[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[radext] #57: Disconnect-Request

To: aland@deployingradius.com, bernard_aboba@hotmail.com
Subject: [radext] #57: Disconnect-Request
From: "radext issue tracker" <trac@tools.ietf.org>
Date: Mon, 26 Jul 2010 14:36:00 -0000
Auto-submitted: auto-generated
Cc: radiusext@ops.ietf.org
Reply-to: radiusext@ops.ietf.org

#57: Disconnect-Request
---------------------------------------+------------------------------------
 Reporter:  bernard_aboba@â            |       Owner:  aland@â                  
     Type:  defect                     |      Status:  new                      
 Priority:  major                      |   Milestone:  milestone1               
Component:  design                     |     Version:  1.0                      
 Severity:  Submitted WG Document      |    Keywords:                           
---------------------------------------+------------------------------------
 Section 3.1

 As noted in [RFC5080] Section 2.6, the intent of an Access-Reject is
    to deny access to the requested service.  As a result, RADIUS does
    not allow the provisioning of services within an Access-Reject or
    Disconnect-Request.  Documents which include provisioning of services
    within an Access-Reject or Disconnect-Request are inherently
    incompatible with RADIUS, and SHOULD be redesigned.

    As noted in [RFC5176] Section 3:

       A Disconnect-Request MUST contain only NAS and session
       identification attributes.  If other attributes are included in a
       Disconnect- Request, implementations MUST send a Disconnect-NAK;
       an Error-Cause Attribute with value "Unsupported Attribute" MAY be
       included.

    As a result, documents which include provisioning of services within
    a Disconnect-Request are inherently incompatible with RADIUS, and
    SHOULD be redesigned.

 [BA] This text says "SHOULD redesign" to recommend against a practice that
 is a MUST NOT in the specifications.  Given that there is a mandate, that
 seems like a bad idea.

    As noted in [RFC5080] Section 2.6, the intent of an Access-Reject is
    to deny access to the requested service.  As a result, RADIUS does
    not allow the provisioning of services within an Access-Reject.
    Documents which include provisioning of services
    within an Access-Reject are inherently
    incompatible with RADIUS, and need to be redesigned.

    As noted in [RFC5176] Section 3:

       A Disconnect-Request MUST contain only NAS and session
       identification attributes.  If other attributes are included in a
       Disconnect- Request, implementations MUST send a Disconnect-NAK;
       an Error-Cause Attribute with value "Unsupported Attribute" MAY be
       included.

    As a result, documents which include provisioning of services within
    a Disconnect-Request are inherently incompatible with RADIUS, and
    need to be redesigned.

-- 
Ticket URL: <http://tools.ietf.org/wg/radext/trac/ticket/57>
radext <http://tools.ietf.org/radext/>


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: [radext] design #57 (closed): Disconnect-Request
  - From: "radext issue tracker" <trac@tools.ietf.org>

Prev by Date: I-D Action:draft-ietf-radext-design-17.txt
Next by Date: [radext] #58: Section A.4
Previous by thread: I-D Action:draft-ietf-radext-design-17.txt
Next by thread: Re: [radext] design #57 (closed): Disconnect-Request
Index(es):
- Date
- Thread