[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: inconsistency in RFC 5176

To: Glen Zorn <glenzorn@comcast.net>, "'Murtaza Chiba (mchiba)'" <mchiba@cisco.com>, <radiusext@ops.ietf.org>
Subject: RE: inconsistency in RFC 5176
From: Bernard Aboba <bernard_aboba@hotmail.com>
Date: Fri, 15 Feb 2008 07:11:58 -0800
In-reply-to: <005801c86f92$61cbbe70$addf787c@arubanetworks.com>
References: <D492339CC466C84EA5E0AF1CECB200810526F748@xmb-sjc-21b.amer.cisco.com> <BLU127-DS374B11C762005E99E579593250@phx.gbl> <005801c86f92$61cbbe70$addf787c@arubanetworks.com>

Error 201 is defined. However, RFC 5716 only defines to how modify authorizations
or delete current sessions. Presumably if a session were not active, then current
implementations would return a Disconnect-NAK or CoA-NAK, rather than a
Disconnect-ACK with Error-Code value 201.

> From: glenzorn@comcast.net
> To: Bernard_Aboba@hotmail.com; mchiba@cisco.com; radiusext@ops.ietf.org
> Subject: RE: inconsistency in RFC 5176
> Date: Fri, 15 Feb 2008 12:19:27 +0700
>
> Bernard Aboba <> scribbled on Friday, February 15, 2008 6:07 AM:
>
> > There is no contradiction here. Section 3.5 says:
> >
> > "Values 200-299 represent successful completion, so that these
> > values may only be sent within CoA-ACK or Disconnect-ACK packets and
> > MUST NOT be sent within a CoA-NAK or Disconnect-NAK packet."
> >
> > There are only two values in the range 200-299 which are defined:
> >
> > 201 Residual Session Context Removed
> > 202 Invalid EAP Packet (Ignored)
> >
> > Error 202 is explicitly prohibited for use by RFC 5176
> > implementations:
> >
> > "Invalid EAP Packet (Ignored)" is a non-fatal error that MUST
> > NOT be sent by implementations of this specification.
> >
> > Error 201 is also not currently defined for use with RFC 5176 since
> > it refers to removal of key context, not modification or
> > disconnection of sessions.
> >
> > Therefore, Section 3.5 and 3.6 are in agreement.
>
> Thanks, Bernard, I was just about to respond in that very fashion,
> except that the table headed "Disconnect Messages" in section 3.6
> completely disallows the use of the Error-Cause Attribute in
> Disconnect-ACK messages, while section 3.5 says;
>
> "Residual Session Context Removed" is sent in response to a
> Disconnect-Request if one or more user sessions are no longer
> active, but residual session context was found and successfully
> removed. This value is only sent within a Disconnect-ACK and MUST
> NOT be sent within a CoA-ACK, Disconnect-NAK, or CoA-NAK.
>
> It seems that the table is in error to me. BTW, I can't find anything
> in the document that says that Error 201 is currently undefined; what am
> I missing?
>
> ...
>

Follow-Ups:
- RE: inconsistency in RFC 5176
  - From: "Glen Zorn" <glenzorn@comcast.net>

References:
- FW: inconsistency in RFC 5176
  - From: "Murtaza Chiba (mchiba)" <mchiba@cisco.com>
- Re: inconsistency in RFC 5176
  - From: "Bernard Aboba" <Bernard_Aboba@hotmail.com>
- RE: inconsistency in RFC 5176
  - From: "Glen Zorn" <glenzorn@comcast.net>

Prev by Date: Re: request to recharter
Next by Date: RE: inconsistency in RFC 5176
Previous by thread: RE: inconsistency in RFC 5176
Next by thread: RE: inconsistency in RFC 5176
Index(es):
- Date
- Thread