[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DISCUSS and COMMENT: draft-ietf-radext-fixes

To: Alan DeKok <aland@deployingradius.com>
Subject: Re: DISCUSS and COMMENT: draft-ietf-radext-fixes
From: Jari Arkko <jari.arkko@piuha.net>
Date: Thu, 05 Jul 2007 14:44:53 +0200
Cc: iesg@ietf.org, radiusext@ops.ietf.org
In-reply-to: <468CE691.6090703@deployingradius.com>
References: <E1I5mqD-0003rB-8L@ietf.org> <468B3EBA.9070507@nitros9.org> <468CBADA.3040608@piuha.net> <468CE691.6090703@deployingradius.com>
User-agent: Thunderbird 1.5.0.12 (X11/20070604)

Ok for me.

Jari

Alan DeKok kirjoitti:
> Jari Arkko wrote:
> ...
>   
>> This is OK, I think (but it is up to you if you want to add the mitigation
>> feature -- I think at least suggesting Message-Authenticator
>> for every request is a good idea, unless you can see some backwards
>> compatibility issues).
>>     
>
>   I don't see any.  Old RADIUS servers don't validate
> Message-Authenticator, so they will ignore it.  New ones will validate
> it, and will gain from the added security.
>
>   I would prefer that the document says "... clients MUST add a
> Message-Authenticator attribute to every Access-Request".  But I'll
> leave it to the WG for consensus.
>
>   If there's no objection, I'm inclined to change the SHOULD to a MUST.
>
>   Alan DeKok.
>
>
>
>
>   


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- Re: DISCUSS and COMMENT: draft-ietf-radext-fixes
  - From: Alan DeKok <aland@nitros9.org>
- Re: DISCUSS and COMMENT: draft-ietf-radext-fixes
  - From: Jari Arkko <jari.arkko@piuha.net>

Prev by Date: RE: DISCUSS and COMMENT: draft-ietf-radext-fixes
Next by Date: IESG review comments on the RADIUS Issues and Fixes draft
Previous by thread: Re: DISCUSS and COMMENT: draft-ietf-radext-fixes
Next by thread: Review of GEOPRIV Location Specification: -14
Index(es):
- Date
- Thread