[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: AW: HTTP digest and RADIUS; new version of the Sterman draft

To: jari.arkko@piuha.net
Subject: AW: AW: HTTP digest and RADIUS; new version of the Sterman draft
From: "Beck01, Wolfgang" <BeckW@t-systems.com>
Date: Thu, 12 Feb 2004 10:40:25 +0100
Cc: radiusext@ops.ietf.org


-----Ursprungliche Nachricht-----
Von: Jari Arkko [mailto:jari.arkko@piuha.net]
Gesendet: Donnerstag, 12. Februar 2004 09:29
An: Beck, Wolfgang
Cc: john.loughney@nokia.com; radiusext@ops.ietf.org
Betreff: Re: AW: HTTP digest and RADIUS; new version of the Sterman
draft

Jari Arkko wrote:
>> Beck01, Wolfgang wrote:

>> Open issues: I hope that I have addressed all the issues that were
>> raised in Minneapolis.

> What about support for other algorithms than MD5? This was one
> of my comments in Minneapolis. I took a new look at the draft.
> It does not say anything about this, but on the other hand my
> quick look did not reveal anything which would prevent them from
> being supported. Can you say if you support them or not? Say, RFC
> 3310 support is included?
Other algorithms are supported as long as they don't define additional
parameters. RfC 3310 defines a new 'auths' parameter, which would
require an additional RADIUS (sub-)attribute. I am not sure if a
general procedure can be valid for all possible algorithms.

> My second significant comment at some point was the interoperation
> with Diameter-based SIP AAA. I think this is a requirement. Can
> you provide a section that explains how and under what limitations
> this and draft-ietf-aaa-diameter-sip-app can work together?
Sure. For example, draft-ietf-aaa-diameter-sip-app defines a
SIP-Authentication-Context AVP which holds the SIP message body
for qop=auth-int. draft-sterman-aaa-sip-01 saves space by calculating
the body digest in the RADIUS client. As the maximum length of RADIUS
messages is limited to 4096, I see no way around some kind of compression.
DIAMETER allows much larger messages, but pre-computation of the body
digest might be a good idea for this protocol, too.


Wolfgang


Thanks,

--Jari

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: AW: AW: HTTP digest and RADIUS; new version of the Sterman draft
  - From: Jari Arkko <jari.arkko@piuha.net>

Prev by Date: RE: AW: HTTP digest and RADIUS; new version of the Sterman draft
Next by Date: Re: AW: AW: HTTP digest and RADIUS; new version of the Sterman draft
Previous by thread: AW: HTTP digest and RADIUS; new version of the Sterman draft
Next by thread: Re: AW: AW: HTTP digest and RADIUS; new version of the Sterman draft
Index(es):
- Date
- Thread