[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D Action:draft-ietf-radext-management-authorization-02.txt

To: "David B. Nelson" <d.b.nelson@comcast.net>, radiusext@ops.ietf.org
Subject: Re: I-D Action:draft-ietf-radext-management-authorization-02.txt
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
Date: Tue, 26 Feb 2008 13:33:35 +0100
In-reply-to: <20080226104643.GB2112@elstar.local>
Mail-followup-to: "David B. Nelson" <d.b.nelson@comcast.net>, radiusext@ops.ietf.org
References: <20080225050001.D022F3A6B98@core3.amsl.com> <147101c877b5$b3c00170$011716ac@NEWTON603> <20080226104643.GB2112@elstar.local>
Reply-to: j.schoenwaelder@jacobs-university.de
User-agent: Mutt/1.5.17 (2007-11-01)

On Tue, Feb 26, 2008 at 11:46:43AM +0100, Juergen Schoenwaelder wrote:
> On Mon, Feb 25, 2008 at 08:52:45AM -0500, David B. Nelson wrote:
> 
> > The resolution to this particular set of comments was to change the
> > attribute to Management-Transport-Protection, and only provision that which
> > is important -- the level of protection required for the remote management
> > session.  The four possible values of this attribute are:
> > 
> >    o  No-Protection: No transport protection is required.  Accept
> >       connections via any supported transport.
> > 
> >    o  Integrity-Protection: The management session requires protection
> >       in a secure or protected transport, that is supported by the
> >       management access protocol and implementation.  The secure
> >       transport MUST provide Integrity Protection.
> > 
> >    o  Confidentiality-Protection: The management session requires
> >       protection in a secure or protected transport, that is supported
> >       by the management access protocol and implementation.  The secure
> >       transport MUST provide Confidentiality Protection.
> > 
> >    o  Integrity-Confidentiality-Protection: The management session
> >       requires protection in a secure or protected transport, that is
> >       supported by the management access protocol and implementation.
> >       The secure transport MUST provide both Integrity Protection and
> >       Confidentiality Protection.
> 
> I like the general approach.
> 
> I am wondering however how authentication fits into the above list or
> whether you assume integrity-protection and confidentiality-protection
> imply authentication of the two parties involved.

I now realize that my comment is kind of stupid since the fact that
there is a RADIUS request kind of implies authentication happening.

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- RE: I-D Action:draft-ietf-radext-management-authorization-02.txt
  - From: "David B. Nelson" <d.b.nelson@comcast.net>

References:
- I-D Action:draft-ietf-radext-management-authorization-02.txt
  - From: Internet-Drafts@ietf.org
- RE: I-D Action:draft-ietf-radext-management-authorization-02.txt
  - From: "David B. Nelson" <d.b.nelson@comcast.net>
- Re: I-D Action:draft-ietf-radext-management-authorization-02.txt
  - From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>

Prev by Date: Re: I-D Action:draft-ietf-radext-management-authorization-02.txt
Next by Date: RE: I-D Action:draft-ietf-radext-management-authorization-02.txt
Previous by thread: Re: I-D Action:draft-ietf-radext-management-authorization-02.txt
Next by thread: RE: I-D Action:draft-ietf-radext-management-authorization-02.txt
Index(es):
- Date
- Thread