Bernard, Thank you for your review. See my comments inline. On Jan 10, 2012, at 8:37 PM, Bernard Aboba wrote: > The document appears to contain typos in sections 4.16 and 4.17. > > In section 4.16, it appears that "Home LMA IPv6 address" should be replaced by "Home DHCPv6 server address": Blimey.. we'll fix this. > 4.16. PMIP6-Home-DHCP6-Server-Address > > > > 0 1 2 3 > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | Type | Length | Home DHCPv6 server address > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > Home DHCPv6 server address > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > Home DHCPv6 server address > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > Home DHCPv6 server address > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > Home LMA IPv6 address | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > > In Section 4.17, it appears that "Visited LMA IPv6 address" should be replaced by "Visited DHCPv6 server address": And the same here.. > > 4.17. PMIP6-Visited-DHCP6-Server-Address > > > 0 1 2 3 > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | Type | Length | Visited DHCPv6 server address > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > Visited DHCPv6 server address > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > Visited DHCPv6 server address > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > Visited DHCPv6 server address > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > Visited LMA IPv6 address | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > > > 5.2. Table of Attributes > > > The following table provides a guide to attributes that may be found > in authentication and authorization RADIUS messages between MAG and > the AAA Server. > > > Request Accept Reject Challenge # Attribute > > 0-1 0-1 0-1 0-1 80 Message-Authenticator > > > > [BA] The Message-Authenticator attribute is mandatory-to-implement in a number of > RADIUS usages, including EAP (RFC 3579). Leaving out Message-Authenticator could > result in Access-Requests lacking authentication and > integrity protection. RFC 6158 Section 3.1 states: Good point. So, you are saying that we should have: 1 0-1 0-1 0-1 80 Message-Authenticator or would 1 1 1 1 80 Message-Authenticator be even better as RFC3759 & 5090 do? - Jouni > > While [RFC2865] did not require authentication and integrity > protection of RADIUS Access-Request packets, subsequent > authentication mechanism specifications, such as RADIUS/EAP [RFC3579] > and Digest Authentication [RFC5090], have mandated authentication and > integrity protection for certain RADIUS packets. [RFC5080], Section > 2.1.1 makes this behavior RECOMMENDED for all Access-Request packets, > including Access-Request packets performing authorization checks. It > is expected that specifications for new RADIUS authentication > mechanisms will continue this practice. > > > > > > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www.ietf.org/mailman/listinfo/ietf _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf