RADIUS clients implementing this specification MUST be capable of detecting a duplicate request if it has the same source IP address, source UDP port and Identifier within a short span of time.On RADIUS clients that support the Event-Timestamp Attribute for replay protection, the time window used for duplicate detection MUST be the same as the window used to detect stale Event-Timestamp Attributes.
In looking at the original text, it would appear that support for Event-Timestamp based replay detection is required on RADIUS clients implementing RFC 3576; it is support on servers that is optional. Therefore, the second sentence above should probably be:
"The time windows used for duplicate detection MUST be..." -- to unsubscribe send a message to radiusext-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/radiusext/>