[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AD review of draft-ietf-radext-management-authorization-05.txt

To: "David B. Nelson" <dnelson@elbrysnetworks.com>
Subject: Re: AD review of draft-ietf-radext-management-authorization-05.txt
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
Date: Fri, 5 Sep 2008 08:27:54 +0200
Cc: radiusext@ops.ietf.org
In-reply-to: <91BEA4F456114FB5A59E736F3E87042D@xpsuperdvd2>
Mail-followup-to: "David B. Nelson" <dnelson@elbrysnetworks.com>, radiusext@ops.ietf.org
References: <EDC652A26FB23C4EB6384A4584434A04F396BA@307622ANEX5.global.avaya.com> <C22815E3A8504C93A8C04896E156D1E8@xpsuperdvd2> <20080904194316.GA11907@elstar.local> <91BEA4F456114FB5A59E736F3E87042D@xpsuperdvd2>
Reply-to: j.schoenwaelder@jacobs-university.de
User-agent: Mutt/1.5.18 (2008-05-17)

On Thu, Sep 04, 2008 at 05:47:10PM -0400, David B. Nelson wrote:
 
> Integrity protection, as used here, is *not* the same as authentication, as
> used in SNMP.  Integrity protection requires the sharing of cryptographic
> keys, but it does not require authenticated principals.  Integrity
> protection could be used, for example, with anonymous Diffie-Hellman key
> agreement.  In SNMP the proof of identity of the principals (authentication)
> is conflated with tamper-resistance of the protected messages (integrity).
> In this document we assume that integrity protection and authentication as
> separate concerns.  Authentication is part of the base RADIUS protocol.
> 
> In SNMP we have auth and noAuth, as well as priv and noPriv.  There is no
> analog to auth or noAuth in this document.  In the ISMS RADIUS Usage
> document, we specifically call that out.  Perhaps it would improve that
> document to include the text above about separation of authentication from
> integrity.

This explanation perfectly makes sense and I am in favour of adding
clarifying text.

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- RE: AD review of draft-ietf-radext-management-authorization-05.txt
  - From: "David B. Nelson" <d.b.nelson@comcast.net>

References:
- AD review of draft-ietf-radext-management-authorization-05.txt
  - From: "Romascanu, Dan (Dan)" <dromasca@avaya.com>
- RE: AD review of draft-ietf-radext-management-authorization-05.txt
  - From: "David B. Nelson" <dnelson@elbrysnetworks.com>
- Re: AD review of draft-ietf-radext-management-authorization-05.txt
  - From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
- RE: AD review of draft-ietf-radext-management-authorization-05.txt
  - From: "David B. Nelson" <dnelson@elbrysnetworks.com>

Prev by Date: Re: AD review of draft-ietf-radext-management-authorization-05.txt
Next by Date: RE: AD review of draft-ietf-radext-management-authorization-05.txt
Previous by thread: RE: AD review of draft-ietf-radext-management-authorization-05.txt
Next by thread: RE: AD review of draft-ietf-radext-management-authorization-05.txt
Index(es):
- Date
- Thread