[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Issue 38: Ordering of filter attributes

To: radiusext@ops.ietf.org
Subject: Issue 38: Ordering of filter attributes
From: Bernard Aboba <aboba@internaut.com>
Date: Mon, 13 Dec 2004 18:49:03 -0800 (PST)

Issue 38: Ordering of Filter Attributes
Submitter name: Bernard Aboba
Submitter email address: aboba@internaut.com
Date first submitted: December 13, 2004
Reference:
Document: Congdon-02
Comment type: T
Priority: S
Section: 2.7
Rationale/Explanation of issue:
Section 2.7 does not state that NAS-Filter-Rule attributes shouldn't
be reordered by RADIUS proxies. Since reordering can change the
meaning of filter lists, reordering cannot be allowed.

The addition of the following text is recommended:

"If multiple NAS-Filter-Rule attributes are contained within an
Access-Request or Access-Accept packet they MUST be in order
and they MUST be consecutive attributes in the packet. RADIUS
proxies MUST NOT reorder NAS-Filter-Rule attributes.

The RADIUS server can return NAS-Filter-Rule attributes in an
Access-Accept packet. Where more than one NAS-Filter-Rule
attribute is included, it is assumed that the attributes are
to be concatenated to form a single filter list."


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: Issue 38: Ordering of filter attributes
  - From: "Alan DeKok" <aland@ox.org>

Prev by Date: Issue 37: Merging of Filter Attributes
Next by Date: Issue 39: Backward Compatibility of Filter Attributes
Previous by thread: Issue 37: Merging of Filter Attributes
Next by thread: Re: Issue 38: Ordering of filter attributes
Index(es):
- Date
- Thread