[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Issue with 3576
Yes I will Bernard. Unfortunately we need to address the semantics issue.
I will include it as part of my slot. I don't think additional time will be
needed. I am going last anyway.
> -----Original Message-----
> From: Bernard Aboba [mailto:aboba@internaut.com]
> Sent: Tuesday, July 27, 2004 3:30 PM
> To: Avi Lior
> Cc: radiusext@ops.ietf.org
> Subject: RE: Issue with 3576
>
>
> > Okay I see my confusion:
> >
> > 1) Message-Authenticator SHOULD be included in an
> Access-Request that
> > does not contain....EAP-Message,
> >
> > 2) Message-Authenticator MUST be included in an Access-Request that
> > contains EAP-Message.
> >
> > I am aware of item 2 but somehow when I read item 1) it seemed to
> > exclude item 2). So I am okay now.
>
> I think the confusion with respect to the "Authorize Only"
> semantics remain though, right? Would you be willing to
> prepare a slide or two for IETF 60 to describe the issues?
>
> > > > It should be more explicit what the behavior is. For
> example, we
> > > > should state what happens when the Access-Accept with an
> > > > Authorize-Only is received that doesn't contain attributes
> > > that were
> > > > previously received in an Access-Accept message. This is cause
> > > > for lots of discussion.
> > >
> > > Yes, I do think we need to be more explicit on this. This can be
> > > put into an errata (or the "implementations and fixes"
> > > doc) once we figure this out.
>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>