[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [SPAM: Sexually Explicit] RE: RADIUS-Mobile IP support??: RAD EXT WG Charter
Charlie,
Essentially you are saying that sending shared secret from the location
where it is securely stored to another device over RADIUS proxy chain is a
good idea?
-Kuntal
>-----Original Message-----
>From: Charles E. Perkins [mailto:charliep@iprg.nokia.com]
>Sent: Wednesday, May 19, 2004 7:50 PM
>To: Chowdhury, Kuntal [RICH1:2H18:EXCH]
>Cc: Lila Madour (QA/EMC); Nakhjiri Madjid-MNAKHJI1;
>radiusext@ops.ietf.org; Pete McCann; tom.hiller@lucent.com
>Subject: Re: [SPAM: Sexually Explicit] RE: RADIUS-Mobile IP
>support??: RADEXT WG Charter
>
>
>Hello Kuntal,
>
>> Kuntal Chowdhury wrote:
>>
>>We cannot assume that the HA and the HAAA server SHALL always
>be in the
>>same administrative domain.
>>
>That means another solution is required for expanded
>applicability. It doesn't mean that the offered solution is
>inappropriate for its domain of applicability.
>
>> Moreover, for RADIUS, every proxy in the PATH will
>>see the MN-HA shared secret.
>>
>>
>Well, since the secret didn't exist at all anyway until the
>AAAH created it, I don't see the big deal here. If there is
>some worry, then:
>(a) use a shorter lifetime and/or
>(b) use another key when moving to another domain
>
>>Again, this issue should be discussed with security area folks.
>>
>>
>They've looked at it pretty close a few dozen
>times by now I reckon.
>
>Regards,
>Charlie P.
>
>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>