Pasi wrote... > Yes, this would work for NAS-Filter-Rule -- but so would any > of the other proposals so far (e.g. rules end with LF; rule > ends if attribute length <253; attributes begin with a tag > octet; etc.) I don't think any of these proposals is a really > good one, but at least the same approach could be reused for > NAS-Traffic-Rule (and maybe other attributes in the future as well). The consensus reached for NAS-Traffic-Rule, when this exact issue arose, was to use a LF as a rule delimiter. As you point out it's not ideal, but is probably the most straightforward option. Why not just bite the bullet and add the same LF delimiter to NAS-Filter-Rule? At least we'd be able to claim then that NAS-Traffic-Rule and NAS-Filter-Rule use common rule delimiters, thereby easing a RADIUS implementers effort to support both attributes. MS
Attachment:
smime.p7s
Description: S/MIME cryptographic signature