one with the use of a standard
+ AVP with the filters encoded in it. Evaluator concurs with the "T"
+ compliance on this requirement.
+
+ 1.3.7 State Reconciliation
+
+ A long explanation on each of the points defined for this tag item in
+ the requirements document. Evaluator concurs with the "T" compliance
+ for this requirement.
+
+
+
+
+
+Mitton, et al. Informational [Page 48]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.3.8 Unsolicited Disconnect
+
+ The base protocol [6] defines a set of session termination messages
+ which can be used for unsolicited disconnects. Evaluator concurs
+ with the "T" compliance on this requirement.
+
+ 1.4 Accounting Requirements
+
+ 1.4.1 Real Time Accounting
+
+ Evaluator concurs with the "T" compliance based on explanations in
+ [4].
+
+ 1.4.2 Mandatory Compact Encoding
+
+ Use of Accounting Data Interchange Format (ADIF)-Record-AVP for
+ compact encoding of accounting data. Evaluator concurs with the "T"
+ compliance.
+
+ 1.4.3 Accounting Record Extensibility
+
+ ADIF can be extended. Evaluator concurs with the "T" compliance.
+
+ 1.4.4 Batch Accounting
+
+ Sec 1.2 of [4] provides support for batch accounting.
+
+ 1.4.5 Guaranteed Delivery
+
+ Sections 2.1/2 of [4] describe messages that are used to guarantee
+ delivery of accounting records. Evaluator concurs with the "T"
+ compliance.
+
+ 1.4.6 Accounting Timestamps
+
+ Timestamp AVP [6] is present in all accounting messages. Evaluator
+ concurs with the "T" compliance.
+
+ 1.4.7 Dynamic Accounting
+
+ Interim accounting records equivalent to a call-in-progress can be
+ sent periodically. Evaluator concurs with the "T" compliance.
+
+
+
+
+
+
+
+
+
+Mitton, et al. Informational [Page 49]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.5 MOBILE IP Requirements
+
+ 1.5.1 Encoding of MOBILE IP Registration Messages
+
+ Ref [5] provides details of how Diameter can encode MIP messages.
+ Evaluator concurs with the "T" compliance.
+
+ 1.5.2 Firewall Friendly
+
+ Some handwaving here and a possible way of solving the firewall
+ problem with a Diameter proxy server. Document claims "T", evaluator
+ deprecates it to a "P"
+
+ 1.5.3 Allocation of Local Home Agent
+
+ Diameter can assign a local home agent in a visited network in
+ conjunction with the FA in that network. Evaluator concurs with the
+ "T"
+
+ Summary Recommendation
+
+ Diameter is strongly recommended as the AAA protocol. The experience
+ gained from RADIUS deployments has been put to good use in the design
+ of this protocol. It has also been designed with extensibility in
+ mind thereby allowing different WGs to develop their own specific
+ extension to satisfy their requirements. With the use of SCTP as the
+ transport protocol, reliability is built in. Security has been
+ addressed in the design of the protocol and issues that were
+ discovered in RADIUS have been fixed. Diameter also is a session
+ based protocol which makes it more scalable. The support for
+ forwarding and redirect brokers is well defined and this greatly
+ improves the scalability aspect of the protocol.
+
+ Lastly the protocol has been implemented by at least a few people and
+ interop testing done. This in itself is a significant step and a
+ positive point for Diameter to be the AAA protocol.
+
+C.6 Diameter CON Evaluation
+
+ Evaluation of Diameter against the AAA Requirements
+ CON Brief
+ Evaluator: Barney Wolff
+
+
+
+
+
+
+
+
+
+Mitton, et al. Informational [Page 50]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ Section 1 - Per item discussion
+
+ 1.1 General Requirements
+
+ 1.1.1 Scalability - P (was T) The evaluator is concerned with
+ scalability to the small, not to the large. Diameter/SCTP may prove
+ difficult to retrofit to existing NAS equipment.
+
+ 1.1.2 Fail-over - P (was T) SCTP gives an indication of peer
+ failure, but nothing in any Diameter or SCTP document the evaluator
+ was able to find even mentions how or when to switch back to a
+ primary server to which communication was lost. After a failure, the
+ state machines end in a CLOSED state and nothing seems to trigger
+ exit from that state. It was not clear whether a server, on
+ rebooting, would initiate an SCTP connection to all its configured
+ clients. If not, and in any case when the communication failure was
+ in the network rather than in the server, the client must itself,
+ after some interval, attempt to re-establish communication. But no
+ such guidance is given.
+
+ Of course, the requirement itself fails to mention the notion of
+ returning to a recovered primary. That is a defect in the
+ requirement. The evaluator has had unfortunate experience with a
+ vendor's RADIUS implementation that had exactly the defect that it
+ often failed to notice recovery of the primary.
+
+ 1.1.3 Mutual Authentication - T
+
+ 1.1.4 Transmission Level Security - T
+
+ 1.1.5 Data Object Confidentiality - P (was T). Yes, the CMS data
+ type is supported. But the work in progress, "Diameter Strong
+ Security Extension", says:
+
+ Given that asymmetric transform operations are expensive, Diameter
+ servers MAY wish to use them only when dealing with inter-domain
+ servers, as shown in Figure 3. This configuration is normally
+ desirable since Diameter entities within a given administrative
+ domain MAY inherently trust each other. Further, it is desirable
+ to move this functionality to the edges, since NASes do not
+ necessarily have the CPU power to perform expensive cryptographic
+ operations.
+
+ Given all the fuss that has been made about "end-to-end"
+ confidentiality (which really means "NAS-to-home_server"), the
+ evaluator finds it absurd that the proposed solution is acknowledged
+ to be unsuited to the NAS.
+
+
+
+
+Mitton, et al. Informational [Page 51]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.1.6 Data Object Integrity - P (was T). See above.
+
+ 1.1.7 Certificate Transport - T
+
+ 1.1.8 Reliable AAA Transport - T
+
+ 1.1.9 Run over IPv4 - T
+
+ 1.1.10 Run over IPv6 - T
+
+ 1.1.11 Support Proxy and Routing Brokers - T
+
+ 1.1.12 Auditability - T (based on our interpretation as non-
+ repudiation, rather than the definition given in reqts)
+
+ 1.1.13 Shared Secret Not Required - T
+
+ 1.1.14 Ability to Carry Service Specific Attributes - T
+
+ 1.2 Authentication Requirements
+
+ 1.2.1 NAI Support - T
+
+ 1.2.2 CHAP Support - T
+
+ 1.2.3 EAP Support - T
+
+ 1.2.4 PAP/Clear-text Passwords - T
+
+ 1.2.5 Reauthentication on demand - P (was T). No mechanism was
+ evident for the server to demand a reauthentication, based for
+ example on detection of suspicious behavior by the user. Session-
+ timeout is not sufficient, as it must be specified at the start.
+
+ 1.2.6 Authorization w/o Authentication - T
+
+ 1.3 Authorization Requirements
+
+ 1.3.1 Static and Dynamic IP Addr Assignment - T
+
+ 1.3.2 RADIUS Gateway Capability - P (was T). RADIUS has evolved from
+ the version on which Diameter was based. EAP is a notable case where
+ the convention that the Diameter attribute number duplicates the
+ RADIUS one is violated. No protocol, not even RADIUS++, can claim a
+ T on this.
+
+ 1.3.3 Reject Capability - T (The evaluator fails to understand how
+ any AAA protocol could rate anything other than T on this.)
+
+
+
+Mitton, et al. Informational [Page 52]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.3.4 Preclude Layer 2 Tunneling - T
+
+ 1.3.5 Reauth on Demand - P (was T). As with reauthentication, there
+ is no evident mechanism for the server to initiate this based on
+ conditions subsequent to the start of the session.
+
+ 1.3.6 Support for ACLs - P (was T). The evaluator finds the Filter-
+ Rule AVP laughably inadequate to describe filters. For example, how
+ would it deal with restricting SMTP to a given server, unless all IP
+ options are forbidden so the IP header length is known? No real NAS
+ could have such an impoverished filter capability, or it would not
+ survive as a product.
+
+ 1.3.7 State Reconciliation - P (was T). It is difficult for the
+ evaluator to understand how this is to work in a multi-administration
+ situation, or indeed in any proxy situation. Furthermore, SRQ with
+ no session-id is defined to ask for info on all sessions, not just
+ those "owned" by the requester.
+
+ 1.3.8 Unsolicited Disconnect - T
+
+ 1.4 Accounting Requirements
+
+ 1.4.1 Real Time Accounting - T
+
+ 1.4.2 Mandatory Compact Encoding - T
+
+ 1.4.3 Accounting Record Extensibility - T
+
+ 1.4.4 Batch Accounting - P (was T). The evaluator suspects that
+ simply sending multiple accounting records in a single request is not
+ how batch accounting should or will be done.
+
+ 1.4.5 Guaranteed Delivery - T
+
+ 1.4.6 Accounting Timestamps - T (The evaluator notes with amusement
+ that NTP time cycles in 2036, not 2038 as claimed in the Diameter
+ drafts. It's Unix time that will set the sign bit in 2038.)
+
+ 1.4.7 Dynamic Accounting - T
+
+ 1.5 MOBILE IP Requirements
+
+ 1.5.1 Encoding of MOBILE IP Registration Messages - T
+
+ 1.5.2 Firewall Friendly - F (was T). Until such time as firewalls
+ are extended to know about or proxy SCTP, it is very unlikely that
+ SCTP will be passed. Even then, the convenient feature of being able
+
+
+
+Mitton, et al. Informational [Page 53]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ to send a request from any port, and get the reply back to that port,
+ means that a simple port filter will not be sufficient, and
+ statefulness will be required. Real friendship would require that
+ both source and dest ports be 1812.
+
+ 1.5.3 Allocation of Local Home Agent - T
+
+ 2. Summary Discussion
+
+ In some areas, Diameter is not completely thought through. In
+ general, real effort has gone into satisfying a stupendous range of
+ requirements.
+
+ 3. General Requirements
+
+ Diameter certainly fails the KISS test. With SCTP, the drafts add up
+ to 382 pages - well over double the size of RADIUS even with
+ extensions. The evaluator sympathizes with the political instinct
+ when faced with a new requirement no matter how bizarre, to say "we
+ can do that" and add another piece of filigree. But the major places
+ where Diameter claims advantage over RADIUS, namely "end-to-end"
+ confidentiality and resource management, are just the places where
+ some hard work remains, if the problems are not indeed intractable.
+
+ More specifically, the evaluator sees no indication that specifying
+ the separate transport protocol provided any advantage to defray the
+ large increase in complexity. Application acks are still required,
+ and no benefit from the transport acks was evident to the evaluator.
+ Nor was there any obvious discussion of why "sequenced in-order"
+ delivery is required, when AAA requests are typically independent.
+ SCTP offers out-of-order delivery, but Diameter seems to have chosen
+ not to use that feature.
+
+ Whether TLV encoding or ASN.1/BER is superior is a religious
+ question, but Diameter manages to require both, if the "strong"
+ extension is implemented. The evaluator has a pet peeve with length
+ fields that include the header, making small length values invalid,
+ but that is a minor point.
+
+ Finally, interoperability would be greatly aided by defining a
+ standard "dictionary" format by which an implementation could adopt
+ wholesale a set of attributes, perhaps from another vendor, and at
+ least know how to display them. That is one of the advantages of
+ MIBs.
+
+
+
+
+
+
+
+Mitton, et al. Informational [Page 54]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 4. Summary Recommendation
+
+ Diameter is clearly close enough to meeting the myriad requirements
+ that it is an acceptable candidate, though needing some polishing.
+ Whether the vast increase in complexity is worth the increase in
+ functionality over RADIUS is debatable.
+
+C.7 COPS PRO Evaluation
+
+ Evaluation of COPS AAA Requirements
+ PRO Evaluation
+ Evaluator - David Nelson
+
+ Ref [1] is "Comparison of COPS Against the AAA NA Requirements", work
+ in progress, a.k.a. 'the document'
+ Ref [2] is RFC 2748 a.k.a. 'the protocol'
+ Ref [3] is the AAA evaluation criteria as modified by us.
+ Ref [4] is "AAA Protocols: Comparison between RADIUS, Diameter, and
+ COPS" work in progress.
+ Ref [5] is "COPS Usage for AAA", work in progress.
+
+ This document uses T to indicate total compliance, P to indicate
+ partial compliance and F to indicate no compliance.
+
+ Section 1 - Per item discussion
+
+ 1.1 General Requirements
+
+ 1.1.1 Scalability - The document [1] claims "T", and the evaluator
+ concurs.
+
+ 1.1.2 Fail-over - The document [1] claims "T", and the evaluator
+ concurs.
+
+ 1.1.3 Mutual Authentication - The document claims "T", and the
+ evaluator concurs.
+
+ 1.1.4 Transmission Level Security - The document [1] indicates that
+ transmission layer security, as defined in [3], is provided in the
+ protocol, using the mechanisms described in [2]. It should be noted
+ that this requirement is now a SHOULD in [3]. The document claims
+ "T", and the evaluator concurs.
+
+ 1.1.5 Data Object Confidentiality - The document [1] indicates that
+ end-to-end confidentiality is provided using a CMS-data attribute,
+ based in large part upon RFC 2630. The evaluator has not, at this
+ time, investigated the applicability of RFC 2630 to the AAA work.
+ The document claims "T", and the evaluator concurs.
+
+
+
+Mitton, et al. Informational [Page 55]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.1.6 Data Object Integrity - The document [1] indicates that data
+ object integrity is provided using a CMS-data attribute, based in
+ large part upon RFC 2630. The evaluator has not, at this time,
+ investigated the applicability of RFC 2630 to the AAA work. The
+ document claims "T", and the evaluator concurs.
+
+ 1.1.7 Certificate Transport - The document [1] indicates that
+ certificate transport is provided using a CMS-data attribute, based
+ in large part upon RFC 2630 and RFC 1510. The evaluator has not, at
+ this time, investigated the applicability of RFC 2630 to the AAA
+ work. The document claims "T", and the evaluator concurs.
+
+ 1.1.8 Reliable AAA Transport - The document [1] indicates that COPS
+ uses TCP, which certainly meets the requirements for a reliable
+ transport. The document claims "T", and the evaluator concurs.
+
+ 1.1.9 Run over IPv4 - The document [1] claims "T", and the evaluator
+ concurs.
+
+ 1.1.10 Run over IPv6 - The document [1] claims "T", and the evaluator
+ concurs.
+
+ 1.1.11 Support Proxy and Routing Brokers - Reasonable detail of proxy
+ operations is provided in [5]. The document [1] claims "T", and the
+ evaluator concurs.
+
+ 1.1.12 Auditability - The document [1] alludes to a History PIB that
+ would enable auditing without explaining how it would work. The AAA
+ Extension [5] does not provide additional insight. The document
+ claims "T", and the evaluator awards "P".
+
+ 1.1.13 Shared Secret Not Required - The document [1] claims "T" and
+ the evaluator concurs.
+
+ 1.1.14 Ability to Carry Service Specific Attributes - The document
+ [1] claims "T", and the evaluator concurs.
+
+ 1.2 Authentication Requirements
+
+ 1.2.1 NAI Support - The document [1] indicates that NAI is to be
+ supported in the Information Model, but notes that for cases where
+ certificates are in use, the more restrictive syntax of RFC 2459
+ applies. The document claims "T", and the evaluator awards "P".
+
+ 1.2.2 CHAP Support - The document [1] claims "T", and the evaluator
+ concurs.
+
+
+
+
+
+Mitton, et al. Informational [Page 56]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.2.3 EAP Support - The document [1] claims "T", and the evaluator
+ concurs.
+
+ 1.2.4 PAP/Clear-text Passwords - The document [1] indicates
+ compliance, presumably using a CMS-data attribute, based in large
+ part upon RFC 2630. The evaluator has not, at this time,
+ investigated the applicability of RFC 2630 to the AAA work. The
+ document claims "T", and the evaluator concurs.
+
+ 1.2.5 Reauthentication on demand - The document [1] claims "T", and
+ the evaluator concurs.
+
+ 1.2.6 Authorization w/o Authentication - This requirement, as applied
+ to the protocol specification, mandates that non- necessary
+ authentication credentials not be required in a request for
+ authorization. The actual decision to provide authorization in the
+ absence of any authentication resides in the application (e.g. AAA
+ server). The document [1] claims "T", and the evaluator concurs.
+
+ 1.3 Authorization Requirements
+
+ 1.3.1 Static and Dynamic IP Addr Assignment - The document [1]
+ claims "T", and the evaluator concurs.
+
+ 1.3.2 RADIUS Gateway Capability - The document [1] claims "T", and in
+ the absence of any detailed discussion of how this is accomplished,
+ in either [1] or [5], the evaluator awards "P".
+
+ 1.3.3 Reject Capability - The document claims [1] "T" and the
+ evaluator concurs.
+
+ 1.3.4 Preclude Layer 2 Tunneling - The document [1] claims "T", and
+ in the absence of any detailed discussion of how this is
+ accomplished, in either [1] or [5], the evaluator awards "P".
+
+ 1.3.5 Reauth on Demand - The document [1] claims "T", and the
+ evaluator concurs.
+
+ 1.3.6 Support for ACLs - The document [1] "T", and the evaluator
+ concurs.
+
+ 1.3.7 State Reconciliation - The document [1] "T", and the evaluator
+ concurs.
+
+ 1.3.8 Unsolicited Disconnect - The document [1] claims "T", and the
+ evaluator concurs.
+
+
+
+
+
+Mitton, et al. Informational [Page 57]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.4 Accounting Requirements
+
+ 1.4.1 Real Time Accounting - The document [1] claims "T", and the
+ evaluator concurs.
+
+ 1.4.2 Mandatory Compact Encoding - Note that the term "bloated" in
+ [3] is somewhat subjective. The document [1] claims "T", and the
+ evaluator concurs.
+
+ 1.4.3 Accounting Record Extensibility - The document [1] claims "T",
+ and the evaluator concurs.
+
+ 1.4.4 Batch Accounting - The protocol [2] [5] does not address how in
+ detail this feature might be accomplished. The document [1] claims
+ "T", and the awards "P".
+
+ 1.4.5 Guaranteed Delivery - Guaranteed delivery is provided by TCP.
+ The document [1] claims "T", and the evaluator concurs.
+
+ 1.4.6 Accounting Timestamps - The document [1] claims "T", and the
+ evaluator concurs.
+
+ 1.4.7 Dynamic Accounting - The document [1] claims "T", and the
+ evaluator concurs.
+
+ 1.5 MOBILE IP Requirements
+
+ 1.5.1 Encoding of MOBILE IP Registration Messages - The document [1]
+ claims "T", and the evaluator concurs.
+
+ 1.5.2 Firewall Friendly - The document [1] claims "T", and the
+ evaluator concurs.
+
+ 1.5.3 Allocation of Local Home Agent - The document [1] claims "T",
+ and the evaluator concurs.
+
+ 2. Summary Discussion
+
+ It may appear, upon initial inspection, that the evaluator has not
+ lent a critical eye to the compliance assertions of the document [1].
+ First, this memo is a "PRO" brief, and as such reasonable benefit of
+ doubt is to be given in favor of the protocol submission. Second,
+ there is a fundamental conceptual issue at play. The COPS-PR model
+ provides a sufficient set of basic operations and commands, a
+ stateful model, the ability for either "peer" to initiate certain
+ kinds of requests, as well as an extensible command set, to be able
+ to support a wide variety of network and resource management
+ protocols. The details of protocol specific messages is left to
+
+
+
+Mitton, et al. Informational [Page 58]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ Policy Information Base (PIB) data objects. Since no AAA PIB has
+ been written, the evacuator can only (optimistically) assess the
+ inherent capabilities of the base protocol to accomplish the intended
+ requirements of [3], given a reasonable set of assumptions about what
+ an AAA PIB might look like.
+
+ In some sense, this akin to asserting that a given algorithm can be
+ correctly implemented in a specific programming language, without
+ actually providing the code.
+
+ The PIB model used by COPS is a powerful and flexible model. The
+ protocol document [5] spends a considerable amount of time
+ enumerating and describing the benefits of this data model, and
+ explaining its roots in Object Oriented (OO) design methodology.
+ Analogies are made to class inheritance and class containment, among
+ others. It's always hard to say bad things about OO.
+
+ 3. General Requirements
+
+ COPS-AAA would appear to meet (totally or partially) all of the
+ requirements of [3], at least as can be determined without the
+ benefit of an AAA PIB.
+
+ 4. Summary Recommendation
+
+ Recommended with reservation. Before final acceptance of COPS-AAA,
+ someone is going to have to write the AAA PIB and evaluate its
+ details.
+
+C.8 COPS CON Evaluation
+
+ Evaluation of COPS against the AAA Requirements
+ CON Evaluation
+ Evaluator - David Mitton
+
+ The Primary document discussed here is [COPSComp] and the arguments
+ therein based on the proposal [COPSAAA].
+
+ [COPSComp] "Comparison of COPS Against the AAA NA Requirements", Work
+ in Progress.
+ [COPSAAA] "COPS Usage for AAA", Work in Progress.
+ [EksteinProtoComp] "AAA Protocols: Comparison between RADIUS,
+ Diameter, and COPS", Work in Progress.
+
+
+
+
+
+
+
+
+Mitton, et al. Informational [Page 59]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ References: (in order of relevancy)
+
+ [COPSBase] Durham, D., Boyle, J., Cohen, R., Herzog, S., Rajan, R.
+ and A. Sastry, "The Common Open Policy Service Protocol",
+ RFC 2748, January 2000.
+
+ [COPSFwork] Yavatkar, R., Pendarakis, D. and R. Guerin, "A Framework
+ for Policy-based Admission Control", RFC 2753, January
+ 2000.
+
+ [COPSPR] "COPS Usage for Policy Provisioning", Work in Progress.
+
+ [COPSSPPI] "Structure of Policy Provisioning Information (SPPI)",
+ Work in Progress.
+
+ [COPSCMS] "COPS Over CMS", Work in Progress.
+
+ [COPSTLS] "COPS Over TLS", Work in Progress.
+
+ [COPSGSS] "COPS Extension for GSS-API based Authentication
+ Support", Work in Progress.
+
+ Other COPS & RSVP RFCs & drafts not listed as not directly relevant.
+
+ Compliance: T==Total, P==Partial, F=Failed
+
+ Section 1 - Per item discussion
+
+ Initial Note: [COPSComp] claims "unconditional compliance" with all
+ requirements.
+
+ 1.1 General Requirements
+
+ 1.1.1 Scalability - P (was T) The evaluator is concerned with
+ scalability of many always-on TCP connections to a server supporting
+ a lot of clients, particularly with the heartbeat messages. The
+ claim that the request handle is "unbounded" sounds fishy.
+
+ 1.1.2 Fail-over - P (was T) COPS gives an indication of peer failure,
+ and has mechanisms to restart state, but there seems to be a bias
+ toward a single state server. COPS has decided that synchronizing
+ state between multiple hot servers is out of scope.
+
+ Because COPS uses TCP, it is at the mercy of the TCP timers of the
+ implementation which can be significant. Connection timeout
+ reporting to the application may be delayed beyond the client
+ authentication timeouts. Tuning the Keep-Alive message to a tighter
+ period will increase the session and system overhead.
+
+
+
+Mitton, et al. Informational [Page 60]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.1.3 Mutual Authentication - P (was T) The explanation is sort of
+ for message object integrity. It does not describe authentication
+ techniques. The evaluator assumes that COPS peers would authenticate
+ each other at Client-Open time. But cannot understand how this would
+ work if proxies are involved.
+
+ 1.1.4 Transmission Level Security - T
+
+ 1.1.5 Data Object Confidentiality - T Seems almost a carbon copy of
+ the Diameter capabilities. This evaluator echoes the high overhead
+ concerns of the Diameter evaluator for the CMS capability. TLS is
+ not mentioned here, but is piled on later.
+
+ 1.1.6 Data Object Integrity - T See above.
+
+ 1.1.7 Certificate Transport - T
+
+ 1.1.8 Reliable AAA Transport - T (maybe P) COPS meets this
+ requirement as well as any other protocol we've evaluated. That is
+ it does have one application level ACK. Statements such as "TCP
+ provides guaranteed delivery" are incorrect. COPS does attempt to
+ identify outages by using a keep-alive message between TCP peers.
+
+ 1.1.9 Run over IPv4 - T
+
+ 1.1.10 Run over IPv6 - T
+
+ 1.1.11 Support Proxy and Routing Brokers - P (was T) How client
+ types are supported forward is not well understood by this evaluator.
+ Does each client type require the Broker to make a different client
+ Open request to it's upstream servers? What about routing brokers?
+
+ 1.1.12 Auditability - P (was T) (based on our interpretation as
+ non-repudiation, rather than the definition given in reqts) The
+ explanation of a History PIB is incomplete and therefore
+ inconclusive.
+
+ 1.1.13 Shared Secret Not Required - T Except this clause in
+ [COPSAAA] 6.2 page 14 "COPS MUST be capable of supporting TLS"
+
+ 1.1.14 Ability to Carry Service Specific Attributes - P (was T)
+
+ a) COPS only allows a small number of unique objects to be added.
+ 256 Object "classes" or types, with 256 subtypes or versions.
+ Client types are 16 bits long, where the high bit indicates
+ "enterprise" specific values. But pertain to a COPS peer-
+
+
+
+
+
+Mitton, et al. Informational [Page 61]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ connection session. The client type seems to just identify the
+ information model for the message. eg. it will be fixed to one
+ value for AAA.
+
+ b) Service specific objects are not the same as Vendor Specific
+ Objects. They pertain to objects within a client type.
+
+ c) The PIB model leads to a different model interoperability.
+ Because most vendor product differ in some way, each PIB will be
+ different, and sharing common provisioning profiles will be a
+ rather difficult mapping problem on the server.
+
+ d) It's not clear the different client types can be mixed or that
+ other objects definitions can be used from other defined client
+ types. It's really unclear how the client type of a connection
+ propagates in a proxy situation.
+
+ 1.2 Authentication Requirements
+
+ 1.2.1 NAI Support - T The requirement that RFC 2459 (X.509 profiles)
+ be met presumes that Auth servers would not have a mapping or local
+ transformation.
+
+ 1.2.2 CHAP Support - T An Information Model is being invoked, which
+ I don't see really fleshed out anywhere. [COPSAAA] does a bit of
+ handwaving and definitions but doesn't deliver much meat.
+ Nonetheless, this could be handled ala RADIUS.
+
+ 1.2.3 EAP Support - P (was T) Again with the non-existent
+ Information Model. To do EAP, this evaluator thinks another Request
+ or Decision type is needed here to indicate to proxies that an
+ extended message exchange is in progress.
+
+ 1.2.4 PAP/Clear-text Passwords - T
+
+ 1.2.5 Reauthentication on demand - T
+
+ 1.2.6 Authorization w/o Authentication - T
+
+ The comment "Please note: with existing algorithms, any authorization
+ scheme not based on prior authentication is meaningless" is
+ meaningless out of application context.
+
+ 1.3 Authorization Requirements
+
+ 1.3.1 Static and Dynamic IP Addr Assignment - T
+
+
+
+
+
+Mitton, et al. Informational [Page 62]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.3.2 RADIUS Gateway Capability - P (was T). It would be interesting
+ to see RADIUS attributes wrapped in some COPS "Information Model".
+
+ 1.3.3 Reject Capability - T
+
+ 1.3.4 Preclude Layer 2 Tunneling - T
+
+ More work for the "Information Model" author!
+
+ 1.3.5 Reauthorization on Demand - T
+
+ 1.3.6 Support for Access Rules & Filters - P (was T) Yet more work
+ for the "Information Model" author, including some design issues
+ which alluded the RADIUS and Diameter designers. At least an attempt
+ was made in Diameter. There is nothing here.
+
+ 1.3.7 State Reconciliation - P (was T). It is difficult for the
+ evaluator to understand how well the COPS mechanisms work in a
+ multi-administration situation, or in any proxy situation. Multi-
+ server coordination, if allowed, seems to be lacking a description.
+
+ 1.3.8 Unsolicited Disconnect - T
+
+ 1.4 Accounting Requirements
+
+ 1.4.1 Real Time Accounting - T
+
+ 1.4.2 Mandatory Compact Encoding - T This evaluator does not believe
+ that ADIF is a compact format. But does believe that the Information
+ Model author can design a PIB with accounting statistics that will
+ satisfy this requirement.
+
+ 1.4.3 Accounting Record Extensibility - P (was T) By defining a
+ vendor/device specific PIB for additional elements.
+
+ 1.4.4 Batch Accounting - P (was T) Offered description does not seem
+ to match the requirement.
+
+ 1.4.5 Guaranteed Delivery - P (was T) TCP does NOT "guarantee
+ delivery", only application Acks can do that. If these acks can be
+ generated similar to the description here, then this requirement is
+ met.
+
+
+
+
+
+
+
+
+
+Mitton, et al. Informational [Page 63]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.4.6 Accounting Timestamps - T Another item for the "Information
+ Model" author.
+
+ 1.4.7 Dynamic Accounting - T Event and interim accounting can be
+ supported.
+
+ 1.5 MOBILE IP Requirements
+
+ 1.5.1 Encoding of MOBILE IP Registration Messages - P (was T) Yet
+ more work for the "Information Model" author. Hope he can handle it.
+
+ 1.5.2 Firewall Friendly - P (was T) I guess. Because it uses TCP
+ and can be identified by known connection port. But there is an
+ issue with respect to the impact level of mixed COPS traffic coming
+ through a common firewall port.
+
+ 1.5.3 Allocation of Local Home Agent - P (was T) Just add another
+ element to that "Information Model" definition.
+
+ 2. Summary Discussion
+
+ COPS was designed to do some things similar to what we want and be
+ somewhat flexible, but with a totally different set of assumptions on
+ how many clients and requests would be funneled through the
+ infrastructure and the acceptable overhead. This evaluator is not
+ sure that it scales well to the fast evolving access market where
+ every product doesn't implement a small set of common features, but a
+ large set of overlapping ones.
+
+ 3. General Requirements
+
+ COPS started out with small and easily met set of design goals for
+ RSVP and DiffServe, and is evolving as a new hammer to hit other
+ nails [COPSPR]. As COPS implementors get more operational
+ experience, it is interesting to see more reliability fixes/features
+ quickly get patched in.
+
+ Understanding COPS requires that you read a number RFCs and drafts
+ which do not readily integrate well together. Each application of
+ COPS has spawned a number of drafts. It's not clear if one wants to
+ or can implement a single COPS server that can service AAA and other
+ application clients.
+
+ The COPS authors seem to overly believe in the goodness of TCP, and
+ rely on it to solve all their transport problems, with concessions to
+ application keep-alive messages to probe the connection status and
+ sequence numbers to prevent replay attacks. This evaluator believes
+ this type of approach may work for many networks but really doesn't
+
+
+
+Mitton, et al. Informational [Page 64]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ scale well in larger configurations. End-to-end application acks are
+ the only guaranteed delivery solution, particularly where distributed
+ state is involved.
+
+ COPS falls into an in between place on encoding. It has small number
+ of simple data object blobs which are concatenated ala
+ RADIUS/Diameter TLVs to form a flexible message layout. However,
+ they attempt to limit the number of objects by making them
+ arbitrarily complex ala SNMP MIBs, and defining yet another data
+ structuring language for these PIBs. There is a lot of computer
+ science style grandstanding in [COPSAAA] Section 1.2, but no
+ translation into how a set of data objects can be used to meet these
+ wonderful features in operation. (or even if we needed them) This
+ will be the crux of the interoperability issue. RADIUS
+ implementations interoperate because they at least, understand a
+ common set of functional attributes from the RFCs. And vendor extent
+ ions can be simply customized in as needed via dictionaries. If PIB
+ definitions are needed for every piece and version of access
+ equipment, before you can use it, then the bar for ease of
+ configuration and use has been raised quite high.
+
+ Support for PIB definition and vendor extensions will be on the same
+ order as MIB integration in SNMP management products and put the
+ supposed complexity of Diameter to shame.
+
+ 4. Summary Recommendation
+
+ COPS has a structure that could be made to serve as a AAA protocol,
+ perhaps by just copying the features of RADIUS and Diameter into it.
+ The author of [COPSAAA] and [COPSComp] has not done the whole job yet
+ and some of the missing pieces are vexing even for those already in
+ the field.
+
+ While some of the synergy with other COPS services is attractive,
+ this evaluator is concerned about the liabilities of combining AAA
+ services with the new emerging COPS applications in a single server
+ entity will introduce more complexity than needed and opportunities
+ to have progress pulled into other rat-holes. (eg. Policy Frameworks)
+
+
+
+
+
+
+
+
+
+
+
+
+
+Mitton, et al. Informational [Page 65]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+Appendix D - Meeting Notes
+
+ The minutes of the team meetings as recorded by various members.
+
+D.1 Minutes of 22-Jun-2000 Teleconference
+
+ Recorded by: Mark Stevens
+
+ Arguments for and against SNMP as an AAA protocol were given. Stuart
+ Barkley gave a summary of the pro argument. Mike St. Johns gave a
+ summary of the con argument. Dave Nelson asked for "instructions to
+ the jury" in an effort to determine what evidence could and could not
+ be used in making decisions.
+
+ The AAA evaluation criteria is weak in some areas and in others it
+ appears to be written with what might be interpreted as undue
+ influence from the NASREQ working group.
+
+ Mike St. Johns offered that we must restrict ourselves to considering
+ only the evidence provided in the compliance documents and any
+ supporting documents to which they may refer.
+
+ In summary: AAA evaluation criteria document, AAA evaluation criteria
+ source documents, protocol response documents and reference
+ documents.
+
+ The question as to what the group should do with malformed
+ requirements came up. The consensus seemed to be that we would use
+ the requirements as adjusted in our last meeting where the
+ requirements made no sense.
+
+ The floor was then given to Stuart Barkley for the pro SNMP argument.
+
+ Highlights:
+
+ * In most areas the requirements are met by SNMP.
+ * Confidentiality and Certificate transport mechanisms may be weak,
+ but workable.
+ * With regard to Authentication, every technique can be supported
+ although support for PAP or cleartext passwords is weak.
+ * With regard to Authorization, there is nothing in the requirements
+ that cannot be supported.
+ * Accounting everything supported, although there is no specific
+ consideration for compact encoding. SNMP not as bloated as ASCII
+ or XML based encoding schemes. Requirement for compact encoding
+ weakly indicated in requirements anyway. Server-specific
+ attributes needed, but compact encoding preclude w/o tradeoffs.
+
+
+
+
+Mitton, et al. Informational [Page 66]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ * With regard to mobile IP requirement, everything works well,
+ although firewall friendliness is a judgment call.
+ * Proxy mechanisms of SNMPv3 mitigates problems w/ firewalls.
+ * Scalability is ok.
+ * Overall, meets most requirements and shortfalls are minor.
+ * In some cases requirements seemed to expressed in a manner that
+ "stacks" the odds against SNMP.
+ * SNMP is deployed everywhere already.
+
+ * The protocol has a well-understood behavior despite the tedium of
+ MIB definition, so it has the advantage of not requiring the
+ creation of a new infrastructure.
+ * AAA response document is silent on architecture and MIB
+ definition, but there is too much work to do at this stage of
+ evaluation. Not having done the MIB definitions and architecture
+ is not a limitation of the protocol.
+ * SNMP is a good candidate.
+
+ Mike St. Johns took the floor to give a summary of the con argument.
+
+ * Neither the requirements, core documents nor response document
+ specify the mechanism of operation.
+ * Liberties were taken in the assertion that the server to server
+ interaction requirements were met.
+ * The scaling arguments are weak.
+ * Fail-over arguments are weak.
+ * Security aspects work well with the manager/server paradigm, but
+ not well in bidirectional interactions among peers.
+ * The authentication requirements not understood by authors of the
+ response document. * SNMP is just data moving protocol.
+ * Message formats not specified.
+ * What is the method for supporting authentication? Storing the
+ information is handled, but what do the nodes do with it?
+
+ * The protocol certainly shined in the area of meeting accounting
+ requirements.
+ * Although SNMP could certainly play a role in the accounting space,
+ it is unusable in the areas of Authorization and Authentication.
+ * The response document does not address how the problem will be
+ solved.
+ * It does not address the scalability issues that may arise in the
+ transition from a manager-agent mode of operation to a client-
+ server model.
+
+ The group then examined each requirement against SNMP in a line-by-
+ line exercise.
+
+
+
+
+
+Mitton, et al. Informational [Page 67]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+D.2 Minutes of 27-Jun-2000 Teleconference
+
+ Attendees - All (Mike St. John, Dave Mitton, Dave Nelson, Mark
+ Stevens, Barney Wolff, Stuart Barkley, Steven Crain, Basavaraj Patil)
+
+ Minutes recorded by : Basavaraj Patil
+
+ Evaluation of RADIUS++ AAA Requirements
+
+ Pro : Mark Stevens
+ Con : Dave Nelson
+
+ - Question raised on if all meetings held so far have been recorded.
+ Last week's meeting was recorded by Mark. Previous meetings have
+ been recorded by Mike. All of these minutes should be available
+ in the archive.
+
+ - Dave Nelson mentioned that Pat Calhoun has responded on the AAA WG
+ mailing list to the changes made to the requirements document by
+ the evaluation team. Pat's response includes arguments for
+ inclusion of some of the requirements that were deleted by the
+ eval team.
+
+ - Mike concluded that we can reinstate these requirements after
+ reviewing Pat's comments in detail and the RFCs referenced. The
+ intent is to take Pat's comments/document and review it between
+ now and next Thursday (July 6th) and integrate the comments based
+ on the findings at that time.
+
+ Voting Procedure for evaluation : No voting during the discussion.
+ All votes MUST be submitted to Mike by COB, June 28th, 00.
+
+ - Dave Nelson's summary of the Con statement for RADIUS++.
+ Overview of the points on which the evaluator disagrees with the
+ compliance statement.
+
+ Conclusion from Dave : Not recommended (Details in the con
+ statement).
+
+ Q: Is it possible to use it for accounting?
+ A: Authentication and Authorization could be separated, but
+ Accounting is the weak link in this protocol and hence is not
+ suitable.
+
+ - Mark Steven's summary of the Pro statement
+ Agreed with most of the observations made by Dave Nelson. The
+ biggest thing going for it is that it has been running in this
+ environment for a while and it does meet most of the requirements
+
+
+
+Mitton, et al. Informational [Page 68]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ in the document. Transition will be easy and backwards
+ compatibility is a key plus point.
+
+ Point-by-point Discussion:
+
+ General (1.1):
+
+ 1.1.1 Scalability
+
+ BW - There is no actual limit on the number of outstanding requests.
+ The protocol itself does not limit the number.
+
+ DN -Simultaneous requests is not the same as outstanding requests.
+
+ Discussion of workarounds that have been implemented to overcome this
+ problem.
+
+ 1.1.2 Fail-over
+
+ DN - This is an application layer protocol and uses application level
+ time-outs to provide fail-over solutions. Analogy and discussion on
+ the use of round-trip-timer in TCP.
+
+ Example of how robust a network can be based on a machine at MIT that
+ was decommissioned and a new one with the same name installed in the
+ network.
+
+ Discussion of environments where proxies for primary, secondary and
+ tertiaries exist and the possible effect of flooding messages in the
+ event of a fail-over detection.
+
+ 1.1.3 Mutual Authentication
+
+ No Discussion. Accepted as stated.
+
+ 1.1.4 Transmission level security
+
+ This requirement was deleted from the list by the evaluation team.
+ It was deleted because it is an overgeneralization of Roam Ops.
+
+ DN - There is a concern regarding what this really means. Referred
+ to what Pat is saying about this on the list and the need for it to
+ be reinstated.
+
+ Suggestion to change the tag in the requirements document to hop-by-
+ hop security.
+
+
+
+
+
+Mitton, et al. Informational [Page 69]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ Does the Roamops group use transmission level security to imply hop-
+ by-hop security?
+
+ 1.1.5 Data Object Confidentiality
+
+ Mike explained the concept of Cryptographic Message Syntax (CMS -
+ RFC2630). There are some issues regarding the use of CMS at an end
+ point. Symmetric or Asymmetric keys can be used.
+
+ There does not seem to be a problem with the suggested usage of CMS
+ in RADIUS++.
+
+ 1.1.6/7 Data Object Integrity/Certificate Transport
+
+ No discussion. (I guess everyone concurs with the statement in the
+ compliance document and the reviewers comments).
+
+ 1.1.8 Reliable AAA Transport
+
+ BW - Radius provides reliability at the application layer by doing
+ retransmissions. So why is there a need for a reliable AAA transport
+ protocol?
+
+ - Is it packet loss that the protocol needs to be concerned about?
+
+ DN - This requirement is tied to the failover issue. Explanation of
+ the negative impact of retransmissions in a network, especially in
+ the case of a web of proxies.
+
+ Conclusion is that this requirement deals with packet loss.
+
+ 1.1.9/10 Run over IPv4/6
+
+ Running over IPv6 should be a trivial issue.
+
+ 1.1.11 Support Proxy and Routing Brokers
+
+ - Discussion on what this requirement means and analogy to DNS
+ servers in a network.
+
+ - RADIUS can be extended to support this requirement and from the
+ compliance document this does not appear to be fully cooked yet.
+
+ 1.1.12 Auditability
+
+ No Discussion
+
+
+
+
+
+Mitton, et al. Informational [Page 70]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.1.13 Shared Secret Not Required
+
+ This seems to be a trivial issue to be addressed in RADIUS++.
+
+ 1.1.14 Ability to carry Service Specific Attributes
+
+ No Discussion
+
+ Authentication Requirements:
+
+ 1.2.1 NAI Support
+
+ Trivial - Total compliance.
+
+ 1.2.2 CHAP Support
+
+ Comment : RADIUS support of CHAP could be better and the response
+ needs to be encrypted.
+
+ 1.2.3/4 EAP/PAP
+
+ No Discussion
+
+ 1.2.5 Reauthentication on Demand
+
+ DN - Document claims that the server can reauthenticate by issuing an
+ Access-challenge. There is a change to the state machine and the
+ suggested solution is too simplistic. Also backwards compatibility
+ would be an issue.
+
+ 1.2.6 Authorization w/o Authentication
+
+ DN - This is trivial to fix, but this is not mentioned in the
+ compliance document.
+
+ Authorization Requirements:
+
+ 1.3.1 Static and Dynamic IP Addr assignment
+
+ - RADIUS does not rise to the demands of being a resource manager
+ - RADIUS assigns an address and it stays assigned for the session.
+ There is no concept of leasing.
+
+ 1.3.2 RADIUS Gateway Capability
+
+ This is a requirement written that is not applicable to RADIUS
+ itself.
+
+
+
+
+Mitton, et al. Informational [Page 71]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.3.3/4/5/6/7/8
+
+ Call dropped. Somebody else needs to fill in here. (Mike ????)
+
+ Accounting Requirements:
+
+ 1.4.1 Real time accounting
+
+ No dissent. No discussion
+
+ 1.4.2 Mandatory compact encoding
+
+ Comment made regarding ASN.1 and XML in this context
+
+ 1.4.3 Accounting Record Extensibility
+
+ No discussion
+
+ 1.4.4 Batch Accounting
+
+ No specific wording in the document to show how this can be done.
+ Basically it is real time accounting without the real time
+ constraint.
+
+ It may be a trivial issue.
+
+ 1.4.5/6 Guaranteed Delivery/Accounting Timestamps
+
+ No Discussion
+
+ 1.4.7 Dynamic Accounting
+
+ There is ongoing discussion in the AAA WG on this requirement. The
+ RADIUS WG is also discussing this (comment). The idea here is to be
+ able to send the equivalent of a phonecall in progress type of
+ messages.
+
+ Mobile IP Requirements:
+
+ 1.5.1 Encoding of Mobile IP Reg. Messages
+
+ May be trivial. Discussion on what this requirement really is. Is
+ it just the ability to carry the reg. message as payload? Does the
+ AAA protocol have to delve into the reg. message and behave
+ differently.
+
+
+
+
+
+
+Mitton, et al. Informational [Page 72]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.5.2 Firewall Friendly
+
+ No Discussion
+
+ 1.5.3 Allocation of Local Home Agents
+
+ This concept needs to be clarified as the author writing the
+ compliance statement did not understand it either.
+
+ If you notice anything that I recorded here as something
+ misinterpreted, please feel free to make corrections.
+
+D.3 Minutes of 29-Jun-2000 Teleconference
+
+ Attendees: Mike St. John, Dave Mitton, Dave Nelson, Barney Wolff,
+ Stuart Barkley, Steven Crain, Basavaraj Patil.
+ Missing: Mark Stevens.
+
+ Minutes recorded by: Stuart Barkley
+
+ Evaluation of Diameter AAA Requirements
+
+ Advocates:
+
+ Pro: Basavaraj Patil
+ Con: Barney Wolff
+
+ Summary discussion:
+
+ PRO summary (Basavaraj Patil):
+
+ session based
+ lightweight base + extensions
+ has implementation experience
+ based upon radius
+ fixes specific problems with radius,
+ interoperates with radius
+ looks like requirements are written for diameter
+
+ CON summary (Barney Wolff):
+
+ meets most needs, designed with requirements in mind
+
+ issues: scalability in small devices (strong crypto specifically)
+
+ failover (need guidance on failover recovery procedures)
+
+
+
+
+
+Mitton, et al. Informational [Page 73]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ Data object confidentiality has been expressed as very important,
+ diameter glosses over it referring to rfc2630, cost to run on NAS
+ device
+
+ ACL: filter style syntax seems inadequate
+
+ state reconciliation: difficult over global multiple
+ administrative domains
+
+ batch accounting: implementation doesn't meet intended need
+
+ firewall friendly: until firewalls support SCTP will be failure
+
+ summary very close
+
+ concerns:
+
+ size and complexity needs almost all extensions to actually support
+ needs separation of SCTP and data (as per IESG suggestion?)
+ application vs transport acks
+
+ Point-by-point Discussion:
+
+ General (1.1):
+
+ 1.1.1 Scalability
+
+ Handles large number of requests
+
+ SCTP reduces proxy needs (how? what is justification for this
+ statement?)
+
+ Scalability in large
+
+ 1.1.2 Fail-over
+
+ Recovery from SCTP failure needs discussion (Note to DM: Include
+ in final document considerations)
+
+ 1.1.3 Mutual Authentication
+
+ No Discussion
+
+ 1.1.4 Transmission level security
+
+ No Discussion
+
+
+
+
+
+Mitton, et al. Informational [Page 74]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.1.5/6 Data Object Confidentiality/Data Object Integrity
+
+ Crypto in NAS
+ NAS needs knowledge of when to use crypto
+ One Time Passwords
+
+ 1.1.7 Certificate Transport
+
+ No Discussion
+
+ 1.1.8 Reliable AAA Transport
+
+ No Discussion
+
+ 1.1.9/10 Run over IPv4/6
+
+ No Discussion
+
+ 1.1.11 Support Proxy and Routing Brokers
+
+ No Discussion
+
+ 1.1.12 Auditability
+
+ No Discussion
+
+ 1.1.13 Shared Secret Not Required
+
+ No Discussion
+
+ 1.1.14 Ability to carry Service Specific Attributes
+
+ No Discussion
+
+ Authentication Requirements:
+
+ 1.2.1 NAI Support
+
+ No Discussion
+
+ 1.2.2 CHAP Support
+
+ No Discussion
+
+ 1.2.3/4 EAP/PAP
+
+ No Discussion
+
+
+
+
+Mitton, et al. Informational [Page 75]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.2.5 Reauthentication on Demand
+
+ No Discussion
+
+ 1.2.6 Authorization w/o Authentication
+
+ No Discussion
+
+ Authorization Requirements:
+
+ 1.3.1 Static and Dynamic IP Addr assignment
+
+ No Discussion
+
+ 1.3.2 RADIUS Gateway Capability
+
+ Protocol requirement or implementation/application requirement?
+ Which RADIUS versions are to be supported? Which subset?
+
+ 1.3.3 Reject Capability
+
+ No Discussion
+
+ 1.3.4 Preclude L2TP
+
+ No Discussion
+
+ 1.3.5 Reauthorize on demand
+
+ Raj to look at this again
+
+ 1.3.6 Support for ACLs
+
+ Standardizes syntax not semantics.
+ Standardizes semantics in NASREQ extension, but is very weak
+
+ 1.3.7 State reconciliation
+
+ Appears to be weak in that server must "query the world" to
+ restore its state
+ Just in time reconciliation
+ Simultaneous usage limitations
+ More discussion needed
+
+
+
+
+
+
+
+
+Mitton, et al. Informational [Page 76]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.3.8 Unsolicited disconnect
+
+ No Discussion
+
+ Accounting Requirements:
+
+ 1.4.1 Real time accounting
+
+ No Discussion
+
+ 1.4.2 Mandatory compact encoding
+
+ Is ADIF compact?
+ Is ADIF UTF-8 compatible?
+
+ 1.4.3 Accounting Record Extensibility
+
+ No Discussion
+
+ 1.4.4 Batch Accounting
+
+ Diameter okay for small batches. Specification doesn't seem
+ suitable for large batch transfers (100,000+ records)
+
+ 1.4.5 Guaranteed Delivery
+
+ No Discussion
+
+ 1.4.6 Accounting Timestamps
+
+ No Discussion
+
+ 1.4.7 Dynamic Accounting
+
+ No Discussion
+
+ Mobile IP Requirements:
+
+ 1.5.1 Encoding of Mobile IP Reg. Messages
+
+ Taken of faith
+
+ 1.5.2 Firewall Friendly
+
+ Issues with SCTP being supported initially through firewalls
+
+
+
+
+
+
+Mitton, et al. Informational [Page 77]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.5.3 Allocation of Local Home Agents
+
+ Still lack of understanding of the AAA protocol requirements here
+ (versus just being a roaming attribute)
+
+ Overall summary:
+
+ Diameter seems to meet most requirements and is a likely candidate to
+ support AAA requirements.
+
+ Other matters:
+
+ Votes on Diameter should be in by Sunday evening. Same format as
+ before. Mike will tally up as both majority and average votes.
+
+ Should different requirements have different weight?
+
+ Possibility of SNMP reconsideration as per ADs? To close off our
+ task in timeframe allocated, should not reopen submissions or
+ discussions. Could cause to drag on for long time causing us to miss
+ our July 15 date.
+
+ Possibility of needing a few extra days to finish report due to
+ editing and review needs of the group. Mike to ask ADs to consider
+ slight time extension possibility.
+
+ "No discussion" means that the topic was mentioned but there we no
+ objections/issues raised on that requirement being met.
+
+ These are based upon my notes. Please send any corrections to the
+ list.
+
+D.4 Minutes of 06-Jul-2000 Teleconference
+
+ Minutes of AAA-Team Telecon 7/6/00
+ By: Barney Wolff
+
+ Pro review of COPS - Dave Nelson
+
+ Likes the object model.
+ No apparent showstoppers.
+ Will resend review with typos corrected.
+
+
+
+
+
+
+
+
+
+Mitton, et al. Informational [Page 78]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ Con review of COPS - Dave Mitton
+
+ Architecture is mostly there.
+ Strong dependency on info model, sceptical of object model.
+ Problem with info model in multi-vendor, multi-administration
+ environment.
+ How does server speak to multiple client flavors?
+ Will resend review with typos corrected.
+
+ Comment by Mike StJ "replace SNMP with COPS" - :) I think.
+
+ Per-Item discussion
+
+ 1.1.1 Scalability - concern re always-on TCP. Direction to DM - add
+ general issue of number of connections.
+
+ 1.1.2 Failover - No hot backup, but true of all protocols. (ie, no
+ explicit mention of server-server protocol that might keep a backup
+ server in sync so it could take over instantly.)
+
+ 1.1.3 Mutual Authentication - perhaps relies on TLS. Draft does not
+ otherwise support this.
+
+ 1.1.8 Reliable AAA Transport - TCP + appl heartbeat.
+
+ 1.1.11 Proxy & Routing Brokers - client-type interaction with proxy
+ is questionable. (In later discussion, it appears client-type is a
+ field in the request, and perhaps all AAA is one type, so may not be
+ an issue.)
+
+ 1.1.13 Shared secret not req'd - runs over TLS, no multiple levels of
+ security.
+
+ 1.2.1 NAI Support - some uncertainty on the impact of RFC 2459 (X.509
+ profiles) on this - may restrict NAI in some way?
+
+ 1.2.3 EAP Support - multi-pass handshake needs work.
+
+ 1.2.6 Authorization without Authentication - Mike comments the
+ requirement is broken. BW comment (post-meeting) - the requirement
+ appears intended specifically to chastise RADIUS for requiring User-
+ Name and some sort of password in an Access-Request, even if it's
+ sent pre-connect, on receipt of DNIS, for example. Sure it's silly,
+ but does it really matter whether an attribute is absent or filled
+ with "NONE"? This was just nasty sniping at RADIUS on somebody's
+ part, imho.
+
+ 1.3.2 RADIUS Gateway - skepticism was expressed.
+
+
+
+Mitton, et al. Informational [Page 79]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.3.4 Preclude L2 Tunnels - too much handwaving.
+
+ 1.3.6 Access Rules - lots of work needed.
+
+ 1.3.7 State Reconciliation - multi-server coordination is an issue.
+
+ 1.4.4 Batch Accounting - for small batches, perhaps.
+
+ 1.4.5 Guaranteed Delivery - application acks are an area of mystery.
+
+ 1.5.2 Firewall-Friendly - COPS like any Swiss-Army-Knife protocol
+ (SNMP) requires the firewall to look inside the packets, because
+ passing AAA may be allowed but not other protocol uses. So it would
+ be a big help, for both COPS and SNMP, to define a different port for
+ its AAA application.
+
+D.5 Minutes of 11-Jul-2000 Teleconference
+
+ Present: Mike, Bernard, Paul, Bert, Raj, Dave N., Dave M., Barney,
+ Stuart, Mark
+ Recorded By: Dave Nelson
+
+ Mike St. Johns set the ground rules.
+
+ An item by item review of the summary results was held.
+
+ 1.1.1 Question as to why SNMP and RADIUS++ are "P"? There are issues
+ regarding scaling of retries in a web of proxies (multi-layer proxy;
+ primary, secondary tertiary servers at each level).
+
+ 1.1.2 No protocol did very well. Similar issues as above, e.g. web
+ of proxies. Recovery of state from a previously failed primary
+ server?
+
+ 1.1.3 Question as to how serious is the need for this requirement?
+ May be some legitimate requirements from Mobile IP. Is this
+ requirement an AAA-level issue?
+
+ 1.1.4 Called hop-by-hop or transmission level?
+
+ 1.1.5 Most protocols evaluated used CMS to meet this requirement.
+ Question as to applicability of CMS for NASes and other edge devices?
+ There is a requirement for object by object confidentiality.
+ consider three-party scenarios.
+
+
+
+
+
+
+
+Mitton, et al. Informational [Page 80]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.1.6 Question as to why SNMP did not rate the same as for item
+ 1.1.5? The evaluation is based on what was contained in the
+ submission documents, rather than capabilities of the protocol
+ itself. Too much hand waving.
+
+ 1.1.7 No comments.
+
+ 1.1.8 Question as to meaning of "reliable"? Discussion of transport
+ protocols was deferred to later in the meeting.
+
+ 1.1.9 No comments.
+
+ 1.1.10 SNMP received "P" because of hand waving in the submission
+ documents.
+
+ 1.1.11 SNMP received "F" because this section of the submission
+ document indicated "t.b.d.". Diameter was the only protocol
+ submission to completely address this item.
+
+ 1.1.12 We treated this requirement as "non-repudiation". There is a
+ concern that digital signatures are computationally expensive and are
+ not globally available. COPS has more work to do on this item.
+
+ 1.1.13 Question that "no shared secrets" should be interpreted to
+ mean that an alternative key management mechanism is available? We
+ treated this as meaning that application-layer security could be
+ turned off in deference to transport layer security. There had been
+ discussion of the use of IKE in the AAA protocol.
+
+ 1.1.14 No comments.
+
+ 1.2.1 No comments.
+
+ 1.2.2 No comments.
+
+ 1.2.3 No comments.
+
+ 1.2.4 Is there a need for a clear-text "password" for service such as
+ OTP, SecurID, et. al.? It was noted that all plain passwords are
+ exposed in clear-text at the NAS or other edge device, which is no
+ more inherently trustworthy than any AAA server or proxy.
+
+ 1.2.5 We distinguished event-driven reauthentication from timer-
+ driven (or lifetime-driven). How is this requirement to be met in a
+ proxy environment?
+
+ 1.2.6 We asserted that this requirement is an oxymoron.
+
+
+
+
+Mitton, et al. Informational [Page 81]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ 1.3.1 We had difficulty in determining what "static" meant, and from
+ which reference point it was measured.
+
+ 1.3.2 We agreed that NAIs could be handled, possibly with some
+ restrictions.
+
+ 1.3.3 No comment.
+
+ 1.3.4 The SNMP submission documents contained significant hand
+ waving.
+
+ 1.3.5 Similar comments as to item 1.2.5. The question was raised as
+ to how the server knows when to send this request?
+
+ 1.3.6 We found that the notation in Diameter was weak, and of a least
+ common denominator nature. In general, there was concern about
+ achieving interoperability when the syntax was standardized but the
+
+ semantics were not. This area needs further work.
+
+ 1.3.7 Question as to how this requirement is achieved via proxies?
+
+ 1.4.1 No comment.
+
+ 1.4.2 No comment.
+
+ 1.4.3 No comment.
+
+ 1.4.4 There was significant skepticism regarding batch accounting as
+ part of the AAA protocol. How large are the "batches"? Should this
+ requirement be met using FTP or something similar?
+
+ 1.4.5 No comment.
+
+ 1.4.6 No comment.
+
+ 1.4.7 No comment.
+
+ 1.5.1 No comment.
+
+ 1.5.2 There was some discussion of what constitutes firewall
+ friendly. It was suggested that the firewall didn't want to look
+ into packets much past the application protocol address (e.g. UDP or
+ TCP port number). Protocols such as SNMP and COPS that have usage
+ other than AAA are at a disadvantage, since the firewall must look
+ deep into the application PDU to determine the intended purpose of
+ the packet. Diameter suffers from reliance of SCTP, which is not
+ widely deployed or widely recognized by firewalls. Should firewalls
+
+
+
+Mitton, et al. Informational [Page 82]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+ also be AAA proxy engines? Has this issue anything to do with
+ interoperability with NAT?
+
+ 1.5.3 We had some confusion as to what the requirement actually was.
+ Raj seemed to be able to explain it, but the rest of us had to take
+ it on faith.
+
+ A poll was taken on overall acceptability and effort for each of the
+ protocols submitted, for requirements conformance.
+
+ Each member indicated their evaluation in the form of (Acceptable,
+ Not-Acceptable) with qualifiers for (Accounting, or effort to change)
+ This information will be summarized in the final report.
+
+ A general wrap-up discussion was held.
+
+ It was considered important that as much of the thought processes and
+ rationales be placed in the final report as is feasible. Mike St.
+ John will work with Dave Mitton on the ID. We really need to meet
+ the IETF July 14 submission deadline, even if we have to issue an
+ update on the AAA WG mailing list. All agreed that the process went
+ fairly well. In future evaluations of this nature, it would be well
+ for the evaluators to follow the requirements documents closely, for
+ the submitters to create accurate and complete conformance documents,
+ and to allow a "re-spin" cycle to correct errors and omissions in the
+ requirements documents and conformance documents.
+
+ A discussion of the transport protocol was held.
+
+ The issue with transport is congestion control. There has been a
+ problem with streams-oriented applications over TCP. The IESG is
+ increasingly sensitive to this issue in new protocols. It was noted
+ that AAA was a transaction-oriented application. Other request-
+ response applications, such as DNS, seem to scale welt to Internet-
+ scale using simple application-level retries and UDP transport. TCP
+ has problems with head-of-line blocking, especially when multiple
+ sessions are using a single TCP connection. AAA typically will send
+ 3 or 4 iterations and then indicate a failure to the upper layers.
+ It won't continue retransmissions in the face of congestion, like
+ TCP. It was noted that bulk data transfer may not best be
+ implemented in the AAA protocol. Concern was voiced that SCTP is not
+ a widely implemented protocol. AAA will implement congestion control
+ by limiting the number of outstanding requests. Some RADIUS
+ implementations send lots of traffic when they encounter
+ misconfigured shared secrets, but this is likely caused by a lack of
+ proper error recovery. Diameter, as currently drafted, relies on
+ SCTP. Can AAA run over UDP? The IESG didn't say "no"; their issue
+ is addressing congestion control.
+
+
+
+Mitton, et al. Informational [Page 83]
+
+RFC 3127 AAA Protocol Evaluation Process June 2001
+
+
+Full Copyright Statement
+
+ Copyright (C) The Internet Society (2001). All Rights Reserved.
+
+ This document and translations of it may be copied and furnished to
+ others, and derivative works that comment on or otherwise explain it
+ or assist in its implementation may be prepared, copied, published
+ and distributed, in whole or in part, without restriction of any
+ kind, provided that the above copyright notice and this paragraph are
+ included on all such copies and derivative works. However, this
+ document itself may not be modified in any way, such as by removing
+ the copyright notice or references to the Internet Society or other
+ Internet organizations, except as needed for the purpose of
+ developing Internet standards in which case the procedures for
+ copyrights defined in the Internet Standards process must be
+ followed, or as required to translate it into languages other than
+ English.
+
+ The limited permissions granted above are perpetual and will not be
+ revoked by the Internet Society or its successors or assigns.
+
+ This document and the information contained herein is provided on an
+ "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+ TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+ BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+ HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+ MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Acknowledgement
+
+ Funding for the RFC Editor function is currently provided by the
+ Internet Society.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Mitton, et al. Informational [Page 84]
+