[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: REMINDER: RADEXT WG Last Call on "Crypto-Agility Requirements for RADIUS"

To: <radiusext@ops.ietf.org>
Subject: RE: REMINDER: RADEXT WG Last Call on "Crypto-Agility Requirements for RADIUS"
From: "David B. Nelson" <dnelson@elbrysnetworks.com>
Date: Wed, 15 Oct 2008 13:28:56 -0400
In-reply-to: <AC1CFD94F59A264488DC2BEC3E890DE506B78DD9@xmb-sjc-225.amer.cisco.com>
Organization: Elbrys Networks, Inc.
References: <Pine.LNX.4.64.0808131904270.24114@internaut.com> <AC1CFD94F59A264488DC2BEC3E890DE5065592E5@xmb-sjc-225.amer.cisco.com> <D4371E585AF84CD5BDF3EC1F35DABB59@xpsuperdvd2> <AC1CFD94F59A264488DC2BEC3E890DE5065CB35C@xmb-sjc-225.amer.cisco.com> <7215774374A94535A323C71758E60AA7@xpsuperdvd2> <C67C2CBFCD0D4F5BB3A374D82FC51662@xpsuperdvd2> <AC1CFD94F59A264488DC2BEC3E890DE506B78DD9@xmb-sjc-225.amer.cisco.com>

Joseph Salowey writes...
 
> Here is text for section 4.6:

Thanks!  If no one objects, I'll incorporate that text into the next draft
version.

> I'm not sure what to provide for text for negotiation, because
> RADIUS does not support capability negotiation.

Right.  It comes down to the RADIUS client advertising what it can support,
by means of hint attributes included in the Access-Request packet, and the
RADIUS server picking at most one of the options.  The client doesn't get to
exercise its "preferences" here, but that's the basic nature of RADIUS, is
it not?  An Access-Reject packet means that either (a) the offered
cipher-suites were not acceptable or (b) something else about the
Access-Request was unacceptable / invalid.  In either case, you're not
getting access, at least without first contacting the system administrator.

The end user gets no indication of this, other than the fact that access is
denied.  Does it make a whole lot of difference to the user as to why?  If
it involves a Help Desk call in any event, and the system administrator can
determine the failure reason from the server logs, isn't that enough for a
simple solution?



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- RE: REMINDER: RADEXT WG Last Call on "Crypto-Agility Requirements for RADIUS"
  - From: Bernard Aboba <bernard_aboba@hotmail.com>

References:
- REMINDER: RADEXT WG Last Call on "Crypto-Agility Requirements for RADIUS"
  - From: Bernard Aboba <aboba@internaut.com>
- RE: REMINDER: RADEXT WG Last Call on "Crypto-Agility Requirements for RADIUS"
  - From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
- RE: REMINDER: RADEXT WG Last Call on "Crypto-Agility Requirements for RADIUS"
  - From: "David B. Nelson" <dnelson@elbrysnetworks.com>
- RE: REMINDER: RADEXT WG Last Call on "Crypto-Agility Requirements for RADIUS"
  - From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
- RE: REMINDER: RADEXT WG Last Call on "Crypto-Agility Requirements for RADIUS"
  - From: "David B. Nelson" <dnelson@elbrysnetworks.com>
- RE: REMINDER: RADEXT WG Last Call on "Crypto-Agility Requirements for RADIUS"
  - From: "David B. Nelson" <dnelson@elbrysnetworks.com>
- RE: REMINDER: RADEXT WG Last Call on "Crypto-Agility Requirements for RADIUS"
  - From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>

Prev by Date: RE: REMINDER: RADEXT WG Last Call on "Crypto-Agility Requirements for RADIUS"
Next by Date: RE: REMINDER: RADEXT WG Last Call on "Crypto-Agility Requirements for RADIUS"
Previous by thread: RE: REMINDER: RADEXT WG Last Call on "Crypto-Agility Requirements for RADIUS"
Next by thread: RE: REMINDER: RADEXT WG Last Call on "Crypto-Agility Requirements for RADIUS"
Index(es):
- Date
- Thread