The issue you are raising is whether cap advert. Is useful or even required for non-challenge auth scheme. I think the answer is yes. Here is why:
First, cap-advert is a way for the NAS to indicate to the server what features it supports so the Server can return attribs to the NAS and be assured that the NAS won't discard them. This has nothing to do with challenge or the auth scheme.
Second the chalange issue does not arise from the cap-advert. In one particular instance it arises from the way geopriv set up their location exchange. That is, not sending the location info on the original access request. Here the cap-advert helps the protocol by informing the server that the NAS supports location (and challenge) so that the server that requires (or needs) location does not challenge a nas that doesn't support location and/or a challenge.
So iin either case it does not hurt.
--------------------------
Avi Lior Bridgewater Systems
cell +1 613 796-4183
work +1 613 591-9104 x 6417
-----Original Message-----
From: aland@nitros9.org <aland@nitros9.org>
To: Avi Lior <avi@bridgewatersystems.com>; radiusext@ops.ietf.org <radiusext@ops.ietf.org>
Sent: Wed Oct 12 14:56:39 2005
Subject: Re: Capabilities: Summary
"Avi Lior" <avi@bridgewatersystems.com> wrote:
> So forgive me but, the approach of advetizing takes the quess work out
> of the protocol and I don't understand why we need to discuss this
> issue over and over again.
My only concern with advertising is the possibility of an endless
list of things to advertise.
Authentication protocols that already use Access-Challenge can be
extended to have the server request information in an
Access-Challenge, and the NAS supply it in a later Access-Request. I
don't think there's any argument there.
The only issue, then, is around authentication protocols such as
PAP, CHAP, or MS-CHAP. Adding an additional Access-Challenge step is
awkward, just as adding capability advertising is awkward.
So, is using capabilities with PAP, etc. a requirement?
If so, is *any* capability advertising scheme acceptable to the WG?
(My $0.02 is yes)
If so, what should it look like?
Alan DeKok.