Last Call Review of draft-ietf-isms-radius-usage-
review-ietf-isms-radius-usage-secdir-lc-rescorla-2009-05-24-00

Request Review of draft-ietf-isms-radius-usage
Requested rev. no specific revision (document currently at 07)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2009-05-05
Requested 2009-04-09
Draft last updated 2009-05-24
Completed reviews Secdir Last Call review of -?? by Eric Rescorla
Assignment Reviewer Eric Rescorla
State Completed
Review review-ietf-isms-radius-usage-secdir-lc-rescorla-2009-05-24
Review completed: 2009-05-24

Review
review-ietf-isms-radius-usage-secdir-lc-rescorla-2009-05-24

$Id: draft-ietf-isms-radius-usage-05-rev.txt,v 1.1 2009/05/05 16:12:55 ekr Exp $

This document is about the use of RADIUS servers with SNMP "transport
models" (security protocols such as SSH used with SNMP). As far as I
can tell, the idea is to explain how to outsource some of the
authorization decisions to RADIUS.

I found this document extremely difficult to read. I realize that
the intended audience is for people with a lot of RADIUS and
SNMP experience, but despite some familiarity with them, I had
to work fairly hard to figure out what it was trying to say
and I'm still not sure. This document would benefit very greatly
from a diagram explaining how the authors think things are supposed
to work.

My big question is how the user authentication decisions are
expected to be split between (e.g., SSH), and RADIUS. For
example:

- If the user has a password, who checks it the RADIUS server
  or the NAS? RADIUS certainly can do this.
- If the user is authenticating with SSH pubkey auth, who
  checks that? 

These seem like important architectural issues but I'm not getting
them out of the document, and they should in particular
be in the security considerations.

IMO, this document would benefit from a rewrite that makes it a
lot clearer to someone not enmeshed in the WG.



S 2.
I don't understand what the difference is between service authorization
and access control in this context.

S 2.3.
I don't get the SHOULDs here. If you're defining how code points are
set, why are these optional?