4 Standards Compliance

Known points of questionable or non-compliance.

4.1  RFC 3588

  • The End-to-End Security framework (section 2.9) isn't implemented since it is largely unspecified. The document that was to describe it (reference [AAACMS]) was abandoned in an uncompleted state several years ago and the current draft RFC deprecates the framework, including the P Flag in the AVP header.

  • There is no TLS support over SCTP. RFC 3588 requires that a Diameter server support TLS but in practise this seems to mean TLS over SCTP since there are limitations with running over SCTP: see RFC 6083 (DTLS over SCTP), which is a response to RFC 3436 (TLS over SCTP). The current RFC 3588 draft acknowledges this by equating TLS with TLS/TCP and DTLS/SCTP but we do not yet support DTLS.

  • There is no explicit support for peer discovery (section 5.2). It can possibly be implemented on top of diameter as is but this is probably something that diameter should do. The current draft deprecates portions of the original RFC's mechanisms however.

  • The peer state machine's election process (section 5.6.4) isn't implemented as specified since it assumes knowledge of a peer's Origin-Host before sending it a CER. (The identity becoming known upon reception of CEA.) The possibility of configuring the peer's Origin-Host could be added, along with handling of the case that it sends something else, but for many applications this will just be unnecessary configuration of a value that it has no control over.

4.2  RFC 3539

RFC 3539 is more difficult to comply to since it discusses problems as much as it requires functionality but all the MUST's are covered, the watchdog state machine being the primary one. Of the optional functionality, load balancing is left to the diameter user (since it's the one deciding who to send to) and there is no Congestion Manager.