That doesn't change the fact that there's information missing. I'm not
saying make it a MUST or even a SHOULD. Not everything has to work in
every situation. Just because Access-Challenge is useless to me in
a certain configuration doesn't mean it shouldn't be available.
I don't need this feature. I don't care too much. But I do think it's
ridiculous to be digging for reasons to shoot it down, since it is in
fact a glaring oversight now that someone has brought it up. It didn't
come up before.. well, neither did a lot of security holes in software.
Should we not fix them because nobody ever asked for a fix for the past
three years?
Sometimes it's too late to fix something. In the case of RADIUS, it
is probably too late. IIRC, the WG was trying to dissolve two years
ago, and there are definately practical considerations to trying to
add a silly little attribute that nobody's going to use.
And for now, Livingston should implement it as a VSA. And this issue
should be kept in mind for the next generation protocol.
On the other hand, now that I think about it, TCP-Clear is silly.
rlogin is nearly a clear channel.. if you ignore window size messages,
it is completely. Something based on rlogin that maybe sent a
session ID would be nice.
-- Christopher Masto Director of Operations NetMonger Communications chris@netmonger.net info@netmonger.net http://www.netmonger.netFree yourself, free your machine, free the daemon -- http://www.freebsd.org/ - To unsubscribe, email 'majordomo@livingston.com' with 'unsubscribe portmaster-users' in the body of the message. Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>