Bernard Aboba <mailto:[EMAIL PROTECTED]> allegedly scribbled on Thursday, March 08, 2007 10:26 PM:
>> My conclusion (based upon the actual text of the relevant RFCs rather >> than anecdotal evidence regarding "well-behaved" RADIUS >> implementations) > > RFC 2865 already recommends behavior that prevents out-of-order > delivery. Actually, it doesn't. As I have pointed out repeatedly , the semantics of the Identifier in RADIUS & EAP are identical. > A proposal to strengthen that to a MUST is on the table. From what I > can tell, this resolves the issue for RADIUS. > >> that "well-behaved" EAP implementations do NOT require duplicate >> detection in the transport any more than do "well-behaved" RADIUS >> implementations. > > The difference between RFC 3748 and 2865 is that 3748 does not > recommend a duplicate cache of substantial duration. Hmm. I don't really consider "a short period of time" to convey any meaningful sense of duration; in any case, see below. > That makes a > difference if a duplicate is intermingled with a new packet. I believe that the packet flow which I gave in an earlier message illustrated that a timer-based algorithm is insufficient for duplicate detection in both RADIUS and EAP if the identifier is allowed to simply "change" between exchanges. In fact, I think that timers are unnecessary: all that is needed to solve the problem is to specify the semantics of the Identifier to be those of a sequence number with roll-over. _______________________________________________ Pana mailing list [email protected] https://www1.ietf.org/mailman/listinfo/pana
