[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RADEXT charter for comment...

Yes, the limits for size and type must be followed.
If we want this restriction to say that sub-attributes shall use VSAs with a specified vendor-ID, then we need to say that. (I hope not.)
If we want this restriction to say that for consistency with the VSA usage in 2865, all sub-attributes shall be one level deep, we should say that.
I think that the sentence as written does not say what we mean.

Yours,
Joel M. Halpern

At 09:12 AM 3/11/2004 -0800, Bernard Aboba wrote: 
> Looking again at 2865, I am not sure what it means to say that
> Sub-attributes MUST be utilized only in a manner compatible with RFC
> 2865.  Does this mean that that the base attribute must have a well defined
> type, and a total length less than 256?  Or is there some other restriction
> in 2865 that I have missed?

The Type and Length fields need to be the same for all RADIUS attributes;
in particular the length restriction permits attributes up to 253 octets.

RFC 2865 explicitly permits grouping of attributes within the Vendor
Specific (26) attribute.  Here's what Section 5.26 says:

      Multiple subattributes MAY be encoded within a single Vendor-
      Specific attribute, although they do not have to be.



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>