[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IESG review DISCUSS on draft-ietf-radext-management-authorization-06.txt
[IESG Evaluation COMMENT] from Jari Arkko
> I find it unfortunate that the document does not define
> an attribute to distinguish SSH and other forms of
> command line protocols from each other. Or has such an
> attribute already been defined somewhere else?
That feature existed in previous revisions of the draft. It was taken out
because the RADEXT WG and the ISMS WG agreed that it was "overkill" to
specify the access mechanism that narrowly. The problem is that once you go
down that path, there are lots and lots of properties of such secure
transports that one may wish to specify, such as authentication methods,
cipher-suites, key lengths, key lifetimes, certificate chains, etc. The WG
thought it prudent to "just don't go there".
After further discussion on the RADEXT mailing list and at IETF-74 the
recommendation is to honor the WG consensus in this regard. For that
reason, we believe that no change to the draft is required.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>