[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Follow up on Authorize Only issue
> For the SSHSM usage case, the question is whether it
> is an unacceptable security risk for a trusted NAS to be
> able to obtain authorization information about a user that
> is not actually "present" at the NAS?
My interpretation is that three respondents (Glen, Alan, Avi) believe
that the answer is "no". The existing RADIUS trust model collapses if
the NAS has been compromised and does nefarious or foolish things.
I'd like to determine if we have consensus on this position. If you
*have* an opinion on this issue, please *respond* whether you agree or
disagree with this assertion.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>