Re: Auth method negotiation

["Julian Satran" <Julian_Satran@il.ibm.com>]

If the offering party mandates authentication it should not include None in the offer.
The rule about None being selectable ONLY WHEN OFFERED covers the case you are debating.

Julo

Bill Studenmund <wrstuden@wasabisystems.com> Sent by: owner-ips@ece.cmu.edu 06/22/2002 01:43 AM Please respond to Bill Studenmund

To:        Paul Koning <ni1d@arrl.net>         cc:        <chirag.wighe@windriver.com>, <ips@ece.cmu.edu>         Subject:        Re: Auth method negotiation

On Fri, 21 Jun 2002, Paul Koning wrote:

> Excerpt of message (sent 21 June 2002) by Bill Studenmund:
> > I'm not sure. What does everyone else think? If the T bits indicate that
> > both sides are fine with skipping authentication, does AuthMethods matter?
>
> I would tend to think of it as a protocol error.  If one part of the
> message indicates that you're insisting on authentication, and another
> part sasys that you are insisting on not doing authentication, you
> must be confused, right?

Uhm, yeah. Makes sense.

But do we say that if you don't want to authenticate, you MUST choose None
as your one AuthMethod? A quick scan of draft 13 (searching occurences of
AuthMethod) didn't indicate so. So it's a laziness within the spec.

Take care,

Bill