[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: AW: AW: AW: Digest Authentication: Security issue with https/sips
> Consider the following proposal (section RADIUS client behaviour):
> "If the scheme in the digest-uri directive indicates a secure HTTP-style
> connection (eg sips, https) and the RADIUS client does not have a secure
> connection to its RADIUS server, it MUST act as if it had received an
> Access-Reject."
>
> Less comprehensible, but no normative statement for SIP or HTTP.
How can the RADIUS client act like it received an Access-Reject before
even sending an Access-Request?
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>