[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: REMINDER: RADEXT WG Last call on "Extended RADIUS Attributes"

To: "'Alan DeKok'" <aland@deployingradius.com>
Subject: RE: REMINDER: RADEXT WG Last call on "Extended RADIUS Attributes"
From: "Glen Zorn" <glenzorn@comcast.net>
Date: Fri, 15 Aug 2008 23:59:37 +0700
Cc: "'Stefan Winter'" <stefan.winter@restena.lu>, <radiusext@ops.ietf.org>
In-reply-to: <48A486FC.40007@deployingradius.com>
References: <Pine.LNX.4.64.0808131905510.24114@internaut.com> <48A40157.2050706@restena.lu> <000701c8fdfe$5e220ef0$1a662cd0$@net> <EDC652A26FB23C4EB6384A4584434A04ECC5A7@307622ANEX5.global.avaya.com> <48A419C8.2030308@restena.lu> <004f01c8fe33$ed1b84d0$c7528e70$@net> <48A486FC.40007@deployingradius.com>

Alan DeKok [mailto:aland@deployingradius.com] writes:

> Glen Zorn wrote:
> >> Alan's wording "The More Flag MUST NOT be set if the Length is less
> >> than
> >> 255." sounds good to me.
> >
> > My point was that making these kinds of rules is pointless: if
> someone wants
> > to split "Hello" into 5 separate attributes they either have a very
> good
> > reason to do so that none of us can foresee or they will soon be
> finding
> > gainful employment in a different field.  In any case, it's not
> possible to
> > protect people from their own stupidity (besides, they could still do
> it
> > with tags).
> 
>   It's only one sentence.  

A sentence here, a sentence there & pretty soon you're outlawing driving
while blindfolded (http://www.whatcar.com/news-article.aspx?NA=229117)...

> And it will stop the stupid people from
> afflicting everyone else.

No, they can still do it (even more stupidly) with tags...

> 
>   RFC 2865 has comments saying:
> 
>       The secret MUST NOT be empty (length 0) since this would allow
>       packets to be trivially forged.
> 
>   Which were inserted because of real-world exposure to implementations
> having *no* configuration for shared secrets. (i.e. they were always
> NUL).

That may be stupid, or not, depending upon the level of other security in
the network...

> 
>   Alan DeKok.



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- REMINDER: RADEXT WG Last call on "Extended RADIUS Attributes"
  - From: Bernard Aboba <aboba@internaut.com>
- Re: REMINDER: RADEXT WG Last call on "Extended RADIUS Attributes"
  - From: Stefan Winter <stefan.winter@restena.lu>
- RE: REMINDER: RADEXT WG Last call on "Extended RADIUS Attributes"
  - From: "Glen Zorn" <glenzorn@comcast.net>
- RE: REMINDER: RADEXT WG Last call on "Extended RADIUS Attributes"
  - From: "Romascanu, Dan (Dan)" <dromasca@avaya.com>
- Re: REMINDER: RADEXT WG Last call on "Extended RADIUS Attributes"
  - From: Stefan Winter <stefan.winter@restena.lu>
- RE: REMINDER: RADEXT WG Last call on "Extended RADIUS Attributes"
  - From: "Glen Zorn" <glenzorn@comcast.net>
- Re: REMINDER: RADEXT WG Last call on "Extended RADIUS Attributes"
  - From: Alan DeKok <aland@deployingradius.com>

Prev by Date: RE: REMINDER: RADEXT WG Last call on "Extended RADIUS Attributes"
Next by Date: RE: REMINDER: RADEXT WG Last call on "Extended RADIUS Attributes"
Previous by thread: Re: REMINDER: RADEXT WG Last call on "Extended RADIUS Attributes"
Next by thread: RE: REMINDER: RADEXT WG Last call on "Extended RADIUS Attributes"
Index(es):
- Date
- Thread