[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: Issue 79; digest-auth realm validation

To: Miguel.An.Garcia@nokia.com
Subject: AW: Issue 79; digest-auth realm validation
From: "Beck01, Wolfgang" <BeckW@t-systems.com>
Date: Mon, 4 Apr 2005 13:50:52 +0200
Cc: aboba@internaut.com, jsalowey@cisco.com, radiusext@ops.ietf.org

Miguel wrote:
> I have a question:
> 
> What is the intention of this text:
> 
>     "The RADIUS server considers this client as
>     compromised. "
> 
> What is this consideration? Is it that the RADIUS server marks 
> "something" as "not being able to use the HTTP or SIP service 
> any longer"?
"something" -- the RADIUS client that sent a Digest-Realm with a
realm it is not allowed to speak for.
Joe's reasoning was that this can be a sign of compromised
RADIUS client. If a RADIUS client is compromised, it's better
not to process any requests from it until the situation has
been resolved.

So your proposal would be just to drop the reject the request
with the offending Digest-Realm attribute?

Wolfgang

--
T-Systems
Next Generation IP Services and Systems
+49 6151 937 2863
Am Kavalleriesand 3
64295 Darmstadt
Germany 

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: AW: Issue 79; digest-auth realm validation
  - From: Miguel Garcia <Miguel.An.Garcia@nokia.com>

Prev by Date: Re: Issue 79; digest-auth realm validation
Next by Date: Re: AW: Issue 79; digest-auth realm validation
Previous by thread: AW: Issue 79; digest-auth realm validation
Next by thread: Re: AW: Issue 79; digest-auth realm validation
Index(es):
- Date
- Thread