RE: Follow up on Authorize Only issue

["Joseph Salowey \(jsalowey\)" <jsalowey@cisco.com>]

I agree with Avi, Glen and Alan.   

> -----Original Message-----
> From: owner-radiusext@ops.ietf.org 
> [mailto:owner-radiusext@ops.ietf.org] On Behalf Of Nelson, David
> Sent: Friday, July 21, 2006 1:44 PM
> To: isms@ietf.org; radiusext@ops.ietf.org
> Subject: RE: Follow up on Authorize Only issue
> 
> > For the SSHSM usage case, the question is whether it is an 
> > unacceptable security risk for a trusted NAS to be able to obtain 
> > authorization information about a user that is not actually 
> "present" 
> > at the NAS?
> 
> My interpretation is that three respondents (Glen, Alan, Avi) 
> believe that the answer is "no".  The existing RADIUS trust 
> model collapses if the NAS has been compromised and does 
> nefarious or foolish things.
> 
> I'd like to determine if we have consensus on this position.  If you
> *have* an opinion on this issue, please *respond* whether you 
> agree or disagree with this assertion.
> 
> 
> --
> to unsubscribe send a message to 
> radiusext-request@ops.ietf.org with the word 'unsubscribe' in 
> a single line as the message text body.
> archive: <http://psg.com/lists/radiusext/>
> 

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>