[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Clearinghouse/Aggregator Support for CUI

To: radiusext@ops.ietf.org
Subject: Re: Clearinghouse/Aggregator Support for CUI
From: "Alan DeKok" <aland@ox.org>
Date: Mon, 25 Oct 2004 18:12:29 -0400
In-reply-to: Your message of "Mon, 25 Oct 2004 15:57:29 EDT." <F17FB067A86B2D488382C923C532EAA7024A4D2E@exch01.bridgewatersys.com>

Avi Lior <avi@bridgewatersystems.com> wrote:
> Operators and SDO that would use the Opaque value would typically have their
> own security review.

  Which is precisely my concern.

  IMHO, for "hidden" data in CUI, inter-operability is less of a
requirement than is "best practices".  The IETF has a history of
accepting both in documents, and sometimes even in the same document.

> Furthermore when thinking about how one might do this, there are many
> factors to consider and these factors are specific to deployments.  So I am
> not sure if we came up with an example it would have general applicability.

  A well-known method which hides the CUI data from all but the users
home system would cover many common cases.

  Since the CUI is encrypted in a TLS tunnel, but is visible to the
end system, then there is value in continuing that practice when the
CUI is carried an attribute.

  Having a CUI which is private, and requires minimal state keeping by
the home server seems to me to be a good solution.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- RE: Clearinghouse/Aggregator Support for CUI
  - From: Avi Lior <avi@bridgewatersystems.com>

Prev by Date: RE: Clearinghouse/Aggregator Support for CUI
Next by Date: mtg in D.C.?
Previous by thread: RE: Clearinghouse/Aggregator Support for CUI
Next by thread: RE: Clearinghouse/Aggregator Support for CUI
Index(es):
- Date
- Thread