[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Follow up on Authorize Only issue

To: <isms@ietf.org>, <radiusext@ops.ietf.org>
Subject: RE: Follow up on Authorize Only issue
From: "Nelson, David" <dnelson@enterasys.com>
Date: Fri, 21 Jul 2006 16:43:47 -0400

> For the SSHSM usage case, the question is whether it 
> is an unacceptable security risk for a trusted NAS to be 
> able to obtain authorization information about a user that
> is not actually "present" at the NAS?

My interpretation is that three respondents (Glen, Alan, Avi) believe
that the answer is "no".  The existing RADIUS trust model collapses if
the NAS has been compromised and does nefarious or foolish things.

I'd like to determine if we have consensus on this position.  If you
*have* an opinion on this issue, please *respond* whether you agree or
disagree with this assertion.


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: RE: Follow up on Authorize Only issue (was RE: [Isms] ISMS session
Next by Date: RE: Follow up on Authorize Only issue
Previous by thread: Issues & fixes (was Re: Tagged attibutes )
Next by thread: RE: Follow up on Authorize Only issue
Index(es):
- Date
- Thread