[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Chargeable-User-Identity
Tomasz Wolniewicz writes...
> I still think that providing an option for the Operator-Name
> to carry something Operator-Name related, but otherwise not
> obvious, could be useful in various applications...
In other words, an obfuscated name for the operator. From a security
(privacy protection) perspective, simply using an obfuscated name for each
visited network won't provide very much protection if the same name string
is used in each request, as the operator's name can likely be derived by
correlating the source of the messages with the obfuscated name. If the
messages are originating from an IP address assigned to foo.edu, it's a safe
bet that the obfuscated name stands for Foo University. :-)
I think you may want to create a threat model to enumerate the adversaries
that can discover and misuse personal information, and then see how to
design the protocol to address the attack opportunities presented in that
threat model.
> Of course there is an option of using a new VSA and keep it
> all internal to eduroam.
You could also do that.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>