Re: Comments on draft-carroll-dynmobileip-cdma-04.txt

[Bernard Aboba <aboba@internaut.com>]

> In addition, I couldn't find any reference to message integrity
> protection.  Did I just miss it?

The document does not contain an attribute table listing what attributes
are sent in which messages, so it's hard to tell what attributes are
required/permitted/disallowed in which messages.  But
"Message-Authenticator" is not mentioned anywhere in the document,
which seems to imply that Message-Authenticator it is not required to be
present in Access-Request messages.

Also, Section 7.9 seems to specify that RADIUS messages are encrypted, but
not  how:

7.9 Network Message Security

   The security of the MN-HA keys delivered from the RADIUS AAA server
   to the MIP home agent requires confidentiality for network messages
   containing such keys.  The specification of security requirements for
   network messages is the responsibility of the operator, and is
   outside the scope of this document. (Note that similar considerations
   apply to the distribution of Shared Secret Data, which is already
   transmitted between nodes in the ANSI-41 network.)

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>