[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Comments on draft-carroll-dynmobileip-cdma-04.txt
- To: gwz@cisco.com, 'Frank Quick' <fquick@qualcomm.com>, "'W. Mark Townsley'" <townsley@cisco.com>
- Subject: RE: Comments on draft-carroll-dynmobileip-cdma-04.txt
- From: Avi Lior <avi@bridgewatersystems.com>
- Date: Tue, 8 Mar 2005 11:19:57 -0500
- Cc: 'Jari Arkko' <jari.arkko@piuha.net>, "'Nelson, David'" <dnelson@enterasys.com>, 'Barney Wolff' <barney@databus.com>, 'Avi Lior' <avi@bridgewatersystems.com>, 'Thomas Narten' <narten@us.ibm.com>, "'Carroll, Christopher P.'" <Ccarroll@ropesgray.com>, gerry.flynn@verizonwireless.com, radiusext@ops.ietf.org
Regarding: not all RFCs are created equal...
We have to be careful here. This line of thinking is going to create havoc.
It puts into doubt all of 2869 and documents based on it like 3579 etc....
2865 says: nothing but Reply-Messsage is in Access-Reject period end.
2869 allows for EAP-Message and Message Authenticator. So does that mean
that EAP RADIUS (3579) which is also informational is dead?
I don't even know why 2869 is informational.
IMO 2869 extends 2865
Lets move on....
Avi
> -----Original Message-----
> From: Glen Zorn (gwz) [mailto:gwz@cisco.com]
> Sent: Monday, March 07, 2005 8:27 PM
> To: 'Frank Quick'; 'W. Mark Townsley'
> Cc: 'Jari Arkko'; 'Nelson, David'; 'Barney Wolff'; 'Avi
> Lior'; 'Thomas Narten'; 'Carroll, Christopher P.';
> gerry.flynn@verizonwireless.com; radiusext@ops.ietf.org
> Subject: RE: Comments on draft-carroll-dynmobileip-cdma-04.txt
>
>
> Frank Quick <mailto:fquick@qualcomm.com> supposedly scribbled:
>
> > I expect many of the participants in this thread are busy
> at IETF, but
> > I will continue it anyway, expecting delays in some responses.
>
> >
> > Looking at 2865 and 2869 this weekend: I could not find any
> explicit
> > statement in 2865 that says the client MUST drop the connection
> when
> > an Access-Reject is received. Perhaps this is something that was
> > articulated later?
>
> IIRC, it was something that was taken as obvious from the
> name of the message.
>
> >
> > In 2869, furthermore, there is a Password-Retry attribute whose
> > purpose is:
> >
> > This attribute MAY be included in an Access-Reject to
> indicate
> > how many authentication attempts a user may be allowed to
> > attempt before being disconnected.
> >
> > I don't see how this is fundamentally different from what we do in
> > DMU.
>
> I think that this is an error in 2869, and itself a violation
> of 2865. All RFCs are not created equal: 2869 is
> Informational, while 2865 is a Proposed Standard & as such
> must take precedence. However, you are right that 2865 does
> not explicitly say that the connection must be dropped, it
> merely assumes that that is the only reasonable course of
> action. I agree with that assumption, obviously, since
> otherwise the semantics of the Access-Reject message are up for grabs.
>
> >
> > If there is no explicit requirement in 2865, then the proposed
> > disclaimer language would be in error, since the only 2865
> > noncompliance would be with the prohibition of VSA in
> Access-Reject.
> >
> >
> > Frank Quick
> > office +1-858-658-3608 fax +1-858-651-1940
> > portable +1-619-890-5749
> > paging fquick@pager.qualcomm.com
> > RSA: 29EA D619 31F2 B4D3 8815 3D59 4340 FA43
> > D-H: 2A24 131C D38F 12E6 4D6A 46EE 8BBF B50A 754E F63D
>
> Hope this helps,
>
> ~gwz
>
> Why is it that most of the world's problems can't be solved by simply
> listening to John Coltrane? -- Henry Gabriel
>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>