[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Review of draft-ietf-geopriv-radius-lo-04.txt



> would seem that this proposal may work for non-location-aware proxies.

Yes, I think the problem is with the NAS, not proxies.  

> For non-location-aware NASes, the RFC's already require
> implementations to treat unexpected Access-Challenges as
> Access-Rejects, so this idea would appear to be fail-safe there, too.

Yes, Section 4.4 of RFC 2865 states:

"     If the NAS does not support challenge/response, it MUST treat an
      Access-Challenge as though it had received an Access-Reject
      instead."

So a RADIUS server can always send a Challenge with an Error-Cause value 
as well as a "send location" attribute.  Where the NAS does not expect a 
Challenge, it will treat it as an Access-Reject. 


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>