[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "Last Look" at the RADIUS Design Guidelines document

To: radiusext@ops.ietf.org
Subject: Re: "Last Look" at the RADIUS Design Guidelines document
From: "David B. Nelson" <dnelson@elbrysnetworks.com>
Date: Thu, 7 Jan 2010 17:19:12 -0500
In-reply-to: <AC1CFD94F59A264488DC2BEC3E890DE50963D7FA@xmb-sjc-225.amer.cisco.com>
References: <BLU137-DS775603F234B606AC3D29393930@phx.gbl>,<AC1CFD94F59A264488DC2BEC3E890DE50951354E@xmb-sjc-225.amer.cisco.com> <BLU137-W318201CA1E992ADB3D165D93820@phx.gbl> <4B2F2F78.5080209@deployingradius.com> <AC1CFD94F59A264488DC2BEC3E890DE50963D7FA@xmb-sjc-225.amer.cisco.com>

On Jan 7, 2010, at 4:54 PM, Joseph Salowey (jsalowey) wrote:

[Joe] Regardless of whether it changes the basic processing model of
RADIUS or not, the processing of "string" attribtues has the same
security implications of complex attributes.

That presumes that "string" attributes should be processed. If thethe only operations performed on strings are to compare them for matchwith other strings, they're not much risk. It's when you assume thatstrings are more than simply names in some namespace that you can getinto trouble.






--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- RE: "Last Look" at the RADIUS Design Guidelines document
  - From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>

Prev by Date: RE: "Last Look" at the RADIUS Design Guidelines document
Next by Date: Re: "Last Look" at the RADIUS Design Guidelines document
Previous by thread: RE: "Last Look" at the RADIUS Design Guidelines document
Next by thread: Re: "Last Look" at the RADIUS Design Guidelines document
Index(es):
- Date
- Thread