Re: draft-ietf-radext-digest-auth-06

[Miguel Garcia <Miguel.An.Garcia@nokia.com>]

As far as I know version -06 is not available yet. The latest available 
version is -05, where the issue is still present.

Once we have seen version -06 or a preliminary version I can comment.

/Miguel

Nelson, David wrote:
> Does this resolve RADEXT Issue 138?
>
>
> > The latest version of the draft does no longer contain a link between
> > sips/https and
> > RADIUS. However, the Security Considerations section names refusing
> > sips/https request as one non-normative option to avoid the security
> > level mismatch of sips/https and unencrypted RADIUS:
> >
> > "To prevent RADIUS from representing the weak link, a RADIUS
> > client receiving an HTTP-style request via TLS or IPsec could use an
> > equally secure connection to the RADIUS server.  There are several
> > ways to achieve this, for example:
> >   o  the RADIUS client may reject HTTP-style requests received over
>
> TLS
>
> >      or IPsec
> >   o  the RADIUS client require that traffic be sent and received over
> >      IPsec.
> > RADIUS over IPsec, if used, MUST conform to the requirements
> > described in [RFC3579] section 4.2."

--
Miguel A. Garcia           tel:+358-50-4804586
sip:miguel.an.garcia@openlaboratory.net
Nokia Research Center      Helsinki, Finland


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>