[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [eap] RE: [Isms] RADIUS is not a trusted third party
> Yet NAS takes "go/no-go" decision from RADIUS, and takes the keys to
> talk to the client... If this is not trust - what is it?
There is no IETF standard defining how keys are provided within
RADIUS for exactly that reason -- there is no trust relationship defined
when a proxy is present. The "Housley Criteria" described in RFC 4017 do
not allow disclosure of keys to additional parties.
The problem does not exist in Diameter EAP, which enables keys to
be provided directly without access by proxies.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>