AW: HTTP digest and RADIUS; new version of the Sterman draft

["Beck01, Wolfgang" <BeckW@t-systems.com>]

John Loughney wrote:
>> After re-checking the announcement list, I found that
>> http://www.ietf.org/internet-drafts/draft-sterman-aaa-sip-01.txt
>> is already available. It now has a Security Considerations section
>> and I've added support for Authentication-Info.

> Could you send a more detailed mail on what changes you have made,
> and what are the open issues which need further discussion?
Well, I have added some motivational paragraphs why HTTP digest support
for RADIUS is required in some environments. And when to choose DIAMETER
instead. There is a comparison of the SIP AAA options an operator has today.
I've added a step-by-step description of the RADIUS client and RADIUS
server behaviour. As the original draft was quite old, I had to update
most of the references and the authors' addresses.

To improve security, RADIUS clients that accept secured connections from
their SIP / HTTP clients are now required to have a secured connection to
the RADIUS server. RADIUS servers must return a Authentication-Info digest.

Open issues: I hope that I have addressed all the issues that were
raised in Minneapolis. There is the sub-attribute discussion, of course.
The draft needs official IANA assigned attribute types instead of the
experimental ones mentioned in -00. I could live without sub-attributes
but I haven't heard a really convincing technical argument against them.


Wolfgang Beck

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>