RFC Errata
RFC 2865, "Remote Authentication Dial In User Service (RADIUS)", June 2000
Note: This RFC has been updated by RFC 2868, RFC 3575, RFC 5080, RFC 6929, RFC 8044
Source of RFC: radius (ops)
Errata ID: 6915
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: Oleg Pekar
Date Reported: 2022-04-02
Held for Document Update by: Rob Wilton
Date Held: 2024-02-09
Section 5 says:
The Value field is zero or more octets and contains information specific to the Attribute.
It should say:
The Value field is one or more octets and contains information specific to the Attribute.
Notes:
Section "5. Attributes" is ambiguous when it talks about the attribute value size:
First it says: "The Value field is zero or more octets", then it provides 5 possible value data types none of which allows a zero length value. For 'text' type it says: "Text of length zero (0) MUST NOT be sent; omit the entire attribute instead" and the same for 'string' type.
Section "5.26. Vendor-Specific" also says about the value of a vendor-specific attribute "The String field is one or more octets".
Thus the RFC allows empty values for attributes in general but prohibits for any declared types of the attributes.