| Re: Issues & Fixes: Ordered delivery of EAP messages | <– Date –> <– Thread –> |
From: Glen Zorn (gwz) (gwz cisco.com)
|
|
| Date: Wed, 7 Mar 2007 19:22:29 -0800 (PST) | |
Bernard Aboba <mailto:bernard_aboba [at] hotmail.com> allegedly scribbled on Wednesday, March 07, 2007 12:04 AM: >> Ordered delivery & duplicate rejection aren't the same thing. > > In general, that's true. But if you have an ACK/NAK protocol that > only allows a single packet in flight other than retransmissions, > doesn't effective duplicate rejection imply ordered delivery? Perhaps. Unfortunately, RADIUS does not require duplicate detection. This is what RFC 2865 says about duplicate detection: "The RADIUS server can detect a duplicate request if it has the same client source IP address and source UDP port and Identifier within a short span of time." That's it. I don't see the word "MUST" (or even "SHOULD") in that sentence. In fact, RFC 3748 is actually a bit stronger on the topic (Section 4.1): "The peer is responsible for detecting and handling duplicate Request messages before processing them in any way, including passing them on to an outside party. The authenticator is also responsible for discarding Response messages with a non-matching Identifier value before acting on them in any way, including passing them on to the backend authentication server for verification." ...
- Re: Ordered delivery of EAP messages, (continued)
- Re: Ordered delivery of EAP messages Avi Lior, March 7 2007
- Issues & Fixes: Ordered delivery of EAP messages Bernard Aboba, March 6 2007
- Re: Issues & Fixes: Ordered delivery of EAP messages Glen Zorn (gwz), March 6 2007
- Re: Issues & Fixes: Ordered delivery of EAP messages Bernard Aboba, March 7 2007
- Re: Issues & Fixes: Ordered delivery of EAP messages Glen Zorn (gwz), March 7 2007
Results generated by Tiger Technologies using MHonArc.