[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [SPAM: Sexually Explicit] RE: RADIUS-Mobile IP support??: RAD EXT WG Charter



Hi Kuntal

I agree what Charlie. The problems of RADIUS supporting Mobile IP extensions and RADIUS hop by hop security are different. Although solutions to both is required for some scenarios, that is not always the case. Lets remember I am not asking radext to solve all MIP security problems (if they exist). 
If I had issues with security of MIP, I would go to MIP mailing list, not this list. And for folks interested in those issues, please lets meet over at MIP list! 
I am saying MIPv4 and its key mgmt drafts as protocols being standardized by IETF need support for RADIUS, which also is an IETF protocol.  For folks that argue 3GPP2 has done it this way or the other, I should say: 
The interoperability problems for IETF protocols "Must" be resolved in IETF, not in other SDOs. What would you tell IEEE folks, or APCO folks? Please go to 3GPP32 for the second half of the solution?

IETF AAA community has acknowledged RADIUS problems and solved many of those in Diameter, but Diameter has a small deployment base, please show me a Diameter vendor that supports all IETF specs and I may just go buy from them. 
The problem is people are stuck with RADIUS for a while and if you are using Mobile IP, problems needs to be solved.

I can understand the group might be having a pressing charter, but I don't buy the argument of "there is no need because 3GPP2 has done it since 2000".
Technology grows!

Regards,

Madjid


-----Original Message-----
From: Charles E. Perkins [mailto:charliep@iprg.nokia.com]
Sent: Wednesday, May 19, 2004 7:50 PM
To: Kuntal Chowdhury
Cc: Lila Madour (QA/EMC); Nakhjiri Madjid-MNAKHJI1;
radiusext@ops.ietf.org; Pete McCann; tom.hiller@lucent.com
Subject: Re: [SPAM: Sexually Explicit] RE: RADIUS-Mobile IP support??:
RADEXT WG Charter


Hello Kuntal,

> Kuntal Chowdhury wrote:
>
>We cannot assume that the HA and the HAAA server SHALL always be in the same
>administrative domain.
>
That means another solution is required for expanded applicability.
It doesn't mean that the offered solution is inappropriate for its
domain of applicability.

> Moreover, for RADIUS, every proxy in the PATH will
>see the MN-HA shared secret. 
>  
>
Well, since the secret didn't exist at all anyway until the
AAAH created it, I don't see the big deal here.
If there is some worry, then:
(a) use a shorter lifetime and/or
(b) use another key when moving to another domain

>Again, this issue should be discussed with security area folks.
>  
>
They've looked at it pretty close a few dozen
times by now I reckon.

Regards,
Charlie P.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>