[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: "Last Look" at the RADIUS Design Guidelines document
> -----Original Message-----
> From: Alan DeKok [mailto:aland@deployingradius.com]
> Sent: Monday, December 21, 2009 12:19 AM
> To: Bernard Aboba
> Cc: Joseph Salowey (jsalowey); radiusext@ops.ietf.org
> Subject: Re: "Last Look" at the RADIUS Design Guidelines document
>
> Bernard Aboba wrote:
> > It also occurs to me that some of the same security risks could be
> > present in simple attributes. For example, even though a "string"
> > attribute might be widely implemented, if an attribute
> incorporates a
> > new concatenation mechanism,
>
> Then it involves changes to the basic operating model of
> RADIUS, where attributes are independent. This requires code
> changes, and all that implies.
>
[Joe] Regardless of whether it changes the basic processing model of
RADIUS or not, the processing of "string" attribtues has the same
security implications of complex attributes.
> Alan DeKok.
>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>