draft-ietf-radext-radius-extensions-02.txt   draft-ietf-radext-radius-extensions-03.txt 
Network Working Group Alan DeKok Network Working Group Alan DeKok
INTERNET-DRAFT Network RADIUS INTERNET-DRAFT Network RADIUS
Category: Proposed Standard Avi Lior Category: Proposed Standard Avi Lior
Updates: 2865, 2866, 5176 BWS Updates: 2865, 2866, 3575, 5176 BWS
<draft-ietf-radext-radius-extensions-02.txt> <draft-ietf-radext-radius-extensions-03.txt>
Expires: January 6, 2012 Expires: May 15, 2012
25 October 2011 15 November 2011
Remote Authentication Dial In User Service (RADIUS) Protocol Remote Authentication Dial In User Service (RADIUS) Protocol
Extensions Extensions
draft-ietf-radext-radius-extensions-02.txt draft-ietf-radext-radius-extensions-03.txt
Abstract Abstract
The Remote Authentication Dial In User Service (RADIUS) protocol is The Remote Authentication Dial In User Service (RADIUS) protocol is
nearing exhaustion of its current 8-bit attribute type space. In nearing exhaustion of its current 8-bit attribute type space. In
addition, experience shows a growing need for complex grouping, along addition, experience shows a growing need for complex grouping, along
with attributes which can carry more than 253 octets of data. This with attributes which can carry more than 253 octets of data. This
document defines changes to RADIUS which address all of the above document defines changes to RADIUS which address all of the above
problems. problems.
skipping to change at page 1, line 45 skipping to change at page 1, line 45
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on January 6, 2012. This Internet-Draft will expire on May 15, 2012.
Copyright Notice Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info/) in effect on the date of (http://trustee.ietf.org/license-info/) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
skipping to change at page 4, line 5 skipping to change at page 4, line 5
6.5. Implementation Guidelines ........................... 36 6.5. Implementation Guidelines ........................... 36
6.6. Vendor Guidelines ................................... 36 6.6. Vendor Guidelines ................................... 36
7. Rationale ................................................ 36 7. Rationale ................................................ 36
7.1. Attribute Audit ..................................... 37 7.1. Attribute Audit ..................................... 37
8. Examples ................................................. 37 8. Examples ................................................. 37
8.1. Extended Type ....................................... 38 8.1. Extended Type ....................................... 38
8.2. Extended Type with Flags ............................ 40 8.2. Extended Type with Flags ............................ 40
9. IANA Considerations ...................................... 42 9. IANA Considerations ...................................... 42
9.1. Attribute Allocations ............................... 42 9.1. Attribute Allocations ............................... 42
9.2. RADIUS Attribute Type Tree .......................... 43 9.2. RADIUS Attribute Type Tree .......................... 43
9.3. Extending the Attribute Type Tree ................... 44 9.3. Allocation of TLV Data Types ........................ 44
10. Security Considerations ................................. 44 9.4. Allocation within a TLV ............................. 44
11. References .............................................. 44 9.5. Allocation of Extended Type with Flags format ....... 45
11.1. Normative references ............................... 44 9.6. Allocation of Other Data Types ...................... 45
11.2. Informative references ............................. 45 10. Security Considerations ................................. 45
Appendix A - Extended Attribute Generator Program ............ 46 11. References .............................................. 45
11.1. Normative references ............................... 46
11.2. Informative references ............................. 46
Appendix A - Extended Attribute Generator Program ............ 47
1. Introduction 1. Introduction
Under current allocation pressure, we expect that the RADIUS Under current allocation pressure, we expect that the RADIUS
Attribute Type space will be exhausted by 2014 or 2015. We therefore Attribute Type space will be exhausted by 2014 or 2015. We therefore
need a way to extend the type space, so that new specifications may need a way to extend the type space, so that new specifications may
continue to be developed. Other issues have also been shown with continue to be developed. Other issues have also been shown with
RADIUS. The attribute grouping method defined in [RFC2868] has been RADIUS. The attribute grouping method defined in [RFC2868] has been
shown to be imnpractical, and a more powerful mechanism is needed. shown to be imnpractical, and a more powerful mechanism is needed.
Multiple attributes have been defined which transport more than the Multiple attributes have been defined which transport more than the
253 octets of data originally envisioned with the protocol. Each of 253 octets of data originally envisioned with the protocol. Each of
skipping to change at page 10, line 29 skipping to change at page 10, line 29
The More Flag is one (1) bit in length, and indicates whether or The More Flag is one (1) bit in length, and indicates whether or
not the current attribute contains "more" than 251 octets of data. not the current attribute contains "more" than 251 octets of data.
The More flag MUST be clear (0) if the Length field has value less The More flag MUST be clear (0) if the Length field has value less
than 255. The More flag MAY be set (1) if the Length field has than 255. The More flag MAY be set (1) if the Length field has
value of 255. value of 255.
If the More flag is set (1), it indicates that the Value field has If the More flag is set (1), it indicates that the Value field has
been fragmented across multiple RADIUS attributes. When the More been fragmented across multiple RADIUS attributes. When the More
flag is set (1), the attribute SHOULD have a Length field of value flag is set (1), the attribute SHOULD have a Length field of value
255; it MUST NOT have a length Field of of value 4; there MUST be 255; it MUST NOT have a length Field of value 4; there MUST be an
an attribute following this one; and the next attribute MUST have attribute following this one; and the next attribute MUST have
both the same Type and Extended Type. That is, multiple fragments both the same Type and Extended Type. That is, multiple fragments
of the same value MUST be in order and MUST be consecutive of the same value MUST be in order and MUST be consecutive
attributes in the packet, and the last attribute in a packet MUST attributes in the packet, and the last attribute in a packet MUST
NOT have the More flag set (1). NOT have the More flag set (1).
When the Length field of an attribute has value less than 255, the When the Length field of an attribute has value less than 255, the
More flag SHOULD be clear (0). More flag SHOULD be clear (0).
If a client or server receives an attribute fragment with the If a client or server receives an attribute fragment with the
"More" flag set (1), but for which no subsequent fragment can be "More" flag set (1), but for which no subsequent fragment can be
skipping to change at page 11, line 25 skipping to change at page 11, line 25
fields) from which it is constructed. The format of the data fields) from which it is constructed. The format of the data
SHOULD be a valid RADIUS data type. SHOULD be a valid RADIUS data type.
This definition increases the RADIUS Attribute Type space as above, This definition increases the RADIUS Attribute Type space as above,
but also provides for transport of Attributes which could contain but also provides for transport of Attributes which could contain
more than 253 octets of data. more than 253 octets of data.
2.3. TLV Data Type 2.3. TLV Data Type
We define a new data type in RADIUS, called "tlv". The "tlv" data We define a new data type in RADIUS, called "tlv". The "tlv" data
type is an encapsulation layer which which permits the "Value" field type is an encapsulation layer which permits the "Value" field of an
of an Attribute to contain new sub-Attributes. These sub-Attributes Attribute to contain new sub-Attributes. These sub-Attributes can in
can in turn contain "Value"s of data type TLV. This capability both turn contain "Value"s of data type TLV. This capability both extends
extends the attribute space, and permits "nested" attributes to be the attribute space, and permits "nested" attributes to be used.
used. This nesting can be used to encapsulate or group data into one This nesting can be used to encapsulate or group data into one or
or more logical containers. more logical containers.
The "tlv" data type re-uses the RADIUS attribute format, as given The "tlv" data type re-uses the RADIUS attribute format, as given
below: below:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TLV-Type | TLV-Length | TLV-Value ... | TLV-Type | TLV-Length | TLV-Value ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 14, line 25 skipping to change at page 14, line 25
The high-order octet is 0 and the low-order 3 octets are the SMI The high-order octet is 0 and the low-order 3 octets are the SMI
Network Management Private Enterprise Code of the Vendor in Network Management Private Enterprise Code of the Vendor in
network byte order. network byte order.
Vendor-Type Vendor-Type
The Vendor-Type field is one octet. Values are assigned at the The Vendor-Type field is one octet. Values are assigned at the
sole discretion of the Vendor. sole discretion of the Vendor.
String Value
The String field is one or more octets. It SHOULD encapsulate a The Value field is one or more octets. It SHOULD encapsulate a
previously defined RADIUS data type. Using non-standard data previously defined RADIUS data type. Using non-standard data
types is NOT RECOMMENDED. We note that the String field may be of types is NOT RECOMMENDED. We note that the Value field may be of
data type "tlv". However, it MUST NOT be of data type "evs", as data type "tlv". However, it MUST NOT be of data type "evs", as
the use cases are unclear for one vendor delegating attribute type the use cases are unclear for one vendor delegating attribute type
space to another vendor. space to another vendor.
The actual format of the information is site or application The actual format of the information is site or application
specific, and a robust implementation SHOULD support the field as specific, and a robust implementation SHOULD support the field as
undistinguished octets. We recognise that Vendors have complete undistinguished octets. We recognise that Vendors have complete
control over the contents and format of the String field, while at control over the contents and format of the Value field, while at
the same time recommending that good practices be followed. the same time recommending that good practices be followed.
Further codification of the range of allowed usage of this field Further codification of the range of allowed usage of this field
is outside the scope of this specification. is outside the scope of this specification.
Note that unlike the format described in [RFC2865] Section 5.26, this Note that unlike the format described in [RFC2865] Section 5.26, this
data type has no "Vendor length" field. The length of the "String" data type has no "Vendor length" field. The length of the "String"
field is implicit, and is determined by taking the "Length" of the field is implicit, and is determined by taking the "Length" of the
encapsulating RADIUS Attribute, and subtracting the length of the encapsulating RADIUS Attribute, and subtracting the length of the
attribute header including the 4 octets of Vendor-Id. i.e. For attribute header including the 4 octets of Vendor-Id. i.e. For
skipping to change at page 15, line 12 skipping to change at page 15, line 12
Flags" attributes, the length of the String field is eight (8) less Flags" attributes, the length of the String field is eight (8) less
than the value of the Length field. than the value of the Length field.
2.5. Integer64 Data Type 2.5. Integer64 Data Type
We define a new data type in RADIUS, called "integer64", which We define a new data type in RADIUS, called "integer64", which
carries a 64-bit unsigned integer in network byte order. carries a 64-bit unsigned integer in network byte order.
This data type is intended to be used in any situation where there is This data type is intended to be used in any situation where there is
a need to have counters which can count past 2^32. The expected use a need to have counters which can count past 2^32. The expected use
og this data type is within Accounting-Request packets, but this data of this data type is within Accounting-Request packets, but this data
type SHOULD be used in any packet where 32-bit integers are expected type SHOULD be used in any packet where 32-bit integers are expected
to be insufficient. to be insufficient.
The "integer64" data type MAY be used in Attributes of any format, The "integer64" data type MAY be used in Attributes of any format,
standard space, extended attributes, TLVs, and VSAs. standard space, extended attributes, TLVs, and VSAs.
A summary of the "integer64" data type format is shown below. The A summary of the "integer64" data type format is shown below. The
fields are transmitted from left to right. fields are transmitted from left to right.
0 1 2 3 0 1 2 3
skipping to change at page 19, line 7 skipping to change at page 19, line 7
>= 4 >= 4
Extended-Type Extended-Type
The Extended-Type field is one octet. Up-to-date values of this The Extended-Type field is one octet. Up-to-date values of this
field are specified by IANA, in the 241.{1-255} RADIUS Attribute field are specified by IANA, in the 241.{1-255} RADIUS Attribute
Type Space. Further definition of this field is given in Section Type Space. Further definition of this field is given in Section
2.1, above. 2.1, above.
String Value
The String field is one or more octets. Implementations not The Value field is one or more octets. Implementations not
supporting this specification SHOULD support the field as supporting this specification SHOULD support the field as
undistinguished octets. undistinguished octets.
Implementations supporting this specification MUST use the Implementations supporting this specification MUST use the
Identifier of "Type.Extended-Type" to determine the interpretation Identifier of "Type.Extended-Type" to determine the interpretation
of the String field. of the Value field.
3.2. Extended-Type-2 3.2. Extended-Type-2
Description Description
This attribute encapsulates attributes of the "Extended Type" This attribute encapsulates attributes of the "Extended Type"
format, in the RADIUS Attribute Type Space of 242.{1-255}. format, in the RADIUS Attribute Type Space of 242.{1-255}.
A summary of the Extended-Type-2 Attribute format is shown below. A summary of the Extended-Type-2 Attribute format is shown below.
The fields are transmitted from left to right. The fields are transmitted from left to right.
skipping to change at page 19, line 48 skipping to change at page 19, line 48
>= 4 >= 4
Extended-Type Extended-Type
The Extended-Type field is one octet. Up-to-date values of this The Extended-Type field is one octet. Up-to-date values of this
field are specified by IANA, in the 242.{1-255} RADIUS Attribute field are specified by IANA, in the 242.{1-255} RADIUS Attribute
Type Space. Further definition of this field is given in Section Type Space. Further definition of this field is given in Section
2.1, above. 2.1, above.
String Value
The String field is one or more octets. Implementations not The Value field is one or more octets. Implementations not
supporting this specification SHOULD support the field as supporting this specification SHOULD support the field as
undistinguished octets. undistinguished octets.
Implementations supporting this specification MUST use the Implementations supporting this specification MUST use the
Identifier of "Type.Extended-Type" to determine the interpretation Identifier of "Type.Extended-Type" to determine the interpretation
of the String field of the Value field
3.3. Extended-Type-3 3.3. Extended-Type-3
Description Description
This attribute encapsulates attributes of the "Extended Type" This attribute encapsulates attributes of the "Extended Type"
format, in the RADIUS Attribute Type Space of 243.{1-255}. format, in the RADIUS Attribute Type Space of 243.{1-255}.
A summary of the Extended-Type-3 Attribute format is shown below. A summary of the Extended-Type-3 Attribute format is shown below.
The fields are transmitted from left to right. The fields are transmitted from left to right.
skipping to change at page 20, line 42 skipping to change at page 20, line 42
>= 4 >= 4
Extended-Type Extended-Type
The Extended-Type field is one octet. Up-to-date values of this The Extended-Type field is one octet. Up-to-date values of this
field are specified by IANA, in the 243.{1-255} RADIUS Attribute field are specified by IANA, in the 243.{1-255} RADIUS Attribute
Type Space. Further definition of this field is given in Section Type Space. Further definition of this field is given in Section
2.1, above. 2.1, above.
String Value
The String field is one or more octets. Implementations not The Value field is one or more octets. Implementations not
supporting this specification SHOULD support the field as supporting this specification SHOULD support the field as
undistinguished octets. undistinguished octets.
Implementations supporting this specification MUST use the Implementations supporting this specification MUST use the
Identifier of "Type.Extended-Type" to determine the interpretation Identifier of "Type.Extended-Type" to determine the interpretation
of the String field. of the Value field.
3.4. Extended-Type-4 3.4. Extended-Type-4
Description Description
This attribute encapsulates attributes of the "Extended Type" This attribute encapsulates attributes of the "Extended Type"
format, in the RADIUS Attribute Type Space of 244.{1-255}. format, in the RADIUS Attribute Type Space of 244.{1-255}.
A summary of the Extended-Type-4 Attribute format is shown below. A summary of the Extended-Type-4 Attribute format is shown below.
The fields are transmitted from left to right. The fields are transmitted from left to right.
skipping to change at page 21, line 36 skipping to change at page 21, line 36
>= 4 >= 4
Extended-Type Extended-Type
The Extended-Type field is one octet. Up-to-date values of this The Extended-Type field is one octet. Up-to-date values of this
field are specified by IANA, in the 244.{1-255} RADIUS Attribute field are specified by IANA, in the 244.{1-255} RADIUS Attribute
Type Space. Further definition of this field is given in Section Type Space. Further definition of this field is given in Section
2.1, above. 2.1, above.
String Value
The String field is one or more octets. Implementations not The Value field is one or more octets. Implementations not
supporting this specification SHOULD support the field as supporting this specification SHOULD support the field as
undistinguished octets. undistinguished octets.
Implementations supporting this specification MUST use the Implementations supporting this specification MUST use the
Identifier of "Type.Extended-Type" to determine the interpretation Identifier of "Type.Extended-Type" to determine the interpretation
of the String Field. of the Value Field.
3.5. Extended-Type-Flagged-1 3.5. Extended-Type-Flagged-1
Description Description
This attribute encapsulates attributes of the "Extended Type with This attribute encapsulates attributes of the "Extended Type with
Flags" format, in the RADIUS Attribute Type Space of 245.{1-255}. Flags" format, in the RADIUS Attribute Type Space of 245.{1-255}.
A summary of the Extended-Type-Flagged-1 Attribute format is shown A summary of the Extended-Type-Flagged-1 Attribute format is shown
below. The fields are transmitted from left to right. below. The fields are transmitted from left to right.
skipping to change at page 22, line 22 skipping to change at page 22, line 22
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Value ... | Value ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type Type
245 for Extended-Type-Flagged-1 245 for Extended-Type-Flagged-1
Length Length
>= 4 >= 5
Extended-Type Extended-Type
The Extended-Type field is one octet. Up-to-date values of this The Extended-Type field is one octet. Up-to-date values of this
field are specified by IANA, in the 245.{1-255} RADIUS Attribute field are specified by IANA, in the 245.{1-255} RADIUS Attribute
Type Space. Further definition of this field is given in Section Type Space. Further definition of this field is given in Section
2.1, above. 2.1, above.
M (More) M (More)
skipping to change at page 22, line 44 skipping to change at page 22, line 44
not the current attribute contains "more" than 251 octets of data. not the current attribute contains "more" than 251 octets of data.
Further definition of this field is given in Section 2.2, above. Further definition of this field is given in Section 2.2, above.
Flags Flags
This field is 7 bits long, and is reserved for future use. This field is 7 bits long, and is reserved for future use.
Implementations MUST set it to zero (0) when encoding an attribute Implementations MUST set it to zero (0) when encoding an attribute
for sending in a packet. The contents SHOULD be ignored on for sending in a packet. The contents SHOULD be ignored on
reception. reception.
String Value
The String field is one or more octets. Implementations not The Value field is one or more octets. Implementations not
supporting this specification SHOULD support the field as supporting this specification SHOULD support the field as
undistinguished octets. undistinguished octets.
Implementations supporting this specification MUST use the Implementations supporting this specification MUST use the
Identifier of "Type.Extended-Type" to determine the interpretation Identifier of "Type.Extended-Type" to determine the interpretation
of the String field. of the Value field.
3.6. Extended-Type-Flagged-2 3.6. Extended-Type-Flagged-2
Description Description
This attribute encapsulates attributes of the "Extended Type with This attribute encapsulates attributes of the "Extended Type with
Flags" format, in the RADIUS Attribute Type Space of 246.{1-255}. Flags" format, in the RADIUS Attribute Type Space of 246.{1-255}.
A summary of the Extended-Type-Flagged-2 Attribute format is shown A summary of the Extended-Type-Flagged-2 Attribute format is shown
below. The fields are transmitted from left to right. below. The fields are transmitted from left to right.
skipping to change at page 23, line 29 skipping to change at page 23, line 29
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Value ... | Value ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type Type
246 for Extended-Type-Flagged-2 246 for Extended-Type-Flagged-2
Length Length
>= 4 >= 5
Extended-Type Extended-Type
The Extended-Type field is one octet. Up-to-date values of this The Extended-Type field is one octet. Up-to-date values of this
field are specified by IANA, in the 246.{1-255} RADIUS Attribute field are specified by IANA, in the 246.{1-255} RADIUS Attribute
Type Space. Further definition of this field is given in Section Type Space. Further definition of this field is given in Section
2.1, above. 2.1, above.
M (More) M (More)
skipping to change at page 23, line 51 skipping to change at page 23, line 51
not the current attribute contains "more" than 251 octets of data. not the current attribute contains "more" than 251 octets of data.
Further definition of this field is given in Section 2.2, above. Further definition of this field is given in Section 2.2, above.
Flags Flags
This field is 7 bits long, and is reserved for future use. This field is 7 bits long, and is reserved for future use.
Implementations MUST set it to zero (0) when encoding an attribute Implementations MUST set it to zero (0) when encoding an attribute
for sending in a packet. The contents SHOULD be ignored on for sending in a packet. The contents SHOULD be ignored on
reception. reception.
String Value
The String field is one or more octets. Implementations not The Value field is one or more octets. Implementations not
supporting this specification SHOULD support the field as supporting this specification SHOULD support the field as
undistinguished octets. undistinguished octets.
Implementations supporting this specification MUST use the Implementations supporting this specification MUST use the
Identifier of "Type.Extended-Type" to determine the interpretation Identifier of "Type.Extended-Type" to determine the interpretation
of the String field. of the Value field.
4. Vendor Specific Attributes 4. Vendor Specific Attributes
We define six new attributes which can carry Vendor Specific We define six new attributes which can carry Vendor Specific
information. We define four (4) attributes of the "Extended Type" information. We define four (4) attributes of the "Extended Type"
format, with Type codes (241.26, 242.26, 243.26, 244.26), using the format, with Type codes (241.26, 242.26, 243.26, 244.26), using the
"evs" data type. We also define two (2) attributes of "Extended Type "evs" data type. We also define two (2) attributes of "Extended Type
with Flags" format, with Type codes (245.26, 246.26), using the "evs" with Flags" format, with Type codes (245.26, 246.26), using the "evs"
data type. data type.
skipping to change at page 24, line 50 skipping to change at page 24, line 50
A summary of the Extended-Vendor-Specific-1 Attribute format is shown A summary of the Extended-Vendor-Specific-1 Attribute format is shown
below. The fields are transmitted from left to right. below. The fields are transmitted from left to right.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Extended-Type | Vendor-Id ... | Type | Length | Extended-Type | Vendor-Id ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... Vendor-Id (cont) | Vendor-Type | ... Vendor-Id (cont) | Vendor-Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| String .... | Value ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type.Extended-Type Type.Extended-Type
241.26 for Extended-Vendor-Specific-1 241.26 for Extended-Vendor-Specific-1
Length Length
>= 9 >= 9
Vendor-Id Vendor-Id
The high-order octet is 0 and the low-order 3 octets are the SMI The high-order octet is 0 and the low-order 3 octets are the SMI
Network Management Private Enterprise Code of the Vendor in Network Management Private Enterprise Code of the Vendor in
network byte order. network byte order.
Vendor-Type Vendor-Type
The Vendor-Type field is one octet. Values are assigned at the The Vendor-Type field is one octet. Values are assigned at the
sole discretion of the Vendor. sole discretion of the Vendor.
String Value
The String field is one or more octets. The actual format of the The Value field is one or more octets. The actual format of the
information is site or application specific, and a robust information is site or application specific, and a robust
implementation SHOULD support the field as undistinguished octets. implementation SHOULD support the field as undistinguished octets.
The codification of the range of allowed usage of this field is The codification of the range of allowed usage of this field is
outside the scope of this specification. outside the scope of this specification.
The length of the String field is eight (8) less then the value of The length of the Value field is eight (8) less then the value of
the Length field. the Length field.
Implementations supporting this specification MUST use the Implementations supporting this specification MUST use the
Identifier of "Type.Extended-Type.Vendor-Id.Vendor-Type" to Identifier of "Type.Extended-Type.Vendor-Id.Vendor-Type" to
determine the interpretation of the String field. determine the interpretation of the Value field.
4.2. Extended-Vendor-Specific-2 4.2. Extended-Vendor-Specific-2
Description Description
This attribute defines a RADIUS Type Code of 242.26, using the This attribute defines a RADIUS Type Code of 242.26, using the
"evs" data type. "evs" data type.
A summary of the Extended-Vendor-Specific-2 Attribute format is shown A summary of the Extended-Vendor-Specific-2 Attribute format is shown
below. The fields are transmitted from left to right. below. The fields are transmitted from left to right.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Extended-Type | Vendor-Id ... | Type | Length | Extended-Type | Vendor-Id ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... Vendor-Id (cont) | Vendor-Type | ... Vendor-Id (cont) | Vendor-Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| String .... | Value ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type.Extended-Type Type.Extended-Type
242.26 for Extended-Vendor-Specific-2 242.26 for Extended-Vendor-Specific-2
Length Length
>= 9 >= 9
skipping to change at page 26, line 30 skipping to change at page 26, line 30
The high-order octet is 0 and the low-order 3 octets are the SMI The high-order octet is 0 and the low-order 3 octets are the SMI
Network Management Private Enterprise Code of the Vendor in Network Management Private Enterprise Code of the Vendor in
network byte order. network byte order.
Vendor-Type Vendor-Type
The Vendor-Type field is one octet. Values are assigned at the The Vendor-Type field is one octet. Values are assigned at the
sole discretion of the Vendor. sole discretion of the Vendor.
String Value
The String field is one or more octets. The actual format of the The Value field is one or more octets. The actual format of the
information is site or application specific, and a robust information is site or application specific, and a robust
implementation SHOULD support the field as undistinguished octets. implementation SHOULD support the field as undistinguished octets.
The codification of the range of allowed usage of this field is The codification of the range of allowed usage of this field is
outside the scope of this specification. outside the scope of this specification.
The length of the String field is eight (8) less then the value of The length of the Value field is eight (8) less then the value of
the Length field. the Length field.
Implementations supporting this specification MUST use the Implementations supporting this specification MUST use the
Identifier of "Type.Extended-Type.Vendor-Id.Vendor-Type" to Identifier of "Type.Extended-Type.Vendor-Id.Vendor-Type" to
determine the interpretation of the String field. determine the interpretation of the Value field.
4.3. Extended-Vendor-Specific-3 4.3. Extended-Vendor-Specific-3
Description Description
This attribute defines a RADIUS Type Code of 243.26, using the This attribute defines a RADIUS Type Code of 243.26, using the
"evs" data type. "evs" data type.
A summary of the Extended-Vendor-Specific-3 Attribute format is shown A summary of the Extended-Vendor-Specific-3 Attribute format is shown
below. The fields are transmitted from left to right. below. The fields are transmitted from left to right.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Extended-Type | Vendor-Id ... | Type | Length | Extended-Type | Vendor-Id ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... Vendor-Id (cont) | Vendor-Type | ... Vendor-Id (cont) | Vendor-Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| String .... | Value ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type.Extended-Type Type.Extended-Type
243.26 for Extended-Vendor-Specific-3 243.26 for Extended-Vendor-Specific-3
Length Length
>= 9 >= 9
skipping to change at page 27, line 37 skipping to change at page 27, line 37
The high-order octet is 0 and the low-order 3 octets are the SMI The high-order octet is 0 and the low-order 3 octets are the SMI
Network Management Private Enterprise Code of the Vendor in Network Management Private Enterprise Code of the Vendor in
network byte order. network byte order.
Vendor-Type Vendor-Type
The Vendor-Type field is one octet. Values are assigned at the The Vendor-Type field is one octet. Values are assigned at the
sole discretion of the Vendor. sole discretion of the Vendor.
String Value
The String field is one or more octets. The actual format of the The Value field is one or more octets. The actual format of the
information is site or application specific, and a robust information is site or application specific, and a robust
implementation SHOULD support the field as undistinguished octets. implementation SHOULD support the field as undistinguished octets.
The codification of the range of allowed usage of this field is The codification of the range of allowed usage of this field is
outside the scope of this specification. outside the scope of this specification.
The length of the String field is eight (8) less then the value of The length of the Value field is eight (8) less then the value of
the Length field. the Length field.
Implementations supporting this specification MUST use the Implementations supporting this specification MUST use the
Identifier of "Type.Extended-Type.Vendor-Id.Vendor-Type" to Identifier of "Type.Extended-Type.Vendor-Id.Vendor-Type" to
determine the interpretation of the String field. determine the interpretation of the Value field.
4.4. Extended-Vendor-Specific-4 4.4. Extended-Vendor-Specific-4
Description Description
This attribute defines a RADIUS Type Code of 244.26, using the This attribute defines a RADIUS Type Code of 244.26, using the
"evs" data type. "evs" data type.
A summary of the Extended-Vendor-Specific-3 Attribute format is shown A summary of the Extended-Vendor-Specific-3 Attribute format is shown
below. The fields are transmitted from left to right. below. The fields are transmitted from left to right.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Extended-Type | Vendor-Id ... | Type | Length | Extended-Type | Vendor-Id ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... Vendor-Id (cont) | Vendor-Type | ... Vendor-Id (cont) | Vendor-Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| String .... | Value ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type.Extended-Type Type.Extended-Type
244.26 for Extended-Vendor-Specific-4 244.26 for Extended-Vendor-Specific-4
Length Length
>= 9 >= 9
skipping to change at page 28, line 44 skipping to change at page 28, line 44
The high-order octet is 0 and the low-order 3 octets are the SMI The high-order octet is 0 and the low-order 3 octets are the SMI
Network Management Private Enterprise Code of the Vendor in Network Management Private Enterprise Code of the Vendor in
network byte order. network byte order.
Vendor-Type Vendor-Type
The Vendor-Type field is one octet. Values are assigned at the The Vendor-Type field is one octet. Values are assigned at the
sole discretion of the Vendor. sole discretion of the Vendor.
String Value
The String field is one or more octets. The actual format of the The Value field is one or more octets. The actual format of the
information is site or application specific, and a robust information is site or application specific, and a robust
implementation SHOULD support the field as undistinguished octets. implementation SHOULD support the field as undistinguished octets.
The codification of the range of allowed usage of this field is The codification of the range of allowed usage of this field is
outside the scope of this specification. outside the scope of this specification.
The length of the String field is eight (8) less then the value of The length of the Value field is eight (8) less then the value of
the Length field. the Length field.
Implementations supporting this specification MUST use the Implementations supporting this specification MUST use the
Identifier of "Type.Extended-Type.Vendor-Id.Vendor-Type" to Identifier of "Type.Extended-Type.Vendor-Id.Vendor-Type" to
determine the interpretation of the String field. determine the interpretation of the Value field.
4.5. Extended-Vendor-Specific-5 4.5. Extended-Vendor-Specific-5
Description Description
This attribute defines a RADIUS Type Code of 245.26, using the This attribute defines a RADIUS Type Code of 245.26, using the
"evs" data type. "evs" data type.
A summary of the Extended-Vendor-Specific-5 Attribute format is shown A summary of the Extended-Vendor-Specific-5 Attribute format is shown
below. The fields are transmitted from left to right. below. The fields are transmitted from left to right.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Extended-Type |M| Flags | | Type | Length | Extended-Type |M| Flags |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Vendor-Id | | Vendor-Id |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Vendor-Type | String .... | Vendor-Type | Value ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type.Extended-Type Type.Extended-Type
245.26 for Extended-Vendor-Specific-5 245.26 for Extended-Vendor-Specific-5
Length Length
>= 10 (first fragment) >= 10 (first fragment)
>= 5 (subsequent fragments) >= 5 (subsequent fragments)
When a VSA is fragmented across multiple Attributes, only the When a VSA is fragmented across multiple Attributes, only the
first Attribute contains the Vendor-Id and Vendor-Type fields. first Attribute contains the Vendor-Id and Vendor-Type fields.
Subsequent Attributes contain fragments of the String field only. Subsequent Attributes contain fragments of the Value field only.
M (More) M (More)
The More Flag is one (1) bit in length, and indicates whether or The More Flag is one (1) bit in length, and indicates whether or
not the current attribute contains "more" than 251 octets of data. not the current attribute contains "more" than 251 octets of data.
Further definition of this field is given in Section 2.2, above. Further definition of this field is given in Section 2.2, above.
Flags Flags
This field is 7 bits long, and is reserved for future use. This field is 7 bits long, and is reserved for future use.
Implementations MUST set it to zero (0) when encoding an attribute Implementations MUST set it to zero (0) when encoding an attribute
skipping to change at page 30, line 20 skipping to change at page 30, line 20
The high-order octet is 0 and the low-order 3 octets are the SMI The high-order octet is 0 and the low-order 3 octets are the SMI
Network Management Private Enterprise Code of the Vendor in Network Management Private Enterprise Code of the Vendor in
network byte order. network byte order.
Vendor-Type Vendor-Type
The Vendor-Type field is one octet. Values are assigned at the The Vendor-Type field is one octet. Values are assigned at the
sole discretion of the Vendor. sole discretion of the Vendor.
String Value
The String field is one or more octets. The actual format of the The Value field is one or more octets. The actual format of the
information is site or application specific, and a robust information is site or application specific, and a robust
implementation SHOULD support the field as undistinguished octets. implementation SHOULD support the field as undistinguished octets.
The codification of the range of allowed usage of this field is The codification of the range of allowed usage of this field is
outside the scope of this specification. outside the scope of this specification.
Implementations supporting this specification MUST use the Implementations supporting this specification MUST use the
Identifier of "Type.Extended-Type.Vendor-Id.Vendor-Type" to Identifier of "Type.Extended-Type.Vendor-Id.Vendor-Type" to
determine the interpretation of the String field. determine the interpretation of the Value field.
4.6. Extended-Vendor-Specific-6 4.6. Extended-Vendor-Specific-6
Description Description
This attribute defines a RADIUS Type Code of 246.26, using the This attribute defines a RADIUS Type Code of 246.26, using the
"evs" data type. "evs" data type.
A summary of the Extended-Vendor-Specific-6 Attribute format is shown A summary of the Extended-Vendor-Specific-6 Attribute format is shown
below. The fields are transmitted from left to right. below. The fields are transmitted from left to right.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Extended-Type |M| Flags | | Type | Length | Extended-Type |M| Flags |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Vendor-Id | | Vendor-Id |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Vendor-Type | String .... | Vendor-Type | Value ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type.Extended-Type Type.Extended-Type
246.26 for Extended-Vendor-Specific-6 246.26 for Extended-Vendor-Specific-6
Length Length
>= 10 (first fragment) >= 10 (first fragment)
>= 5 (subsequent fragments) >= 5 (subsequent fragments)
When a VSA is fragmented across multiple Attributes, only the When a VSA is fragmented across multiple Attributes, only the
first Attribute contains the Vendor-Id and Vendor-Type fields. first Attribute contains the Vendor-Id and Vendor-Type fields.
Subsequent Attributes contain fragments of the String field only. Subsequent Attributes contain fragments of the Value field only.
M (More) M (More)
The More Flag is one (1) bit in length, and indicates whether or The More Flag is one (1) bit in length, and indicates whether or
not the current attribute contains "more" than 251 octets of data. not the current attribute contains "more" than 251 octets of data.
Further definition of this field is given in Section 2.2, above. Further definition of this field is given in Section 2.2, above.
Flags Flags
This field is 7 bits long, and is reserved for future use. This field is 7 bits long, and is reserved for future use.
skipping to change at page 31, line 41 skipping to change at page 31, line 41
The high-order octet is 0 and the low-order 3 octets are the SMI The high-order octet is 0 and the low-order 3 octets are the SMI
Network Management Private Enterprise Code of the Vendor in Network Management Private Enterprise Code of the Vendor in
network byte order. network byte order.
Vendor-Type Vendor-Type
The Vendor-Type field is one octet. Values are assigned at the The Vendor-Type field is one octet. Values are assigned at the
sole discretion of the Vendor. sole discretion of the Vendor.
String Value
The String field is one or more octets. The actual format of the The Value field is one or more octets. The actual format of the
information is site or application specific, and a robust information is site or application specific, and a robust
implementation SHOULD support the field as undistinguished octets. implementation SHOULD support the field as undistinguished octets.
The codification of the range of allowed usage of this field is The codification of the range of allowed usage of this field is
outside the scope of this specification. outside the scope of this specification.
Implementations supporting this specification MUST use the Implementations supporting this specification MUST use the
Identifier of "Type.Extended-Type.Vendor-Id.Vendor-Type" to Identifier of "Type.Extended-Type.Vendor-Id.Vendor-Type" to
determine the interpretation of the String field. determine the interpretation of the Value field.
5. Compatibility with traditional RADIUS 5. Compatibility with traditional RADIUS
There are a number of potential compatibility issues with traditional There are a number of potential compatibility issues with traditional
RADIUS. This section describes them. RADIUS. This section describes them.
5.1. Attribute Allocation 5.1. Attribute Allocation
Some vendors have used Attribute Type codes from the "Reserved" Some vendors have used Attribute Type codes from the "Reserved"
space, as part of vendor-defined dictionaries. This practice is space, as part of vendor-defined dictionaries. This practice is
skipping to change at page 42, line 29 skipping to change at page 42, line 29
bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb
bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb
bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb
bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb
bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb
bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb f5 17 1a 00 bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb f5 17 1a 00 bb
bb bb bb bb cc cc cc cc cc cc cc cc cc cc 13 45 67 89 bb bb bb bb cc cc cc cc cc cc cc cc cc cc 13 45 67 89
9. IANA Considerations 9. IANA Considerations
This document has multiple impacts on IANA, in the "RADIUS Attribute This document updates [RFC3575] in that it adds new IANA
Types" registry. Attribute types which were previously reserved are considerations for RADIUS Attributes. These considerations extend
now allocated, previously free attributes are marked deprecated, and the IANA considerations for RADIUS, rather than replacing them.
the registry is extended from a simple 8-bit array to a tree-like Specifically, assignment of Attribute Type values 241-255 requires
structure, up to a maximum depth of 125 nodes. Standards Action, and allocation of values for existing attributes is
done by the process given in [RFC3575].
The IANA considerations of this document are limited to the "RADIUS
Attribute Types" registry. Attribute Type values which were
previously marked reserved are now allocated, Attribute Type values
previously marked unassigned are now deprecated, and the registry is
extended from a simple 8-bit array to a tree-like structure, up to a
maximum depth of 125 nodes. Detailed recommendations are given
below.
9.1. Attribute Allocations 9.1. Attribute Allocations
IANA is requested to move the "Unassigned" numbers in the range IANA is requested to move the "Unassigned" values in the range
144-191 from "Unassigned" to "Deprecated". New allocations are 144-191 from "Unassigned" to "Deprecated". Allocation from the
normally taken from the Extended Type space, starting with lower "Deprecated" space can still be performed by publication of an IETF
numbered attributes. However, allocation from the "Deprecated" space specification, subject to the recommendations of {RFC3575], and where
can still be performed by publication of an IETF specification, where
that specification requests allocation from the "Deprecated" space, that specification requests allocation from the "Deprecated" space,
and gives reasons why use of the Extended Type space is impossible. and also gives reasons why use of the Extended Type space is
impossible.
IANA is requested to move the following numbers from "Reserved", to IANA is requested to move the following values from "Reserved", to
allocated, with the following names: "Allocated", with the following names:
* 241 Extended-Type-1 * 241 Extended-Type-1
* 242 Extended-Type-2 * 242 Extended-Type-2
* 243 Extended-Type-3 * 243 Extended-Type-3
* 244 Extended-Type-4 * 244 Extended-Type-4
* 245 Extended-Type-Flagged-1 * 245 Extended-Type-Flagged-1
* 246 Extended-Type-Flagged-2 * 246 Extended-Type-Flagged-2
These attributes serve as an encapsulation layer for the new RADIUS These values serve as an encapsulation layer for the new RADIUS
Attribute Type tree. Attribute Type tree.
9.2. RADIUS Attribute Type Tree 9.2. RADIUS Attribute Type Tree
Each of the attributes allocated above extends the "RADIUS Attribute Each of the Attribute Type values allocated above extends the "RADIUS
Types" to an N-ary tree, via a "dotted number" notation. Each number Attribute Types" to an N-ary tree, via a "dotted number" notation.
in the tree is an 8-bit value (1 to 255). The value zero (0) is not Allocation of an Attribute Type value "VALUE" using the new Extended
used. Currently, only one level of the tree is defined: type format results in allocation of 255 new Attribute Type values,
of format "VALUE.1" through "VALUE.255". The value zero "VALUE.0" is
not used. Value twenty-six (26) is assigned as "Vendor Specific".
Values 241-255 are marked "Reserved". All other values are
"Unassigned".
The initial set of Attribute Type values and names assigned by this
document is given below.
* 241 Extended-Attribute-1 * 241 Extended-Attribute-1
* 241.{1-25} Unassigned * 241.{1-25} Unassigned
* 241.26 Extended-Vendor-Specific-1 * 241.26 Extended-Vendor-Specific-1
* 241.{27-240} Unassigned * 241.{27-240} Unassigned
* 241.{241-255} Reserved * 241.{241-255} Reserved
* 242 Extended-Attribute-2 * 242 Extended-Attribute-2
* 242.{1-25} Unassigned * 242.{1-25} Unassigned
* 242.26 Extended-Vendor-Specific-2 * 242.26 Extended-Vendor-Specific-2
* 242.{27-240} Unassigned * 242.{27-240} Unassigned
skipping to change at page 44, line 6 skipping to change at page 44, line 22
* 246 Extended-Attribute-6 * 246 Extended-Attribute-6
* 246.{1-25} Unassigned * 246.{1-25} Unassigned
* 245.26 Extended-Vendor-Specific-6 * 245.26 Extended-Vendor-Specific-6
* 246.{27-240} Unassigned * 246.{27-240} Unassigned
* 246.{241-255} Reserved * 246.{241-255} Reserved
The values marked "Unassigned" above are available for assignment by The values marked "Unassigned" above are available for assignment by
IANA in future RADIUS specifications. The values marked "Reserved" IANA in future RADIUS specifications. The values marked "Reserved"
are reserved for future use. are reserved for future use.
9.3. Extending the Attribute Type Tree 9.3. Allocation of TLV Data Types
When specifications request allocation of an attribute of data type When specifications request allocation of an attribute of data type
"tlv", that allocation extends the Attribute Type Tree by one more "tlv", that allocation extends the Attribute Type Tree by one more
level. The value zero (0) is not used. Values 254 and 255 are level. Allocation of an Attribute Type value "TYPE.TLV", with Data
Reserved. All other values are available for allocation. Type TLV, results in allocation of 255 new Attribute Type values, of
format "TYPE.TLV.1" through "TYPE.TLV.255". The value zero "VALUE.0"
is not used. Values 254-255 are marked "Reserved". All other values
are "Unassigned".
For example, if a new attribute "Example-TLV" of data type "tlv" is For example, if a new attribute "Example-TLV" of data type "tlv" is
assigned the identifier "245.1", then the extended tree will be assigned the identifier "245.1", then the extended tree will be
allocation as below: allocation as below:
* 245.1 Example-TLV * 245.1 Example-TLV
* 245.1.{1-253} Unassigned * 245.1.{1-253} Unassigned
* 245.1.{254-255} Reserved * 245.1.{254-255} Reserved
Note that this example does not define an "Example-TLV" attribute. Note that this example does not define an "Example-TLV" attribute.
The Attribute Type Tree can be extended multiple levels in one The Attribute Type Tree can be extended multiple levels in one
specification when the specification requests allocation of nested specification when the specification requests allocation of nested
TLVs. TLVs, as discussed below.
9.4. Allocation within a TLV
Specifications can request allocation of Attribute Type values within
an Attribute of Data Type TLV. The encapsulating TLV can be
allocated in the same specification, or it can have been previously
allocated.
Specifications need to request allocation within a specific Attribute
Type value (e.g. "TYPE.TLV.*"). Allocations are performed from the
smallest Unassigned value, proceeding to the largest Unassigned
value.
Where the Attribute being allocated is of Data Type TLV, the
Attribute Type tree is extended by one level, as given in the
previous section. Allocations can then be made within that level.
9.5. Allocation of Extended Type with Flags format
Specifications can request allocation of an Attribute which requires
the format Extended Type with Flags. In that case, IANA should
assign the lowest Unassigned number from the 245.* or 246.* Attribute
Type space. If those spaces are full, the specification should
explicitly request allocation from an Attribute Type space of the
relevant format.
9.6. Allocation of Other Data Types
Attribute Type value allocations are otherwise allocated from the
smallest Unassigned value, starting from 241.1, proceeding through
241.255, then to 242.1, through 242.255, etc.
10. Security Considerations 10. Security Considerations
This document defines new formats for data carried inside of RADIUS, This document defines new formats for data carried inside of RADIUS,
but otherwise makes no changes to the security of the RADIUS but otherwise makes no changes to the security of the RADIUS
protocol. protocol.
Attacks on cryptographic hashes are well known, and are getting Attacks on cryptographic hashes are well known, and are getting
better with time, as discussed in[RFC4270]. RADIUS uses the MD5 hash better with time, as discussed in[RFC4270]. RADIUS uses the MD5 hash
[RFC1321] for packet authentication and attribute obfuscation. There [RFC1321] for packet authentication and attribute obfuscation. There
skipping to change at page 45, line 19 skipping to change at page 46, line 23
11.2. Informative references 11.2. Informative references
[RFC1321] Rivest, R. "The MD5 Message-Digest Algorithm", RFC 1321, [RFC1321] Rivest, R. "The MD5 Message-Digest Algorithm", RFC 1321,
April, 1992 April, 1992
[RFC2866] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000. [RFC2866] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000.
[RFC2868] Zorn, G., et al, " RADIUS Attributes for Tunnel Protocol [RFC2868] Zorn, G., et al, " RADIUS Attributes for Tunnel Protocol
Support", RFC 2868, June 2000. Support", RFC 2868, June 2000.
[RFC3575] Aboba, B, "IANA Considerations for RADIUS (Remote
Authentication Dial In User Service)", RFC 3575, July 2003.
[RFC4270] Hoffman, P, and Schneier, B, "Attacks on Cryptographic Hashes [RFC4270] Hoffman, P, and Schneier, B, "Attacks on Cryptographic Hashes
in Internet Protocols", RFC 4270, November 2005. in Internet Protocols", RFC 4270, November 2005.
[RFC5234] Crocker, D. (Ed.), and Overell, P., "Augmented BNF for Syntax [RFC5234] Crocker, D. (Ed.), and Overell, P., "Augmented BNF for Syntax
Specifications: ABNF", RFC 5234, October 2005. Specifications: ABNF", RFC 5234, October 2005.
[RFC6158] DeKok, A., and Weber, G., "RADIUS Design Guidelines", RFC [RFC6158] DeKok, A., and Weber, G., "RADIUS Design Guidelines", RFC
6158, March 2011. 6158, March 2011.
[EDUROAM] Internal Eduroam testing page, data retrieved 04 August 2010. [EDUROAM] Internal Eduroam testing page, data retrieved 04 August 2010.
 End of changes. 70 change blocks. 
97 lines changed or deleted 153 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/