[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Proposed Resolution to Issue 7:

To: "Beck01, Wolfgang" <BeckW@t-systems.com>
Subject: Re: Proposed Resolution to Issue 7:
From: Bernard Aboba <aboba@internaut.com>
Date: Wed, 11 May 2005 11:08:49 -0700 (PDT)
Cc: radiusext@ops.ietf.org
In-reply-to: <76C27E1CE3FFC847B4D51C645D6F42AA15FEC1@E9JDF.mgb01.telekom.de>
References: <76C27E1CE3FFC847B4D51C645D6F42AA15FEC1@E9JDF.mgb01.telekom.de>

If there are no objections, I propose we accept this resolution.

On Wed, 11 May 2005, Beck01, Wolfgang wrote:

> 2.  Detailed Description
>
> 2.1  RADIUS Client Behavior
>
> [..]
>    To do the latter, it sends an Access-Request containing a Digest-Method
>    and a Digest-URI attribute but without a Digest-Nonce attribute.
>    It adds a Message-Authenticator (see [RFC3579]) attribute to the
>    Access-Request message.  The RADIUS server chooses a nonce and responds
>    with an Access-Challenge containing a Digest-Nonce attribute.
> [..]
>
> 2.2  RADIUS Server Behavior
>
>    If the RADIUS server receives an Access-Request message with a
>    Digest-Method and a Digest-URI attribute but without a Digest-Nonce
>    attribute, it chooses a nonce.  It puts the nonce into a Digest-Nonce
>    attribute and sends it in an Access-Challenge message to the RADIUS
>    client.  The RADIUS server MUST add Digest-Realm, Message-Authenticator
>    (see [RFC3579]), SHOULD add Digest-Algorithm, one or more Digest-Qop and
>    MAY add Digest-Domain, Digest-Opaque attributes to the Access-
>    Challenge message.
> [..]
>    RADIUS servers issuing nonces MAY construct a Digest-Nextnonce
>    attribute and add it to the Access-Accept message.  This is useful to
>    limit the lifetime of a nonce and to save a round-trip in future
>    requests (see nextnonce discussion in [RFC2617], section 3.2.3).  The
>    RADIUS server adds a Message-Authenticator attribute (see [RFC3579])
>    and sends the Access-Accept message to the RADIUS client.
>
>
> 4.  Table of Attributes
>
>    The following table provides a guide to which attributes may be found
>    in which kinds of packets, and in what quantity.
>
>    +-------------------------+-----+-----+--------+--------+-----------+
>    | Attribute               | #   | Req | Accept | Reject | Challenge |
>    +-------------------------+-----+-----+--------+--------+-----------+
>    | User-Name               | TBD | 1   | 0      | 0      | 0         |
>    | Message-Authenticator   | TBD | 1   | 1      | 1      | 1         |
>
> [..]
>
> Wolfgang
>
> --
> T-Systems
> Next Generation IP Services and Systems
> +49 6151 937 2863
> Am Kavalleriesand 3
> 64295 Darmstadt
> Germany
>
> --
> to unsubscribe send a message to radiusext-request@ops.ietf.org with
> the word 'unsubscribe' in a single line as the message text body.
> archive: <http://psg.com/lists/radiusext/>
>

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- Proposed Resolution to Issue 7:
  - From: "Beck01, Wolfgang" <BeckW@t-systems.com>

Prev by Date: Re: Proposed Resolution to Issue 77:
Next by Date: Re: Issue:
Previous by thread: Proposed Resolution to Issue 7:
Next by thread: Proposed Resolution to Issue 77:
Index(es):
- Date
- Thread