Nagi writes...
>Issue 42: Are the Attributes Really Mandatory?
>Submitter: Nagi Reddy Jonnala
>Submitter email address: dromasca@avaya.com
>Date first submitted: December 14, 2004
>Reference: http://ops.ietf.org/lists/radiusext/2004/msg00989.html
>Document: Congdon-02
>Comment type: T
>Priority: 1
>Section: Various
>Rationale/Explanation of issue:
>All the AVPs have the "M" bit enabled which means that the NAS MUST
>understand the given attribute. I disagree with this. Having the default
>value/action in case the RADIUS server doesn't return is already in
>practice (for example locally configured interim interval, session
>timeout). It is also true with some/all of the attributes mentioned in
>this draft. For instance, understanding Egress-VLANID should never be
>mandatory because the system might already have a default allowed set of
>VLANIDs.
>
>Requested change:
>
>First alternative is:
>
>Use the idea suggested by Bernard to advertise the Capabilities of "new"
>attributes in Access-Request and I like this idea.
>
>Second alternative is:
>
>Don't make the AVP mandatory always. Let the RADIUS server (or
>implementation) decide whether to enable/disable the "M" bit.
>[Bernard Aboba] Personally, I like alternative 1 better.
This should have a similar outcome to issue 39, in that 'M-bit' references are removed in favor of the capabilities attribute.
Cheers,
MS
--------------------------------------------
Mauricio Sanchez, CISSP
Network Security Architect
Procurve Networking Business
Hewlett Packard
8000 Foothills Boulevard, ms 5555
Roseville CA, 95747-5557
916.785.1910 Tel
916.785.1815 Fax
mauricio.sanchez@hp.com
--------------------------------------------