[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Request for Review: RADIUS Filter Attribute Document
- To: "Bernard Aboba" <email@example.com>, <firstname.lastname@example.org>
- Subject: RE: Request for Review: RADIUS Filter Attribute Document
- From: "Glen Zorn \(gwz\)" <email@example.com>
- Date: Wed, 18 Oct 2006 22:01:56 -0700
- Authentication-results: sj-dkim-7.cisco.com; header.Fromfirstname.lastname@example.org; dkim=pass ( sig from cisco.com verified; );
- Cc: <email@example.com>
- Dkim-signature: a=rsa-sha1; q=dns; l=856; t=1161234119; x=1162098119; c=relaxed/simple; s=sjdkim7002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; firstname.lastname@example.org; z=From:=22Glen=20Zorn=20\(gwz\)=22=20<email@example.com> |Subject:RE=3A=20Request=20for=20Review=3A=20RADIUS=20Filter=20Attribute=20Docume nt; X=v=3Dcisco.com=3B=20h=3DoaAHH9ZdidORUc8kqMxV7HClG9M=3D; b=NGu+p4fdu7vJ94zHRsdMzzfya/PLtt3qrYXobsItOBzSd5JC+xQxOCtS3/xpjroQ+LllF1iz C3/RyKkBBwJytB5x6rBl5J0iJxndzdnaUssvQonFpbA8xRd2F3OXsjZv;
Bernard Aboba <> supposedly scribbled on Wednesday, October 18, 2006
>> I have mixed feelings. On the one hand, there is precedent for
>> glomming all instances of an attribute together, for EAP. On the
>> other, EAP is different in that the RADIUS code does not parse the
>> result. What will happen with the next attribute, where a byte
>> value of 0x00 may be valid?
> This approach works for this particular attribute because the
> IPFilter syntax only permits ASCII characters. It's not a general
> solution, as you point out. That wider problem may be part of the
> extended attribute discussion. Since NAS-Filter-Rule isn't an
> extended attribute I think that discussion is somewhat orthogonal.
I think that if we can really come to an agreement upon the extension
method fairly soon it should be.
to unsubscribe send a message to firstname.lastname@example.org with
the word 'unsubscribe' in a single line as the message text body.