[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Isssue on CUI-03



No entity other than the home AAA can derive a true user identity from the CUI, so I would recommend that "require a user identity" (above) be changed to "require an authenticated surrogate identity to bind the current session".

[FA] I agree but I am not sure about the word "authenticated".   It could be misleading because there is no way to detect or prevent modification of the CUI by the RADIUS entities outside the home network.  Is it okay to remove the word "authenticated" from your proposed text?

DBN: OK.  I used that phrase because I found it elsewhere in the draft.  :-)

[FA] I am okay with your recommendation -- I think it is a good one!  If there are not any objections from others, I will update the document based on your comments.

DBN:  Thanks.  

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>