Issue: Radius Digest, both modes of operation should be mandatory

[Miguel Garcia <Miguel.An.Garcia@nokia.com>]

Submitter name: Miguel Garcia
Submitter email address: Miguel.An.Garcia@nokia.com
Date first submitted: August 18, 2005
Reference: -
Document: draft-ietf-radext-digest-auth-03.txt
Comment type: T
Priority: '1' Should fix
Section: 1.2
Rationale/Explanation of issue:

The draft contains two modes of operation, in one the nonces are 
generated in the RADIUS client, in the other, nonces are generated in 
the RADIUS server.

The text reads:
"RADIUS clients and servers can support one, or both nonce generation 
modes."

So how is interoperability going to be granted if a RADIUS client 
implements only one mode and the RADIUS server implements the other?

In my opinion what has been pursued here is to not add additional 
complexity to the implementation. But the generation of a nonce does not 
add almost any complexity, so I would say that both modes have to be 
supported in the sake of interoperability.

In addition to that, the text does not have a normative statement (only 
speaks about "can"). The text should be normative, and should be placed 
outside the Overview section, which is informative by nature.

    Requested change:

Add the following text elsewhere (Section 2?):

"RADIUS clients and servers MUST implement support for the two modes of 
operation: when nonces are generated in the RADIUS server and when 
nonces are generated in the RADIUS client."

And delete the existing text in Section 1.3

"RADIUS clients and servers can support one, or both nonce generation 
modes."
--
Miguel A. Garcia           tel:+358-50-4804586
sip:miguel.an.garcia@openlaboratory.net
Nokia Research Center      Helsinki, Finland


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>