[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Issue 100: Security Considerations (IEEE802 WG Last Call)
"Sanchez, Mauricio (PNB Roseville)" <mauricio.sanchez@hp.com> wrote:
> One could say that the cat is out of the bag. Section 7 was taken mostly
> from existing RFCs, in particular RFC3580. The specific sentence your
> issue relates to already exists verbatim in RFC3580 section 5.3. My
> proposal is to change the last sentence in section 7 to:
>
> "For IEEE 802.X environments, best practices outlined in [RFC3580]
> mandate the use of different RADIUS shared secrets for IEEE 802.1X
> authentication and PAP authentication."
>
> An normative reference will also need to be added to RFC3580 in section
> 8.1.
This change would address any concerns I have.
Alan DeKok.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>