>
As I mentioned in the meeting, this is making a rather huge assumption about
> deployment issues over which the IETF has no control; in addition, the
> experience WRT Diameter security deployment is not especially encouraging.
My understanding is that many Diameter deployments use no security at all,
making them much *less* secure than RADIUS.
And these deployments are with NASes that are considerably more expensive
than a mass market access point.
I'm not sure whether the issue is operational (too hard to configure) or
with the implementation.
My guess is that it's a matter of "security by assertion
and assumption", the assertion being that our internal network is totally
secure from external attack with the assumption that all employees are both
trustworthy & incorruptible…
But something, somewhere, appears to have gone very wrong.