[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-chiba-radius-dynamic-authorization

To: Bernard Aboba <aboba@internaut.com>
Subject: Re: draft-chiba-radius-dynamic-authorization
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Wed, 16 Apr 2003 14:43:51 -0400
Cc: iesg@ietf.org, randy@psg.com
In-reply-to: Your message of "Wed, 16 Apr 2003 11:02:15 PDT." <Pine.LNX.4.44.0304161100400.6979-100000@internaut.com>

In message <Pine.LNX.4.44.0304161100400.6979-100000@internaut.com>, Bernard Abo
ba writes:
>Good catch. The figures are mislabeled. I'd suggest that Event-Timestamp
>needs to be included in all messages and checked by both the NAS and
>RADIUS server. In addition, both NAS and RADIUS server SHOULD be
>configurable to reject messages without the Event-Timestamp option. Make
>sense?

I'm certainly happier with mandating Event-Timestamp.

>
>I'll make the requested changes (and address Russ's comments too) within
>-16.
>
>On Wed, 16 Apr 2003, Steve Bellovin wrote:
>
>> The text speaks of RADIUS servers; the figures (i.e., in 2.1) speak of
>> clients.
>>
>> 5.4 -- Servers (shouldn't that be NASs?) SHOULD be configurable to reject
>> messages without the Event-Timestamp option.
>>
>> 		--Steve Bellovin, http://www.research.att.com/~smb (me)
>> 		http://www.wilyhacker.com (2nd edition of "Firewalls" book)
>>
>>
>>
>>
>


		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com (2nd edition of "Firewalls" book)

Follow-Ups:
- Re: draft-chiba-radius-dynamic-authorization
  - From: Bernard Aboba <aboba@internaut.com>

References:
- Re: draft-chiba-radius-dynamic-authorization
  - From: Bernard Aboba <aboba@internaut.com>

Prev by Date: Re: draft-ietf-msdp-spec
Next by Date: draft-ietf-msdp-spec
Previous by thread: Re: draft-chiba-radius-dynamic-authorization
Next by thread: Re: draft-chiba-radius-dynamic-authorization
Index(es):
- Date
- Thread