Common Remote Authentication Dial In User Service (RADIUS) Implementation Issues and Suggested Fixes

Summary: Needs 9 more YES or NO OBJECTION positions to pass.

Note: This ballot was opened for revision 04 and is now closed.

Jari Arkko (was Discuss) Yes

Comment (2007-09-04 for -08)
> The CPE may also require a delegated prefix for its own use, if it is
> decrementing the Time To Live (TTL) field of IP headers.  In that
> case, it should be delegated a prefix by the NAS via the Delegated-
> IPv6-Prefix attribute.  [RFC4818].  If the CPE is not decrementing
> TTL, it does not require a delegated prefix.

Time To Live is called Hop Limit in IPv6, and since this is
an IPv6 specific Section, perhaps this is the name that you
should use.

( Cullen Jennings ) Yes

( Dan Romascanu ) Yes

( Ron Bonica ) No Objection

( Lisa Dusseault ) No Objection

( Lars Eggert ) (was Discuss) No Objection

( Sam Hartman ) No Objection

Comment (2007-07-05 for -)
I am concerned about how this draft seems to break the ability to
negotiate future extensions.  In particular the recommendation that
client should treat access-accept with unknown attributes as
access-reject seems problematic.  However this issue seems to have
been discussed sufficiently so this is only a comment.

( Chris Newman ) No Objection

Comment (2007-07-05 for -)
>   inclusion of an Event-Timestampt attribute, for example, then

( Jon Peterson ) No Objection

( Tim Polk ) No Objection

Comment (2007-07-03 for -)
I personally find this text in the last sentence in section 2.1.1 to be unclear:

"neither including an authentication attribute nor a Service-Type attribute"

I suggest rewriting this sentence, deleting the double negative for clarity.

( Mark Townsley ) No Objection

( David Ward ) No Objection

( Magnus Westerlund ) No Objection