[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: FW: [Pana] RADIUS Access-Reject and NAP/ISP authz

To: <gwz@cisco.com>
Subject: RE: FW: [Pana] RADIUS Access-Reject and NAP/ISP authz
From: "Nelson, David" <dnelson@enterasys.com>
Date: Mon, 21 Mar 2005 16:06:19 -0500
Cc: <radiusext@ops.ietf.org>

> Well, a first step might be for the WG Chairs to express the
> historic semantics of the Access-Reject message and even, perhaps,
> the WG consensus regarding it (determining that as necessary).

Bernard may see this differently, but my own observation from the
discussion to date on the list is that the RADEXT WG does not have a
clear consensus on the semantics of the Access-Reject message and the
permissible attributes that may appear therein.

I think, historically speaking, that the RADIUS WG probably *did* have a
clear consensus on what they thought Access-Reject meant, but that was
then and this is now.  Access-Reject has classically meant "no service".
I think that some of the RFCs published between the closing of the
RADIUS WG and the chartering of the RADEXT WG may have blurred the
classical semantics of Access-Reject.  There is currently a debate over
what "service" means, although I hope that "no" still means "no".  :-)

It seems to me that the pertinent question is what the RADEXT WG thinks
is the correct semantics for Access-Reject for current and future RADIUS
work.


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- RE: FW: [Pana] RADIUS Access-Reject and NAP/ISP authz
  - From: Bernard Aboba <aboba@internaut.com>

Prev by Date: [Issue] Review of draft-ietf-radext-digest-auth-01.txt
Next by Date: RE: FW: [Pana] RADIUS Access-Reject and NAP/ISP authz
Previous by thread: RE: [Pana] RADIUS Access-Reject and NAP/ISP authz
Next by thread: RE: FW: [Pana] RADIUS Access-Reject and NAP/ISP authz
Index(es):
- Date
- Thread