Re: RADEXT WG Last Call on Status-Server Document

[Stig Venaas <stig.venaas@uninett.no>]

Submitter name: Stig Venaas
Submitter email address: stig.venaas@uninett.no
Date first submitted: November 4, 2008
Document: Status Server
Comment type: T
Priority: 1
Section: 2.3.2
Rationale/Explanation of issue:

I think clients should allow Access-Accept responses to status-server
messages sent to the accounting port. Even if it's not the expected
message, it shows that the server is alive.

Also, towards the end of section 4.2 the draft says:

   Some server implementations accept both Access-Request and
   Accounting-Request packets on the same port, and do not distinguish
   between "authentication only" ports, and "accounting only" ports.
   Those implementations SHOULD reply to Status-Server packets with an
   Access-Accept packet.

Due to this, I think the text in 2.3.2 is too strict:

   The Status-Server packet MUST contain a Message-Authenticator
   attribute for security.  The response (if any) to a Status-Server
   packet sent to an accounting port MUST be an Accounting-Response
   packet.  The list of attributes that are permitted in the Accounting-
   Response packet is given in the Table of Attributes in Section 6,
   below.

I think the second MUST should be a SHOULD. Or at the very least, in
section 4.1 where it talks about clients being liberal at what they
accept. Add a note that they SHOULD accept this.

Stig

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>