DIEGO LOPEZ GARCIA wrote:> > In the same spirit of keeping clarity, I'd say that Additional-Authorization > would be more correct choice, unless adding a new Service-Type would somehow > complicate adoption...
I agree. >> - each Access-Request MUST contain Service-Type = Authorize-Only >> and a State > > Or, respectively, Additional-Authorization, isn't it? The Access-Challenge should contain Additional-Authorization. The request should probably contain Authorize-Only. >> - the State MUST change for each Access-Challenge response >> I can get into that later > > I can imagine this is with the intention of guaranteeing order and avoiding > (or alleviating) MITM attacks, right? It's a way to guarantee ordering. I'm not sure if MITM attacks are anything we care about. Every entity in the AAA system is trusted, and the packets are signed to prevent non-AAA systems from modifying them.. Alan DeKok. _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
