[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Issue with SIP - Need for Message-Authenticator

To: "Beck01, Wolfgang" <BeckW@t-systems.com>, radiusext@ops.ietf.org
Subject: Issue with SIP - Need for Message-Authenticator
From: Avi Lior <avi@bridgewatersystems.com>
Date: Thu, 26 Aug 2004 05:07:07 -0400

Wolfgang,

In the SIP doc I think you need to use Message-Authenticator(80) in the
access request.

The problem is this:  without using a field such as CHAP-Password or
Password, the RADIUS server has no way to validate that the Access-Request
is arriving from a valid NAS.

Message-Authenticator(80) is used to provide integrity protection for the
entire Access-Request packet and can be used by the RADIUS Server to
validate that the packet was received from a known Client (since the
Message-Authenticator uses a shared secret shared by the Client-Server.)



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: Issue with SIP - Need for Message-Authenticator
  - From: Bernard Aboba <aboba@internaut.com>

Prev by Date: open issue: rspauth generation not possible if RADIUS server choo ses nonces and qop=auth-int
Next by Date: Re: Issue with SIP - Need for Message-Authenticator
Previous by thread: open issue: rspauth generation not possible if RADIUS server choo ses nonces and qop=auth-int
Next by thread: Re: Issue with SIP - Need for Message-Authenticator
Index(es):
- Date
- Thread