[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Review of draft-zorn-radius-keywrap-07.txt



>> >> In speaking with Russ Housely on the key-wrap issues, Russ
indicated
>> >> that it would need to be on an end-to-end basis.
>> 
>> Except that that's not how RADIUS works...
>
>Right.  RADIUS security is between a RADIUS client and server.  There
are 
>no other entities involved. 

Correct. Further, while proxies exist in the RADIUS world, and are
mentioned in various drafts, clearly fixing how proxies should work,
from transport to security, is a much bigger work item, and one that I
would caution the WG to embark on. I believe that for customers that
have interest in secure, reliable proxies, then the work in AAA should
be used instead.

I'd like to thank Bernard on his excellent review and comments. I am
encouraged to see that he is positive on the work in progress - this is
goodness to the Internet Community, who really needs a more secure key
delivery mechanism in RADIUS, while minimizing impact on backward
compatibility.

Pat Calhoun
CTO, Wireless Networking Business Unit
Cisco Systems

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>