[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: RADIUS-Mobile IP support??: RADEXT WG Charter

To: "Charles E. Perkins" <charliep@iprg.nokia.com>, Nakhjiri Madjid-MNAKHJI1 <Madjid.Nakhjiri@motorola.com>
Subject: RE: RADIUS-Mobile IP support??: RADEXT WG Charter
From: "Kuntal Chowdhury" <chowdury@nortelnetworks.com>
Date: Wed, 19 May 2004 18:18:11 -0400
Cc: radiusext@ops.ietf.org, Pete McCann <mccap@lucent.com>, tom.hiller@lucent.com

Charlie,

sending a users (static or long lived) shared-secret over the wire opens up
for attacks. If the MN-HA shared secret is compromised, MIP4 will run into
serious security issue. That's why it is a bad idea.

-Kuntal

>-----Original Message-----
>From: Charles E. Perkins [mailto:charliep@iprg.nokia.com] 
>Sent: Wednesday, May 19, 2004 5:11 PM
>To: Nakhjiri Madjid-MNAKHJI1
>Cc: Chowdhury, Kuntal [RICH1:2H18:EXCH]; 
>radiusext@ops.ietf.org; Pete McCann; tom.hiller@lucent.com
>Subject: RE: RADIUS-Mobile IP support??: RADEXT WG Charter
>
>
>
>Hello folks,
>
>Since I'm receiving these e-mails, perhaps someone could enlighten me:
>
>>2. The distribution of MN-HA shared-secret to the HA (from 
>HAAAs) is a 
>>bad practice. We are not doing that for MIP6 and we may fix that in a 
>>bug fix release for MIP4.
>>  
>>
>Why is this a bad idea?
>
>I thought it was pretty good, actually...
>
>
>Regards,
>Charlie P.
>

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: RE: RADIUS-Mobile IP support??: RADEXT WG Charter
Next by Date: RE: RADIUS-Mobile IP support??: RADEXT WG Charter
Previous by thread: RE: RADIUS-Mobile IP support??: RADEXT WG Charter
Next by thread: RE: RADIUS-Mobile IP support??: RADEXT WG Charter
Index(es):
- Date
- Thread