[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Issue with 3576
> Okay I see my confusion:
>
> 1) Message-Authenticator SHOULD be included in an Access-Request that does
> not contain....EAP-Message,
>
> 2) Message-Authenticator MUST be included in an Access-Request that contains
> EAP-Message.
>
> I am aware of item 2 but somehow when I read item 1) it seemed to exclude
> item 2). So I am okay now.
I think the confusion with respect to the "Authorize Only" semantics
remain though, right? Would you be willing to prepare a slide or two for
IETF 60 to describe the issues?
> > > It should be more explicit what the behavior is. For example, we
> > > should state what happens when the Access-Accept with an
> > > Authorize-Only is received that doesn't contain attributes
> > that were
> > > previously received in an Access-Accept message. This is cause for
> > > lots of discussion.
> >
> > Yes, I do think we need to be more explicit on this. This
> > can be put into an errata (or the "implementations and fixes"
> > doc) once we figure this out.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>