[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Capabilities (was Re: AW: Review of draft-ietf-geopriv-radius-lo-04.txt )

To: "Nelson, David" <dnelson@enterasys.com>, <radiusext@ops.ietf.org>
Subject: RE: Capabilities (was Re: AW: Review of draft-ietf-geopriv-radius-lo-04.txt )
From: "Avi Lior" <avi@bridgewatersystems.com>
Date: Fri, 9 Sep 2005 17:24:32 -0400
Cc: <geopriv-request@ietf.org>

Hi David,

See inline.... 

> -----Original Message-----
> From: owner-radiusext@ops.ietf.org 
> [mailto:owner-radiusext@ops.ietf.org] On Behalf Of Nelson, David
> Sent: Friday, September 09, 2005 4:58 PM
> To: radiusext@ops.ietf.org
> Cc: geopriv-request@ietf.org
> Subject: RE: Capabilities (was Re: AW: Review of 
> draft-ietf-geopriv-radius-lo-04.txt )
> 
> Avi Lior writes...
> 
> > Initially we did exactly that we sent the location 
> information in the 
> > Access-Request.  But Geopriv being about privacy, was concerned what
> if
> > the user did not want to have their location exposed.
> 
> Well, it seems to me that if the user is *really* concerned 
> about disclosure of private information, then no location 
> information should be sent until the identity of the Home AAA 
> server has been authenticated, potentially by an EAP method 
> providing mutual authentication.
> 
> That might mean that location information cannot be sent 
> until the successful completion of authentication, i.e. after 
> the Access-Accept is received at the NAS.  Depending on the 
> level of privacy assurance that GEOPRIV is seeking to obtain, 
> it might be very difficult using the current AAA architectures.

Well I think we are going a bit overboard here.  I appreciate your
commnet but RADIUS and DIAMETER are what they are and a lot worse can
happen if you start to question the trust model of IETF based AAA
protocols.

And under the current charter we are not suppose to fix these issues.

> > And by the way, RADIUS does keep transactional state. 
> 
> The RADIUS protocol was designed so that RADIUS servers could 
> be stateless.  This is achieved by passing the state "cookie" 
> back to the RADIUS clients in the form of the State and Class 
> attributes. 

Exactly.  State is how RADIUS can keep transactional state.
 
> 
> --
> to unsubscribe send a message to 
> radiusext-request@ops.ietf.org with the word 'unsubscribe' in 
> a single line as the message text body.
> archive: <http://psg.com/lists/radiusext/>
> 

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: Capabilities (was Re: AW: Review of draft-ietf-geopriv-radius-lo-04.txt )
  - From: Emile van Bergen <openradius-radextwg@e-advies.nl>

Prev by Date: RE: Capabilities (was Re: AW: Review of draft-ietf-geopriv-radius-lo-04.txt )
Next by Date: Re: Capabilities (was Re: AW: Review of draft-ietf-geopriv-radius-lo-04.txt )
Previous by thread: RE: Capabilities (was Re: AW: Review of draft-ietf-geopriv-radius-lo-04.txt )
Next by thread: Re: Capabilities (was Re: AW: Review of draft-ietf-geopriv-radius-lo-04.txt )
Index(es):
- Date
- Thread