Re: Scope of applicability for CUI

[Barney Wolff <barney@databus.com>]

On Thu, Dec 16, 2004 at 06:14:09PM -0500, Avi Lior wrote:
> 
> We already mention in the document that CUI is useable when EAP is used and
> in particular when EAP methods hide the user identity.
> 
> What I am opposed to is mandating that the only case for CUI is tied to the
> use of EAP. Operationaly it does not depend on EAP. There could be other
> uses in the future.  So the current text in the draft is sufficient.

To me, the crucial issue is when support for CUI is *required*.  I'm
perfectly comfortable with people finding other uses for CUI, in
environments where it's already supported or where all parties agree
to support it.  I would oppose making it a requirement for RADIUS
compatibility in "traditional" environments - but I don't think anyone
so far has done that.

If a particular proxy owner wants to demand CUI support as a condition
of doing business, it certainly has the right to do so.  It may or may
not be wise business policy.  That's for the market to determine, if we
are wise and make CUI support strictly optional.

Barney

-- 
Barney Wolff         http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>