Re: Issues & Fixes: Ordered delivery of EAP messages

[Alan DeKok <aland@nitros9.org>]

Bernard Aboba wrote:
> Picking up on Avi's point, in the first paragraph, are these really all
> MUSTs?  Also does this apply only to new implementations? I'd suggest
> the following:

  Applications that perform an action twice because of underlying packet
retransmission aren't robust.  That's my $0.02, but I'm not set on it.

  The "new implementations" text isn't necessary.

> We therefore recommend that RADIUS servers SHOULD
> implement duplicate detection for Access-Request packets, as described
> in Section 3 of [RFC2865].  Implementations SHOULD also cache the
> responses to those Access-Request packets.  If a duplicate
> Access-Request packet is detected, the server MUST respond with a
> previously sent response packet (Access-Accept, Access-Challenge, or
> Access-Reject), if that packet is available.  If no response is
> available, the duplicate Access-Request MUST be silently discarded.  In
> either case, the server MUST NOT process the duplicate Access-Request
> again, as though it was an independent new request.

  That's fine by me.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>