[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Issue with 3576

To: Avi Lior <avi@bridgewatersystems.com>
Subject: RE: Issue with 3576
From: Bernard Aboba <aboba@internaut.com>
Date: Tue, 27 Jul 2004 12:30:29 -0700 (PDT)
Cc: radiusext@ops.ietf.org
In-reply-to: <F17FB067A86B2D488382C923C532EAA7024A4BD9@exch01.bridgewatersys.com>
References: <F17FB067A86B2D488382C923C532EAA7024A4BD9@exch01.bridgewatersys.com>

> Okay I see my confusion:
>
> 1) Message-Authenticator SHOULD be included in an Access-Request that does
> not contain....EAP-Message,
>
> 2) Message-Authenticator MUST be included in an Access-Request that contains
> EAP-Message.
>
> I am aware of item 2 but somehow when I read item 1) it seemed to exclude
> item 2).  So I am okay now.

I think the confusion with respect to the "Authorize Only" semantics
remain though, right?  Would you be willing to prepare a slide or two for
IETF 60 to describe the issues?

> > > It should be more explicit what the behavior is.  For example, we
> > > should state what happens when the Access-Accept with an
> > > Authorize-Only is received that doesn't contain attributes
> > that were
> > > previously received in an Access-Accept message.  This is cause for
> > > lots of discussion.
> >
> > Yes, I do think we need to be more explicit on this.  This
> > can be put into an errata (or the "implementations and fixes"
> > doc) once we figure this out.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- RE: Issue with 3576
  - From: Avi Lior <avi@bridgewatersystems.com>

Prev by Date: RE: Issue with 3576
Next by Date: Presentations on Interoperability Issues
Previous by thread: RE: Issue with 3576
Next by thread: RE: Issue with 3576
Index(es):
- Date
- Thread