[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Issue: Radius Digest, both modes of operation should be mandatory



Submitter name: Miguel Garcia
Submitter email address: Miguel.An.Garcia@nokia.com
Date first submitted: August 18, 2005
Reference: -
Document: draft-ietf-radext-digest-auth-03.txt
Comment type: T
Priority: '1' Should fix
Section: 1.2
Rationale/Explanation of issue:

The draft contains two modes of operation, in one the nonces are generated in the RADIUS client, in the other, nonces are generated in the RADIUS server.

The text reads:
"RADIUS clients and servers can support one, or both nonce generation modes."


So how is interoperability going to be granted if a RADIUS client implements only one mode and the RADIUS server implements the other?

In my opinion what has been pursued here is to not add additional complexity to the implementation. But the generation of a nonce does not add almost any complexity, so I would say that both modes have to be supported in the sake of interoperability.

In addition to that, the text does not have a normative statement (only speaks about "can"). The text should be normative, and should be placed outside the Overview section, which is informative by nature.

    Requested change:

Add the following text elsewhere (Section 2?):

"RADIUS clients and servers MUST implement support for the two modes of operation: when nonces are generated in the RADIUS server and when nonces are generated in the RADIUS client."

And delete the existing text in Section 1.3

"RADIUS clients and servers can support one, or both nonce generation modes."
--
Miguel A. Garcia tel:+358-50-4804586
sip:miguel.an.garcia@openlaboratory.net
Nokia Research Center Helsinki, Finland



-- to unsubscribe send a message to radiusext-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/radiusext/>