[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [radext] RDTLS #67 (new): RADIUS vs RDTLS disambiguation (TLS Alert)

To: radiusext@ops.ietf.org
Subject: Re: [radext] RDTLS #67 (new): RADIUS vs RDTLS disambiguation (TLS Alert)
From: Alan DeKok <aland@deployingradius.com>
Date: Wed, 23 Feb 2011 15:23:15 +0100
Cc: peterd@iea-software.com
In-reply-to: <064.58be969279a7a702baa53f302f5c4a8b@tools.ietf.org>
References: <064.58be969279a7a702baa53f302f5c4a8b@tools.ietf.org>
User-agent: Thunderbird 2.0.0.24 (Macintosh/20100228)

radext issue tracker wrote:
>  Until the TLS session is fully established you must be able to accept
>  normal RADIUS packets in the case where client_supports_rdtls is false or
>  someone can spoof a request with the intent to prematurely lock in the use
>  of DTLS.

  Hmm... that's true.

>  In terms of the text this draft should also burn the alert ctype (21) as
>  it may be sent by the client as part of its peer validation before the
>  session is established.

  I'll look into ways to avoid doing that.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- [radext] RDTLS #67 (new): RADIUS vs RDTLS disambiguation (TLS Alert)
  - From: "radext issue tracker" <trac@tools.ietf.org>

Prev by Date: Re: [radext] RDTLS #65 (new): Multiple dtls sessions in a tuple?
Next by Date: Re: [radext] RDTLS #65 (new): Multiple dtls sessions in a tuple?
Previous by thread: Re: [radext] RDTLS #67 (new): RADIUS vs RDTLS disambiguation (TLS Alert)
Index(es):
- Date
- Thread