draft-ietf-radext-extended-attributes-03.txt   draft-ietf-radext-extended-attributes-04.txt 
Network Working Group Y. Li Network Working Group Y. Li
Internet-Draft A. Lior Internet-Draft A. Lior
Intended status: Standards Track BWS Intended status: Standards Track BWS
Expires: September 16, 2008 G. Zorn Expires: January 8, 2009 G. Zorn
Aruba Networks NetCube Technologies
March 15, 2008 July 7, 2008
Extended Remote Authentication Dial In User Service (RADIUS) Attributes Extended Remote Authentication Dial In User Service (RADIUS) Attributes
draft-ietf-radext-extended-attributes-03.txt draft-ietf-radext-extended-attributes-04.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 36 skipping to change at page 1, line 36
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on September 16, 2008. This Internet-Draft will expire on January 8, 2009.
Copyright Notice Copyright Notice
Copyright (C) The IETF Trust (2008). Copyright (C) The IETF Trust (2008).
Abstract Abstract
For the Remote Authentication Dial In User Service (RADIUS) protocol For the Remote Authentication Dial In User Service (RADIUS) protocol
to continue to support new applications the RADIUS attribute type to continue to support new applications the RADIUS attribute type
space must be extended beyond the current limit of 255 possible space must be extended beyond the current limit of 255 possible
skipping to change at page 2, line 15 skipping to change at page 2, line 15
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 2.1. Requirements Language . . . . . . . . . . . . . . . . . . 3
3. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 4 3. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 4
4. RADIUS Type Extension . . . . . . . . . . . . . . . . . . . . 4 4. RADIUS Type Extension . . . . . . . . . . . . . . . . . . . . 4
5. Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . . 5 5. Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . . 5
6. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 6. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
7. Security Considerations . . . . . . . . . . . . . . . . . . . 11 7. Security Considerations . . . . . . . . . . . . . . . . . . . 10
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10
9. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . . 11 9. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . . 10
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11
10.1. Normative References . . . . . . . . . . . . . . . . . . . 11 10.1. Normative References . . . . . . . . . . . . . . . . . . . 11
10.2. Informative References . . . . . . . . . . . . . . . . . . 11 10.2. Informative References . . . . . . . . . . . . . . . . . . 11
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 12 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11
Intellectual Property and Copyright Statements . . . . . . . . . . 13 Intellectual Property and Copyright Statements . . . . . . . . . . 13
1. Introduction 1. Introduction
The Remote Authentication Dial In User Service (RADIUS) Protocol The Remote Authentication Dial In User Service (RADIUS) Protocol
[RFC2865] defines two classes of attributes: standard and vendor- [RFC2865] defines two classes of attributes: standard and vendor-
specific. specific.
Vendor-specific Attributes (VSAs) allow vendors (including Standards Vendor-specific Attributes (VSAs) allow vendors (including Standards
Development Organizations (SDOs)) to define their own Attributes, Development Organizations (SDOs)) to define their own Attributes,
skipping to change at page 5, line 38 skipping to change at page 5, line 38
encapsulated TLVs fit into the current Extended Attribute. The encapsulated TLVs fit into the current Extended Attribute. The
More flag MUST NOT be set if the Extended Attribute contains more More flag MUST NOT be set if the Extended Attribute contains more
than one TLV. The Tag field is used to combine sets of related than one TLV. The Tag field is used to combine sets of related
Extended Attributes into simple groups. Extended Attributes into simple groups.
o The Data field is an abstract container for TLVs; the Data field o The Data field is an abstract container for TLVs; the Data field
MUST contain at least one TLV. MUST contain at least one TLV.
TLVs are encoded as follows: TLVs are encoded as follows:
o The first octet is the Ext-Type field o The first two octets contain the Ext-Type field
o The next octet is the Ext-Length field, representing of the entire o The next octet is the Ext-Length field, representing the length of
TLV, including the length of the Ext-Type field (1 octet), the the entire TLV, including the length of the Ext-Type field (2
length of the Ext-Length field itself (1 octet) and the length of octets), the length of the Ext-Length field itself (1 octet) and
the Value field (1 or more octets) the length of the Value field (1 or more octets)
o The Value field consists of one or more octets comprising the o The Value field consists of one or more octets comprising the
actual data to be transmitted actual data to be transmitted
5. Formal Syntax 5. Formal Syntax
This section describes the encoding scheme used for RADIUS Extended This section describes the encoding scheme used for RADIUS Extended
Attributes. The basis of this encoding is the format recommended for Attributes. The basis of this encoding is the format recommended for
Vendor Specific Attributes in RFC 2865 [RFC2865]. Vendor Specific Attributes in RFC 2865 [RFC2865].
skipping to change at page 6, line 20 skipping to change at page 6, line 20
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Vendor-Id (0) |M| Tag | Data... | Vendor-Id (0) |M| Tag | Data...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type Type
26 for Vendor-Specific 26 for Vendor-Specific
Length Length
>=10 >=11
Vendor ID Vendor ID
The high-order octet is zero (0) and the low-order 3 octets are The high-order octet is zero (0) and the low-order 3 octets are
zeros (0)s representing an extended IETF RADIUS attribute zeros (0)s representing an extended IETF RADIUS attribute
M (More) M (More)
The More Flag is one (1) bit in length and MUST be present. When The More Flag is one (1) bit in length and MUST be present. When
a value to be transmitted exceeds 246 octets in length it is a value to be transmitted exceeds 246 octets in length it is
skipping to change at page 6, line 48 skipping to change at page 6, line 48
Tag Tag
The Tag field is 7 bits long and MUST be present. It is used to The Tag field is 7 bits long and MUST be present. It is used to
group Extended Attributes. Extended Attributes with the same non- group Extended Attributes. Extended Attributes with the same non-
zero value in the Tag field belong to the same group. A Tag value zero value in the Tag field belong to the same group. A Tag value
of zero (0) indicates that the attribute is not grouped. A Tag of zero (0) indicates that the attribute is not grouped. A Tag
value of all ones (0x7F) is reserved. value of all ones (0x7F) is reserved.
Data Data
The Data field is >= 3 octets in length. It consists of 1 or more The Data field is >= 4 octets in length. It consists of 1 or more
TLVs. TLVs.
TLVs have the following syntax: TLVs have the following syntax:
1 2 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Ext-Type | Ext-Len | Value... | Ext-Type | Ext-Len | Value...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Ext-Type Ext-Type
One (1) octets. Up-to-date values of the Ext-Type field are Two (2) octets. Up-to-date values of the Ext-Type field are
specified in the most recent "Assigned Numbers" [IANA]. Values specified in the most recent "Assigned Numbers" [IANA]. Values
XXXX-YYYY are reserved. XXXX-YYYY are reserved.
Ext-Len Ext-Len
>= 4. The length of the Extended Attribute, including the Ext- >= 4. The length of the Extended Attribute, including the Ext-
Type, Ext-Length and Value fields. Type, Ext-Length and Value fields.
Value Value
skipping to change at page 7, line 36 skipping to change at page 7, line 36
6. Examples 6. Examples
Consider an attribute called Foo of type String. Foo has been Consider an attribute called Foo of type String. Foo has been
allocated an Extended-Type 0f 257 by IANA. The following figure allocated an Extended-Type 0f 257 by IANA. The following figure
shows the encoding of Foo(0,4) = "Hello": shows the encoding of Foo(0,4) = "Hello":
1 2 3 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type (26) | Length | Vendor-Id | Type (26) | Length | Vendor-Id
| | (7 + 7 = 14) | (0) | | (7 + 8 = 15) | (0)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Vendor-Id (cont) |M| Tag | Ext-Type | Vendor-Id (cont) |M| Tag | Ext-Type
|0| (0) | (257) | |0| (0) | (0)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Ext-Length | Value | | | Ext-Type (cont)| Ext-Length | Value | |
| (2 + 5 = 7) | (H) | (e) | (l) | (257) | (3 + 5 = 8) | (H) | (e) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | | | | |
| (l) | (o) | | (l) | (l) | (o) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1 Figure 1
Now consider another instantiation of the Foo Extended Attribute, Now consider another instantiation of the Foo Extended Attribute,
this one with a length of 251 octets. In this case the value is this one with a length of 251 octets. In this case the value is
fragmented over two Extended Attributes. The first 246 octets are fragmented over two Extended Attributes. The first 245 octets are
included in the first fragment which has the More bit set and the included in the first fragment which has the More bit set and the
remaining 6 octets appear in the second attribute. Figure 2 below remaining 6 octets appear in the second attribute. Figure 2 below
illustrates the encoding of the first 7 octets of the first Extended illustrates the encoding of the first 7 octets of the first Extended
Attribute (Foo(0,6) = "Hello W"), while Figure 3 shows how the second Attribute (Foo(0,6) = "Hello W"), while Figure 3 shows how the second
attribute (Foo(246,250) = "e end.") is encoded. attribute (Foo(246,250) = "e end.") is encoded.
1 2 3 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type (26) | Length | Vendor-Id | Type (26) | Length | Vendor-Id
| |(7 + 248 = 255)| (0) | |(7 + 248 = 255)| (0)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Vendor-Id (cont) |M| Tag | Ext-Type | Vendor-Id (cont) |M| Tag | Ext-Type
|1| (0) | (257) | (0) |1| (0) | (0)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Ext-Length | Value | | | Ext-Type (cont)| Ext-Length | Value | |
|(2 + 246 = 248)| (H) | (e) | (l) | (257) |(3 + 245 = 248)| (H) | (e) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | | | | | | | |
| (l) | (o) | ( ) | (W) | | (l) | (l) | (o) | ( ) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
... | (W) | ...
+-+-+-+-+-+-+-+-+
Figure 2 Figure 2
1 2 3 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type (26) | Length | Vendor-Id | | Type (26) | Length | Vendor-Id
| | (7 + 8 = 15) | (0) | | | (7 + 9 = 15) | (0)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Vendor-Id |M| Tag | Ext-Type | Vendor-Id (cont) |M| Tag | Ext-Type
(0) |0| (0) | (257) | (0) |0| (0) | (0)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Ext-Length | Value | | Ext-Type (cont)| Ext-Length | Value | |
| (2 + 6 = 8) | (e) | ( ) | (e) (256) | (3 + 6 = 9) | (e) | ( ) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | | |
| (e) | (n) | (d) | (.) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
| (n) | (d) | (.) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3 Figure 3
The next example illustrates several of the features of Extended The next example illustrates several of the features of Extended
Attributes: Attributes:
o encapsulation of values greater than 253 octets in length o encapsulation of values greater than 253 octets in length
o grouping of related Extended Attributes using tags o grouping of related Extended Attributes using tags
skipping to change at page 10, line 8 skipping to change at page 9, line 31
an Extended Type of 259 and element c is assigned an Extended Type of an Extended Type of 259 and element c is assigned an Extended Type of
271. The following figure illustrates the coding where a(0,20) = 271. The following figure illustrates the coding where a(0,20) =
0xDEADDEAD, b(0,1) = "He", b(243,250) = "The end." and is of length 0xDEADDEAD, b(0,1) = "He", b(243,250) = "The end." and is of length
251 octets; and c(0,27) = 0x12345678. The attributes are grouped 251 octets; and c(0,27) = 0x12345678. The attributes are grouped
together with TAG=42. For the sake of brevity, the value of b(3,241) together with TAG=42. For the sake of brevity, the value of b(3,241)
is omitted. is omitted.
1 2 3 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type (26) | Length | Vendor-Id | | Type (26) | Length | Vendor-Id
| | (7 + 6 = 13) | (0) | | | (7 + 7 = 14) | (0)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Vendor-Id |M| Tag | Ext-Type | Vendor-Id (cont) |M| Tag | Ext-Type
| (0) |0| (42) | (290) | (0) |0| (42) | (0)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Ext-Length | Value | | | Ext-Type (cont)| Ext-Length | Value | |
| (2 + 4 = 6) | (0xDE) | (0xAD) | (0xDE) | (290) | (3 + 4 = 7) | (0xDE) | (0xAD) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | | |
| (0xAD) | | (0xDE | (0xAD) |
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1 2 3 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type (26) | Length | Vendor-Id | | Type (26) | Length | Vendor-Id
| |(7 + 248 = 255)| (0) | | |(7 + 248 = 255)| (0)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Vendor-Id |M| Tag | Ext-Type | Vendor-Id (cont) |M| Tag | Ext-Type
| (0) |1| (42) | (259) | (0) |1| (42) | (0)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Ext-Type (cont)| Ext-Length | Value | |
(259) |(3 + 245 = 248)| (H) | (e) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Ext-Length | Value | |
|(2 + 246 = 248)| (H) | (e) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... ...
1 2 3 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type (26) | Length | Vendor-Id | | Type (26) | Length | Vendor-Id
| | (7+7+6=20) | (0) | | | (7+8+7=22) | (0)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Vendor-Id |M| Tag | Ext-Type | Vendor-Id (cont) |M| Tag | Ext-Type
| (0) |0| (42) | (259) | (0) |0| (42) | (0)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Ext-Length | Value | | | Ext-Type (cont)| Ext-Length | Value | |
| (2 + 5 = 7) | ( ) | (e) | (n) | (259) | (3 + 5 = 8) | ( ) | (e) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | Ext-Type | Ext-Length | | | | | Ext-Type
| (d) | (.) | (271) | (2 + 4 = 6) | | (n) | (d) | (.) | (0)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Value | | | | Ext-Type (cont)| Ext-Length | Value | |
| (0x12) | (0x34) | (0x56) | (0x78) | (271) | (3 + 4 = 7) | (0x12) | (0x34) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | |
| (0x78) | (0x56) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 4 Figure 4
7. Security Considerations 7. Security Considerations
TBD TBD
8. IANA Considerations 8. IANA Considerations
This solution requires that the IETF be allocated Vendor-Type of zero This solution requires that the Vendor-Type of zero be allocated to
to the IETF. the IETF.
It also requires that IANA set up a new registry for the RADIUS It also requires that IANA set up a new registry for the RADIUS
Extended Attribute Types. Extended Attribute Types.
9. Open Issues 9. Open Issues
What is the numbering scheme for attributes that will be used by RFC What is the numbering scheme for attributes that will be used by RFC
writers going forward? For example today we write user-name(1). writers going forward? For example today we write user-name(1).
Going forward, will we write foo-bar(0,1)? Going forward, will we write foo-bar(0,1)?
What is the numbering plan for these attributes? What (if any) range What is the numbering plan for these attributes? What (if any) range
should be reserved? What should the IANA policy for allocation new should be reserved? What should the IANA policy for allocation new
Vendor-Ids to the IETF? Vendor-Ids to the IETF?
It seems like RFC 4005 covers most of the question regarding Diameter It seems like RFC 4005 covers most of the question regarding Diameter
compatibility, but a few questions remain. For example, should we compatibility, but a few questions remain. For example, should we
require that the 'M' bit be set or not? require that the 'M' bit be set or not?
skipping to change at page 12, line 40 skipping to change at page 12, line 30
303 Terry Fox Drive 303 Terry Fox Drive
Suite 100 Suite 100
Ottawa, Ontario K2K 3J1 Ottawa, Ontario K2K 3J1
Canada Canada
Phone: +1 (613) 591-6655 Phone: +1 (613) 591-6655
Email: avi@bridgewatersystems.com Email: avi@bridgewatersystems.com
URI: http://www.bridgewatersystems.com/ URI: http://www.bridgewatersystems.com/
Glen Zorn Glen Zorn
Aruba Networks NetCube Technologies
1322 Crossman Avenue 77/440 Soi Phoomjit
Sunnyvale, CA 94089 Rama IV Road
USA Phrakanong Klongtoie
Bangkok 10110
Thailand
Email: gzorn@arubanetworks.com Phone: +66 (0) 6600 6480
URI: http://www.arubanetworks.com/ Email: gwz@netcube.com
Full Copyright Statement Full Copyright Statement
Copyright (C) The IETF Trust (2008). Copyright (C) The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors contained in BCP 78, and except as set forth therein, the authors
retain all their rights. retain all their rights.
This document and the information contained herein are provided on an This document and the information contained herein are provided on an
 End of changes. 42 change blocks. 
80 lines changed or deleted 88 lines changed or added

This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/