[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: FW: Review of draft-ietf-radext-status-server
>
>> The overloading of Access-Accept and Accounting-Response for
>> this purpose (response to a Server-Status command) is a bit
>> disconcerting and quite dangerous since it opens the door
>> for potentially bogus authentication.
>
> I'm not sure why. The response packets are signed with the Request
>Authenticator of the request. i.e. the client *knows* that the
>Access-Accept is in response to a Status-Server. So it has no "user
>session" to authenticate.
That assumes that the client was the one actually sending
the Status-Server. It could have been an attacker.
A client has very little to use to validate an incoming Access-Request
that was generated as a response to an Status-Server.
IOW, a server responding to a Status-Server sent to its auth port
may unintentionally authenticate a bogus session.
That's why I say that using Access-Accept as a response to
anything other than an Access-* is dangerous.
Cheers,
-Ignacio
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>