[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Issue 313: Security Exemption

To: <radiusext@ops.ietf.org>
Subject: RE: Issue 313: Security Exemption
From: "Dave Nelson" <d.b.nelson@comcast.net>
Date: Wed, 16 Sep 2009 08:13:54 -0400
In-reply-to: <BLU137-W317CBC2CFC89ABA7C4A55593EA0@phx.gbl>
References: <BLU137-W3162CE02DDDDC537CD199C93F00@phx.gbl> <4A9FC353.3050104@deployingradius.com> <0645DE9E1086422EB82EDC431CE08A5D@xpsuperdvd2> <4AA6BA94.9020209@deployingradius.com> <BLU137-W317CBC2CFC89ABA7C4A55593EA0@phx.gbl>

Bernard wrote...

> > If the RADIUS server has to parse it, then complex attributes are
> > allowed for authentication and security...
>
> I think the question is why the exemption should be so broad.  The
> security and authentication attributes described in Appendix B required
> computation.  That is the RADIUS server had to add code in order to
> compare the authentication result presented by the RADIUS client with the
> result it calculated based on its own data. 
>
> However, if the RADIUS server doesn't have to do any computation (e.g.
> if it is just sending security or authentication-related data to the
> RADIUS client), then there is no intrinsic reason why RADIUS server
> code needs to change.  In that case, why should the exemption apply?

I don't think I ever saw an answer to this on the list.  Could we close out
this discussion, and perhaps craft some revised text, before the next draft
version is submitted?


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- Issue 313: Security Exemption
  - From: Bernard Aboba <bernard_aboba@hotmail.com>

Prev by Date: [no subject]
Next by Date: RE: Issue 313: Security Exemption
Previous by thread: Issue 313: Security Exemption
Next by thread: RE: Issue 313: Security Exemption
Index(es):
- Date
- Thread