[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Issue] Handling an unparsable NAS-Filter-Rule

To: <radiusext@ops.ietf.org>
Subject: [Issue] Handling an unparsable NAS-Filter-Rule
From: "Greg Weber \(gdweber\)" <gdweber@cisco.com>
Date: Thu, 2 Feb 2006 17:54:38 -0500

Description of issue: Handling an unparsable NAS-Filter-Rule
Submitter name: Greg Weber
Submitter email address: gdweber@cisco.com
Date first submitted: February 2, 2006
Reference: http://ops.ietf.org/lists/radiusext/2006/msg00090.html
Document: IEEE802-01
Comment type: Technical
Priority: S
Section: 1.4, 6
Rationale/Explanation of issue:

The NAS-Filter-Rule represents a *lot* of functionality.
I think we can expect lots of variability in NASes which
support various parts, e.g. maybe all the filtering, but
not HTTP redirection, etc.  I think we maybe need to be
clearer on what is supposed to happen when the NAS gets
a CoA-Request or Access-Request containing directives
that it cannot parse or apply.  In particular, in Section
1.4 "Attribute Interpretation", I see text indicating that
non-understood attributes result in Access-Rejects.  But,
in Section 6 "Security Considerations", I see text like:
"...a NAS could be configured to ... not accept any
redirection rules if it is known they are not used in
this environment."   These would seem to be contradictory.

Requested change:
Need clarification on the intent.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: [Issue] Precedence and order for NAS-Filter-Rule
Next by Date: RE: digest-auth, nonce replay issue
Previous by thread: [Issue] Precedence and order for NAS-Filter-Rule
Next by thread: Proposal for extension of Radius Accounting
Index(es):
- Date
- Thread