[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: backwards compatible introduction of NEW attribute such as CUI

To: <radiusext@ops.ietf.org>
Subject: RE: backwards compatible introduction of NEW attribute such as CUI
From: "Nelson, David" <dnelson@enterasys.com>
Date: Tue, 14 Dec 2004 12:20:14 -0500

Paul Congdon writes...
 
> Instead of sending these 'advertised' attributes in every Access-Request, > why doesn't a NAS send a single Access-Request for itself that advertises > all the things it needs to advertise once.

I'm sure that method could be made to work.  However, it does make RADIUS somewhat more statefull that it has been heretofore.  My thoughts on this are that one more attribute in an Access-Request message is not a great deal of overhead.  Given that many RADIUS transactions these days use EAP-TLS (or some other X.509 Certificate based methods) the number of protocol octets consumed by constant advertising becomes diminishingly small, compared to the total authentication session data flow.



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: Issue 42: Are the AVPs really "M"andatory in IEEE 802 draft
Next by Date: Re: backwards compatible introduction of NEW attribute such as CUI
Previous by thread: Re: backwards compatible introduction of NEW attribute such as CUI
Next by thread: RE: backwards compatible introduction of NEW attribute such as CUI
Index(es):
- Date
- Thread