|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: Auth method negotiationIf the offering party mandates authentication it should not include None in the offer. The rule about None being selectable ONLY WHEN OFFERED covers the case you are debating. Julo
On Fri, 21 Jun 2002, Paul Koning wrote: > Excerpt of message (sent 21 June 2002) by Bill Studenmund: > > I'm not sure. What does everyone else think? If the T bits indicate that > > both sides are fine with skipping authentication, does AuthMethods matter? > > I would tend to think of it as a protocol error. If one part of the > message indicates that you're insisting on authentication, and another > part sasys that you are insisting on not doing authentication, you > must be confused, right? Uhm, yeah. Makes sense. But do we say that if you don't want to authenticate, you MUST choose None as your one AuthMethod? A quick scan of draft 13 (searching occurences of AuthMethod) didn't indicate so. So it's a laziness within the spec. Take care, Bill
Home Last updated: Sat Jun 22 07:18:40 2002 10940 messages in chronological order |