[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: inconsistency in RFC 5176


There is no contradiction here.   Section 3.5 says:

"Values 200-299 represent successful completion, so that these
values may only be sent within CoA-ACK or Disconnect-ACK packets
and MUST NOT be sent within a CoA-NAK or Disconnect-NAK packet."

There are only two values in the range 200-299 which are defined:

     201    Residual Session Context Removed
     202    Invalid EAP Packet (Ignored)

Error 202 is explicitly prohibited for use by RFC 5176 implementations:

     "Invalid EAP Packet (Ignored)" is a non-fatal error that MUST NOT
     be sent by implementations of this specification.

Error 201 is also not currently defined for use with RFC 5176 since it
refers to removal of key context, not modification or disconnection of
sessions.

Therefore,  Section 3.5 and 3.6 are in agreement.


-----Original Message-----
From: Alfred HÎnes [mailto:ah@tr-sys.de]
Sent: Wednesday, February 13, 2008 5:51 PM
To: Murtaza Chiba (mchiba); Gopal Dommety (gdommety); Mark Eklund (meklund); david@mitton.com 
Cc: rfc-editor@rfc-editor.org
Subject: inconsistency in RFC 5176

Hello,
after studying the recently published RFC 5176 (RADIUS Dyn.Auth.) authored by you, I stumbled over an apparent serious inconsistency in Section 3.5 of that memo. 

The first clause there (on page 16) says:

3.5.  Error-Cause

  Description

     It is possible that a Dynamic Authorization Server cannot honor
     Disconnect-Request or CoA-Request packets for some reason.  The
     Error-Cause Attribute provides more detail on the cause of the
|     problem.  It MAY be included within CoA-NAK and Disconnect-NAK
|     packets.
The last sentence is consistent with the tables in Section 3.6 (pages 20..22) that also exclude the use of the Error-Clause Attribute for the CoA-ACK and Disconnect-ACK messages/packets.
But surprisingly, the text in the "Value" clause in Section 3.5, from the bottom of page 16 until page 18 repeatedly deals with inclusion or non-inclusion of the Error-Clause Attribute into the CoA-ACK and Disconnect-ACK messages/packets. Some of these sentences are only confusing, but those that state applicability of the Error-Clause Attribute contradict the intent ot the other parts of the memo. 

Please check.
I suggest that this issue should be resolved by RFC Errata Notes invalidating/removing all phrases in the "Value" clause that mention CoA-ACK and Disconnect-ACK. 


Kind regards,
 Alfred HÎnes.

P.S.: Due to inappropriate blackholing of DNS requests, apparently
     caused by packet filtering based on *sorce* port somewhere
     in Redmont, I cannot send a copy of this message to your
     co-author Bernard Aboba.  Please arrange to forward to him
     a copy of this message -- thanks in advance.

--

+------------------------+--------------------------------------------+
| TR-Sys Alfred Hoenes   |  Alfred Hoenes   Dipl.-Math., Dipl.-Phys.  |
| Gerlinger Strasse 12   |  Phone: (+49)7156/9635-0, Fax: -18         |
| D-71254  Ditzingen     |  E-Mail:  ah@TR-Sys.de                     |
+------------------------+--------------------------------------------+


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>