[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Issue 7] Message Authenticator
Wolfgang Beck wrote:
"RFC 2869 is informational. I see that it is useful but
I hesitate to make it mandatory.
new text:
'Informational RfC 3579 [RFC3579], section 3.2 describes
a Message-Authenticator attribute which MAY be used to protect the
integrity of RADIUS messages.'"
Omitting Message-Authenticator enables an attacker to forge Access-Request
packets. The reason RFC 3579 could not make use of Message-Authenticator
mandatory for all RADIUS packets (just for packets containing an
EAP-Message attribute) was because Message-Authenticator was not required
in RFC 2865, so that it was not sent by legacy RADIUS-clients.
That problem does not occur here; Digest Authentication is a new RADIUS
capability.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>