[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: I-D Action:draft-ietf-radext-dynamic-discovery-00.txt
Alan DeKok [mailto:email@example.com] writes:
> Glen Zorn wrote:
> > Inside of a trusted network? Isn't this, then, a configuration
> > rather than a standards issue?
> If it's *only* inside of a trusted network, yes. But there are
> interests outside of that usage. e.g. Eduroam, and other roaming
> > Maybe you could explain those benefits (and why they were not
> exploited by
> > the folks deploying Diameter).
> Because the deployments of Diameter and RADIUS are largely
> They have different use-cases, and therefore different needs.
> > The only real benefit I can see is in the
> > case where a new server is added to the network or the IP address of
> an old
> > one is changed (surely a rather rare occurrence). Are there others?
> I'm spending a fair bit of time helping people migrate RADIUS servers
> from one IP (and version of software) to another. So while it may seem
> fairly rare, many people see the benefit of an automatic discovery
Of course, what was I thinking? Setting up a CA, issuing client and server
certs and configuring secure DNS is _so_ much simpler than laboriously
typing an IP address. This simplicity must explain the amazing popularity
(indeed, true ubiquity) of the PKI today.
> Alan DeKok.
to unsubscribe send a message to firstname.lastname@example.org with
the word 'unsubscribe' in a single line as the message text body.