[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-chiba-radius-dynamic-authorization

To: Steve Bellovin <smb@research.att.com>
Subject: Re: draft-chiba-radius-dynamic-authorization
From: Bernard Aboba <aboba@internaut.com>
Date: Wed, 16 Apr 2003 11:02:15 -0700 (PDT)
Cc: iesg@ietf.org, <randy@psg.com>
In-reply-to: <20030416173041.2D1F27B4D@berkshire.research.att.com>

Good catch. The figures are mislabeled. I'd suggest that Event-Timestamp
needs to be included in all messages and checked by both the NAS and
RADIUS server. In addition, both NAS and RADIUS server SHOULD be
configurable to reject messages without the Event-Timestamp option. Make
sense?

I'll make the requested changes (and address Russ's comments too) within
-16.

On Wed, 16 Apr 2003, Steve Bellovin wrote:

> The text speaks of RADIUS servers; the figures (i.e., in 2.1) speak of
> clients.
>
> 5.4 -- Servers (shouldn't that be NASs?) SHOULD be configurable to reject
> messages without the Event-Timestamp option.
>
> 		--Steve Bellovin, http://www.research.att.com/~smb (me)
> 		http://www.wilyhacker.com (2nd edition of "Firewalls" book)
>
>
>
>

Follow-Ups:
- Re: draft-chiba-radius-dynamic-authorization
  - From: "Steven M. Bellovin" <smb@research.att.com>

References:
- draft-chiba-radius-dynamic-authorization
  - From: Steve Bellovin <smb@research.att.com>

Prev by Date: Re: draft-chiba-radius-dynamic-authorization
Next by Date: draft-sun-handle-system
Previous by thread: draft-chiba-radius-dynamic-authorization
Next by thread: Re: draft-chiba-radius-dynamic-authorization
Index(es):
- Date
- Thread