[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Issue 223: Event-Timestamp and Duplicate Detection

To: "Bernard Aboba" <bernard_aboba@hotmail.com>, "Alan DeKok" <aland@nitros9.org>
Subject: RE: Issue 223: Event-Timestamp and Duplicate Detection
From: "Avi Lior" <avi@bridgewatersystems.com>
Date: Mon, 28 May 2007 10:56:35 -0400
Cc: <radiusext@ops.ietf.org>
In-reply-to: <BAY117-W17119318481B421B9EE6ED932B0@phx.gbl>
References: <BAY117-W17119318481B421B9EE6ED932B0@phx.gbl>

Perhaps.

But there are no formal words in the table. The first three sentences use terms like "guide" "may be".

It also uses must not be present in an Accounting-Request. So why wouldnt the document make a similar strong statement about those attribute,

If it was intended not to be in those messages I would suggest the attributes would have appeared in the table with zeros in the corresponding columns.

I think that document is ambiguous in this matter.

From: Bernard Aboba [mailto:bernard_aboba@hotmail.com]
Sent: Friday, May 25, 2007 6:59 PM
To: Avi Lior; Alan DeKok
Cc: radiusext@ops.ietf.org
Subject: RE: Issue 223: Event-Timestamp and Duplicate Detection

> No. If it was prohibited in an Access-Request, Accept, Reject etc... It
> would have specifically stated that.

Here's what RFC 2869 Section 5.19 says:

   The following table provides a guide to which attributes may be found
   in which kind of packets. Acct-Input-Gigawords, Acct-Output-
   Gigawords, Event-Timestamp, and NAS-Port-Id may have 0-1 instances in
   an Accounting-Request packet. Connect-Info may have 0+ instances in
   an Accounting-Request packet. The other attributes added in this
   document must not be present in an Accounting-Request.

Request Accept Reject Challenge   #    Attribute
0-1      0       0       0           70   ARAP-Password [Note 1]
0        0-1     0       0-1         71   ARAP-Features
0        0-1     0       0           72   ARAP-Zone-Access
0-1      0       0       0-1         73   ARAP-Security
0+       0       0       0+          74   ARAP-Security-Data
0        0       0-1     0           75   Password-Retry
0        0       0       0-1         76   Prompt
0-1      0       0       0           77   Connect-Info
0        0+      0       0           78   Configuration-Token
0+       0+      0+      0+          79   EAP-Message [Note 1]
0-1      0-1     0-1     0-1         80   Message-Authenticator [Note 1]
0        0-1     0       0-1         84   ARAP-Challenge-Response
0        0-1     0       0           85   Acct-Interim-Interval
0-1      0       0       0           87   NAS-Port-Id
0        0-1     0       0           88   Framed-Pool
Request Accept Reject Challenge   #    Attribute

The first paragraph's first three sentences seem to imply that the attributes named can *only* be present in an Acccounting-Request. Otherwise why wouldn't that paragraph have listed all the packets that these attributes could be included in?

References:
- RE: Issue 223: Event-Timestamp and Duplicate Detection
  - From: Bernard Aboba <bernard_aboba@hotmail.com>

Prev by Date: Re: Issue 227: Proxy State
Next by Date: RE: RFC3576bis and Session State
Previous by thread: RE: Issue 223: Event-Timestamp and Duplicate Detection
Next by thread: Issue 224: Comments
Index(es):
- Date
- Thread