[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: I-D Action:draft-ietf-radext-management-authorization-02.txt
On Mon, Feb 25, 2008 at 08:52:45AM -0500, David B. Nelson wrote:
> The resolution to this particular set of comments was to change the
> attribute to Management-Transport-Protection, and only provision that which
> is important -- the level of protection required for the remote management
> session. The four possible values of this attribute are:
>
> o No-Protection: No transport protection is required. Accept
> connections via any supported transport.
>
> o Integrity-Protection: The management session requires protection
> in a secure or protected transport, that is supported by the
> management access protocol and implementation. The secure
> transport MUST provide Integrity Protection.
>
> o Confidentiality-Protection: The management session requires
> protection in a secure or protected transport, that is supported
> by the management access protocol and implementation. The secure
> transport MUST provide Confidentiality Protection.
>
> o Integrity-Confidentiality-Protection: The management session
> requires protection in a secure or protected transport, that is
> supported by the management access protocol and implementation.
> The secure transport MUST provide both Integrity Protection and
> Confidentiality Protection.
I like the general approach.
I am wondering however how authentication fits into the above list or
whether you assume integrity-protection and confidentiality-protection
imply authentication of the two parties involved.
/js
--
Juergen Schoenwaelder Jacobs University Bremen gGmbH
Phone: +49 421 200 3587 Campus Ring 1, 28759 Bremen, Germany
Fax: +49 421 200 3103 <http://www.jacobs-university.de/>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>