FW: Comments on draft-carroll-dynmobileip-cdma-04.txt

["Glen Zorn \(gwz\)" <gwz@cisco.com>]

Adding the authors and other interested parties...

>> In addition, I couldn't find any reference to message integrity
>> protection.  Did I just miss it?
> 
> The document does not contain an attribute table listing what
> attributes are sent in which messages, so it's hard to tell what
> attributes are required/permitted/disallowed in which messages.
But
> "Message-Authenticator" is not mentioned anywhere in the document,
> which seems to imply that Message-Authenticator it is not required
to
> be present in Access-Request messages.     
> 
> Also, Section 7.9 seems to specify that RADIUS messages are
> encrypted, but not  how: 
> 
> 7.9 Network Message Security
> 
>    The security of the MN-HA keys delivered from the RADIUS AAA
server
>    to the MIP home agent requires confidentiality for network
messages
>    containing such keys.  The specification of security
requirements
>    for network messages is the responsibility of the operator, and
is
>    outside the scope of this document. (Note that similar
>    considerations apply to the distribution of Shared Secret Data,
>    which is already transmitted between nodes in the ANSI-41
network.)

Hope this helps,

~gwz

Why is it that most of the world's problems can't be solved by
simply
  listening to John Coltrane? -- Henry Gabriel

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>