[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Scope of applicability for CUI

To: radiusext@ops.ietf.org
Subject: Re: Scope of applicability for CUI
From: "Alan DeKok" <aland@ox.org>
Date: Wed, 22 Dec 2004 18:25:20 -0500
In-reply-to: Your message of "Wed, 22 Dec 2004 11:34:49 EST." <F17FB067A86B2D488382C923C532EAA7024A4E9A@exch01.bridgewatersys.com>

Avi Lior <avi@bridgewatersystems.com> wrote:
> Not 100% accurate. User-Name may only be used for routing. Right?

  ... to the home server, which is the only one that can establish
user identity.  In addition, the User-Name often contains the identity
of the home server.

  It's a matter of getting to a common terminology.

> Again not 100% accurate.  We can't really say what class is used for.

  It's used by each proxying server, to associate it's local, private,
meaning to a session.

> So to make sure that we are 100% accurate: the identity is not for for the
> homenetwork its for the those outside the homenetwork that require this
> assertion by the home network to do business.

  I agree.

> I suppose this can be correct.  That is if we agree that Class is used for
> identity tracking.

  Not "user" identity, but "session" identity.

> -We can't use Class to do what we want because the standards already tell us
> what Class is used for.

  Agreed.

  I just want to be sure I understand the threat models of CUI, and
that it's design and/or description addresses those threats.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- RE: Scope of applicability for CUI
  - From: Avi Lior <avi@bridgewatersystems.com>

Prev by Date: RE: Scope of applicability for CUI
Next by Date: Re: Scope of applicability for CUI
Previous by thread: RE: Scope of applicability for CUI
Next by thread: RE: Scope of applicability for CUI
Index(es):
- Date
- Thread