[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Issue] RFC 3576 Usage of Message-Authenticator
Bernard,
I agree with your proposal.
John
> -----Original Message-----
> From: owner-radiusext@ops.ietf.org
> [mailto:owner-radiusext@ops.ietf.org]On Behalf Of ext Bernard Aboba
> Sent: 29 January, 2005 02:37
> To: radiusext@ops.ietf.org
> Subject: [Issue] RFC 3576 Usage of Message-Authenticator
>
>
> RFC 3576 calculation of the Request and Response
> Authenticator is modelled
> after RFC 2866 (RADIUS Accounting). However, the
> Message-Authenticator
> attribute is not allowed in Accounting-Request and Accounting-Response
> messages, because these messages do not contain a random Request
> Authenticator, as specified in RFC 3579:
>
> Message-Authenticator = HMAC-MD5 (Type, Identifier, Length,
> Request Authenticator, Attributes)
>
> It therefore would appear that a Message-Authenticator
> attribute is not
> allowed in CoA-Request, CoA-ACK, CoA-NAK, Disconnect-Request,
> Disconnect-ACK or Disconnect-NAK messages.
>
> This is contrary to the table in Section 3.2, which has the following
> entry for both CoA and Disconnect messages:
>
> Request ACK NAK # Attribute
> 0-1 0-1 0-1 80 Message-Authenticator
>
> Proposed Resolution:
>
> My proposal is that we submit an errata to RFC 3576, changing
> the "0-1"
> entries to "0" entries.
>
> --
> to unsubscribe send a message to radiusext-request@ops.ietf.org with
> the word 'unsubscribe' in a single line as the message text body.
> archive: <http://psg.com/lists/radiusext/>
>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>