[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: RADIUS Attribute Hiding and radext-digest-auth

To: radiusext@ops.ietf.org
Subject: RE: RADIUS Attribute Hiding and radext-digest-auth
From: Bernard Aboba <aboba@internaut.com>
Date: Fri, 7 Jan 2005 09:46:35 -0800 (PST)
In-reply-to: <F17FB067A86B2D488382C923C532EAA7024A4EC9@exch01.bridgewatersys.com>
References: <F17FB067A86B2D488382C923C532EAA7024A4EC9@exch01.bridgewatersys.com>

> When authorizing sips or https connections, at least RADIUS
> attributes revealing the identity must be encrypted. In
> radext-digest-auth this applies to the following attributes:
>  - User-Name
>  - Digest-Username
>  - Digest-URI
>  - SIP-AOR [not yet in the draft]
>  Digest-HA1 would profit from encryption, too.

I think we need a threat model.

It is one thing to require that Tunnel-Password be a hidden attribute
in order to avoid exposing a cleartext secret on the wire.  It is
another thing to require privacy for existing attributes such as
User-Name.

If exposing a given attribute would create a security vulnerability, then
we can hide the attribute.  However, if we are just talking about privacy
of existing attributes, that is a situation where IPsec makes more sense.

Can you summarize the reasons that each of the above attributes need to be
encrypted?

I would like to get to the bottom of this.


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- RE: RADIUS Attribute Hiding and radext-digest-auth
  - From: Avi Lior <avi@bridgewatersystems.com>

Prev by Date: RE: RADIUS Attribute Hiding and radext-digest-auth
Next by Date: Issue 52: Review of CUI-01
Previous by thread: RE: RADIUS Attribute Hiding and radext-digest-auth
Next by thread: Re: RADIUS Attribute Hiding and radext-digest-auth
Index(es):
- Date
- Thread