[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: backwards compatible introduction of NEW attribute such as CUI



Paul Congdon writes...
 
> Instead of sending these 'advertised' attributes in every Access-Request, > why doesn't a NAS send a single Access-Request for itself that advertises > all the things it needs to advertise once.

I'm sure that method could be made to work.  However, it does make RADIUS somewhat more statefull that it has been heretofore.  My thoughts on this are that one more attribute in an Access-Request message is not a great deal of overhead.  Given that many RADIUS transactions these days use EAP-TLS (or some other X.509 Certificate based methods) the number of protocol octets consumed by constant advertising becomes diminishingly small, compared to the total authentication session data flow.



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>