[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last call on draft-chiba-radius-dynamic-authorization-07.txt

To: <iesg@ietf.org>
Subject: Re: Last call on draft-chiba-radius-dynamic-authorization-07.txt
From: "Tim Moore" <timmoore@exchange.microsoft.com>
Date: Tue, 11 Mar 2003 10:35:21 -0800

I have a couple of comments on
draft-chiba-radius-dynamic-authorization-07.txt that may affect
security. I would recommend the following:

a.	The draft is unclear about whether all state should be removed.
Conceivably the way it is written now, keys could be left on the NAS and
reactivated later, but I think you want to preclude this. 

b.	You want to add Acct-Multi-Session-Id as an allowable identifier
(and an error message relating to it, if it is not present). It is
conceivable that the Acct-Session-Id can change rapidly in some
environments, but the Acct-Multi-Session-Id is more stable so it may be
a better identifier in some circumstances. 

 
Thanks Tim

Prev by Date: Re: address directorate ping
Next by Date: Re: address directorate ping
Previous by thread: The solution to our funding issues?
Next by thread: Worry item, and sunday agenda: Directorates?
Index(es):
- Date
- Thread