[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Issue with 3576

To: Bernard Aboba <aboba@internaut.com>, Murtaza Chiba <mchiba@cisco.com>, david@mitton.com
Subject: Issue with 3576
From: Avi Lior <avi@bridgewatersystems.com>
Date: Tue, 27 Jul 2004 11:34:09 -0400
Cc: radiusext@ops.ietf.org

Bernard, Murtaza,

I found a minor bug in 3576 ( I don't know if this one was reported yet)

Deep down in Note[6] it says:

a Message-Authenticator attribute SHOULD be included in an Access-Request
that does not contain a
User-Password, CHAP-Password, ARAP-Password or EAP-Message Attribute.

The inclusion of EAP-Message in an Access-Request however does require
Message-Authenticator.


As well, unless I am missing something, 3576 does not say what the semantics
of the Re-authorization Access-Request message.  It just eludes to the fact
that it is there to ease interop between RADIUS and DIAMETER.  Reading
between the line then one would conclude that they have to read diameter to
understand the semantics.  In fact NASREQ right?

It should be more explicit what the behavior is.  For example, we should
state what happens when the Access-Accept with an Authorize-Only is received
that doesn't contain attributes that were previously received in an
Access-Accept message.  This is cause for lots of discussion.

-----------------------------
Avi Lior
Bridgewater Systems Corp.
Phone: 613.591.9104 x 6417
Cell   : 613.297.2177

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: Issue with 3576
  - From: Bernard Aboba <aboba@internaut.com>

Prev by Date: AAA WG last call on Diameter SIP Application
Next by Date: Re: Issue with 3576
Previous by thread: AAA WG last call on Diameter SIP Application
Next by thread: Re: Issue with 3576
Index(es):
- Date
- Thread