Re: DISCUSS: draft-ietf-radext-fixes

[Alan DeKok <aland@deployingradius.com>]

Lars Eggert wrote:
>>   If a duplicate response is received by the client, it is no different
>> than an *unsolicited* response.  Neither one matches a pending request,
>> so the responses are discarded.
> 
> Ah - that makes total sense now. I'll leave it up to you to decide if
> you'd like to stick this explanation into the draft.

  We can add a sentence or two to clarify that:

 ...later responses MUST be silently discarded, as they do not match a
pending request.  That is, later responses are treated exactly the
same as unsolicited responses, and are silently discarded.

> Thanks for pointing me at that - it had slipped my mind that you had
> explained this already. As above, I think sticking a bit of the
> explanation from your email into the document would be good, but this is
> up to you.

  "After about 30 seconds, most RADIUS clients and end users will have
given up on the authentication request.  Therefore, there is little
value in having a larger cache timeout."

  I'll make the changes.  Unless anyone else has comments, I'll submit a
revised version next week.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>