Re: RADEXT WG Last Call on Status-Server Document

[Alan DeKok <aland@deployingradius.com>]

David B. Nelson wrote:
> Hmm.  IIRC, the consensus of the room at the RADEXT WG meeting at IETF-73
> was that this was a bad idea.  I realize this was probably the only
> substantive comment received during WGLC on this draft.  However, it's only
> one opinion.

  OK, if the consensus is that it's a bad idea, that can be removed from
the draft.

>>>    Some server implementations accept both Access-Request and
>>>    Accounting-Request packets on the same port, and do not
>>>    distinguish between "authentication only" ports, and "accounting 
>>>    only" ports.  Those implementations SHOULD reply to Status-Server 
>>>    packets with an Access-Accept packet.
> 
> Yeah, but isn't that extremely broken behavior?

  Umm... if you say so.  I won't comment.

>  I know we're documenting
> existing behavior, but do we have to document the most broken parts?  I
> thought the idea was to support the needs of RADSEC with respect to server
> "liveness", and in doing so, re-use an existing mechanism.  Otherwise, there
> are probably lots of other broken behaviors in RADIUS implementations that
> could be documented.  You know... "A bug, once documented, becomes a
> feature".  :-(  Where do we draw the line?

  We'd like to draw it at things that are crazy.  But we're too late for
that.

  Maybe it's best to say that authentication ports respond with
Access-Accept, and accounting ports respond with Accounting-Response.
Anything else is NOT RECOMMENDED.

  Comments?

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>