[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Last call on draft-chiba-radius-dynamic-authorization-07.txt
I have a couple of comments on
draft-chiba-radius-dynamic-authorization-07.txt that may affect
security. I would recommend the following:
a. The draft is unclear about whether all state should be removed.
Conceivably the way it is written now, keys could be left on the NAS and
reactivated later, but I think you want to preclude this.
b. You want to add Acct-Multi-Session-Id as an allowable identifier
(and an error message relating to it, if it is not present). It is
conceivable that the Acct-Session-Id can change rapidly in some
environments, but the Acct-Multi-Session-Id is more stable so it may be
a better identifier in some circumstances.
Thanks Tim