[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AW: AW: AW: Digest Authentication: Security issue with https/sips

To: Bernard Aboba <aboba@internaut.com>
Subject: Re: AW: AW: AW: Digest Authentication: Security issue with https/sips
From: Miguel Garcia <Miguel.An.Garcia@nokia.com>
Date: Fri, 23 Sep 2005 16:27:46 +0300
Cc: "Beck01, Wolfgang" <BeckW@t-systems.com>, radiusext@ops.ietf.org
In-reply-to: <Pine.LNX.4.61.0509230611260.17570@internaut.com>
References: <97A461F3EE5284469E41ED3728202F41121EB8@S4DE9JSAAMW.ost.t-com.de> <Pine.LNX.4.61.0509230611260.17570@internaut.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax)

Bernard Aboba wrote:

Consider the following proposal (section RADIUS client behaviour):
"If the scheme in the digest-uri directive indicates a secure HTTP-style
connection (eg sips, https) and the RADIUS client does not have a secure
connection to its RADIUS server, it MUST act as if it had received an
Access-Reject."
Less comprehensible, but no normative statement for SIP or HTTP.
How can the RADIUS client act like it received an Access-Reject before even sending an Access-Request?

Presumably it refers to the fact that the RADIUS client could take the same local actions that it will take when it receives an Access-Reject... namely, inform the SIP/HTTP server about it.

But I still disagree with the fact under discussion: first, the lack of encryption of the RADIUS interface puts a penalty to the users that are tring just to encrypt the communication. This IMHO deviates from the main point of using a secure URI (sips, https).

/Miguel

--
Miguel A. Garcia           tel:+358-50-4804586
sip:miguel.an.garcia@openlaboratory.net
Nokia Research Center      Helsinki, Finland


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- AW: AW: AW: Digest Authentication: Security issue with https/sips
  - From: "Beck01, Wolfgang" <BeckW@t-systems.com>
- Re: AW: AW: AW: Digest Authentication: Security issue with https/sips
  - From: Bernard Aboba <aboba@internaut.com>

Prev by Date: Re: AW: AW: AW: Digest Authentication: Security issue with https/sips
Next by Date: Internet-Drafts Submission Cutoff Dates for the 64th IETF Meeting in Vancouver, British Columbia, Canada (fwd)
Previous by thread: Re: AW: AW: AW: Digest Authentication: Security issue with https/sips
Next by thread: Internet-Drafts Submission Cutoff Dates for the 64th IETF Meeting in Vancouver, British Columbia, Canada (fwd)
Index(es):
- Date
- Thread