[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: digest-auth, nonce replay issue

To: <wolfgang.beck01@t-online.de>
Subject: RE: digest-auth, nonce replay issue
From: "Glen Zorn \(gwz\)" <gwz@cisco.com>
Date: Thu, 2 Feb 2006 17:29:18 -0800
Cc: <radiusext@ops.ietf.org>

wolfgang.beck01@t-online.de <mailto:wolfgang.beck01@t-online.de> supposedly scribbled:

...

>> Maybe not: I think that it is only necessary for the attacker to be
>> capable of eavesdropping on the conversation between the RADIUS
>> client & server & then masquerading as the client later, possibly by
>> replaying the Access-Request. 
>> 
> RADIUS server and client must use IPSec in the relevant mode anyway,

Searching about in the draft, I can't find any place where the words "MUST" and "IPSec" appear in the same sentence.  I do find several passages that assume that applications can know whether or not the application traffic is protected by IPSec, something that I was unaware was possible...

...

Hope this helps,

~gwz

Why is it that most of the world's problems can't be solved by simply
  listening to John Coltrane? -- Henry Gabriel

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: RE: digest-auth, nonce replay issue
Next by Date: Proposal for extension of Radius Accounting
Previous by thread: RE: digest-auth, nonce replay issue
Next by thread: RE: digest-auth, nonce replay issue
Index(es):
- Date
- Thread