[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

draft-ietf-radext-digest-auth-06

To: radiusext@ops.ietf.org
Subject: draft-ietf-radext-digest-auth-06
From: "wolfgang.beck01@t-online.de" <wolfgang.beck01@t-online.de>
Date: Mon, 17 Oct 2005 12:07:09 +0200
Cc: aboba@internaut.com, miguel.an.garcia@nokia.com

The latest version of the draft does no longer contain a link between
sips/https and
RADIUS. However, the Security Considerations section names refusing
sips/https request as one non-normative option to avoid the security
level mismatch of sips/https and unencrypted RADIUS:

"To prevent RADIUS from representing the weak link, a RADIUS
client receiving an HTTP-style request via TLS or IPsec could use an
equally secure connection to the RADIUS server.  There are several
ways to achieve this, for example:
   o  the RADIUS client may reject HTTP-style requests received over TLS
      or IPsec
   o  the RADIUS client require that traffic be sent and received over
      IPsec.
RADIUS over IPsec, if used, MUST conform to the requirements
described in [RFC3579] section 4.2."



Wolfgang



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: draft-ietf-radext-digest-auth-06
  - From: Emile van Bergen <openradius-radextwg@e-advies.nl>

Prev by Date: Re: Capabilities complexity summary
Next by Date: Re: draft-ietf-radext-digest-auth-06
Previous by thread: Re: Capabilities complexity summary
Next by thread: Re: draft-ietf-radext-digest-auth-06
Index(es):
- Date
- Thread