ietf
[Top] [All Lists]

RE: Is it an error?

2001-03-08 09:20:02
xu(_dot_)zhijun(_at_)mail(_dot_)zte(_dot_)com(_dot_)cn 
[mailto:xu(_dot_)zhijun(_at_)mail(_dot_)zte(_dot_)com(_dot_)cn] writes:

In Rfc2868 (RADIUS Attributes for Tunnel Protocol Support),
Radius Attribute
91
is given to Tunnel-Server-Auth-ID.
However, In Rfc2888 (Secure Remote Access with L2TP),the same Radius
Attribute
91 is given to IPSEC_MANDATE.
Is it an error?

It's not clear to me that it's actually an error, since RFC 2888 says 'A new
RADIUS attribute IPSEC_MANDATE (91) _may_ be defined for each user.' (my
emphasis) but does not actually define the attribute (at least in the
traditional, RFC 2865 fashion).  RADIUS attribute 91 is registered w/IANA as
Tunnel-Server-Auth-ID (see
http://www.isi.edu/in-notes/iana/assignments/radius-types).  BTW, RFC 2888
describes using IPSEC _tunnel_ mode with L2TP, which is in direct
contradiction to the direction of the L2TP WG (as described in
draft-ietf-l2tpext-security-02.txt).



-
This message was passed through ietf+censored(_at_)alvestrand(_dot_)no, which
is a sublist of ietf(_at_)ietf(_dot_)org(_dot_) Not all messages are passed.
Decisions on what to pass are made solely by Harald Alvestrand.





<Prev in Thread] Current Thread [Next in Thread>