Mandatory per definition is mandatory to process and cannot be ignored. Sending a NAK is one kind of processing by telling the sender that the receiver doesn't know how to process. It just cannot ignore the attribute, like an optional attribute.
It is up to authentication server's policy. It may allow the EAP authentication to finish successfully but only allow limited access. On 3/2/10 10:23 AM, "Alan DeKok" <al...@deployingradius.com> wrote: > Hoeper Katrin-QWKN37 wrote: >> I am happy with Alan's proposed text except for the paragraph: >> >> "A peer that either sends or receives a NAK attribute MUST treat the >> session as failing authentication." >> >> I suggest deleting this sentence and adopt the rest of the text. > > What are the situations where authentication can continue after a NAK? > > A NAK of a mandatory attribute should be treated as a failure. > Otherwise, what does "mandatory" mean, if it can be ignored? > > Alan DeKok. > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu Hao Zhou Technical Leader Security Technology Business Unit hz...@cisco.com Phone: +1 330 523 2132 Cisco Systems, Inc. United States Cisco.com - http://www.cisco.com This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. For corporate legal information go to: http://www.cisco.com/web/about/doing_business/legal/cri/index.html _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu