[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: draft-ietf-radext-digest-auth-06

To: <radiusext@ops.ietf.org>
Subject: RE: draft-ietf-radext-digest-auth-06
From: "Nelson, David" <dnelson@enterasys.com>
Date: Tue, 18 Oct 2005 10:56:34 -0400
Cc: <miguel.an.garcia@nokia.com>

Does this resolve RADEXT Issue 138?

> The latest version of the draft does no longer contain a link between
> sips/https and
> RADIUS. However, the Security Considerations section names refusing
> sips/https request as one non-normative option to avoid the security
> level mismatch of sips/https and unencrypted RADIUS:
> 
> "To prevent RADIUS from representing the weak link, a RADIUS
> client receiving an HTTP-style request via TLS or IPsec could use an
> equally secure connection to the RADIUS server.  There are several
> ways to achieve this, for example:
>    o  the RADIUS client may reject HTTP-style requests received over
TLS
>       or IPsec
>    o  the RADIUS client require that traffic be sent and received over
>       IPsec.
> RADIUS over IPsec, if used, MUST conform to the requirements
> described in [RFC3579] section 4.2."

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: draft-ietf-radext-digest-auth-06
  - From: Miguel Garcia <Miguel.An.Garcia@nokia.com>

Prev by Date: Capabilities: Moving forward
Next by Date: RE: Call for RADEXT submissions and agenda items for IETF-64
Previous by thread: Re: draft-ietf-radext-digest-auth-06, secure connection
Next by thread: Re: draft-ietf-radext-digest-auth-06
Index(es):
- Date
- Thread