[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Review of draft-lior-radius-bandwidth-capability-00.txt

To: Alan DeKok <aland@ox.org>
Subject: Re: Review of draft-lior-radius-bandwidth-capability-00.txt
From: Bernard Aboba <aboba@internaut.com>
Date: Fri, 15 Apr 2005 10:45:44 -0700 (PDT)
Cc: radiusext@ops.ietf.org
In-reply-to: <20050415163732.D1F3D16CC4@mail.nitros9.org>
References: <20050415163732.D1F3D16CC4@mail.nitros9.org>

>   I'm not opposed to 64-bit attributes, but introducing them is a
> major change to RADIUS.

64-bit attributes are already supported in existing RADIUS RFCs such as
RFC 3162.

> Not all platforms support 64-bit operations,
> making *full* implementation of 64-bit attributes problematic.

I don't think you need a 64-bit processor to handle a 64-bit RADIUS
attribute.

>   My preference for the "issues & fixes" draft is to STRONGLY suggest
> that all new implementations always add Message-Authenticator to the
> packet.  This avoids a number of attack vectors.

I think this makes sense.  We should add this to "issues and fixes"
It will be trickier for RADIUS servers to require Message-Authenticator
for legacy applications, of course.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: Review of draft-lior-radius-bandwidth-capability-00.txt
  - From: "Alan DeKok" <aland@ox.org>

References:
- Re: Review of draft-lior-radius-bandwidth-capability-00.txt
  - From: "Alan DeKok" <aland@ox.org>

Prev by Date: Re: Review of draft-lior-radius-bandwidth-capability-00.txt
Next by Date: Re: Review of draft-lior-radius-bandwidth-capability-00.txt
Previous by thread: Re: Review of draft-lior-radius-bandwidth-capability-00.txt
Next by thread: Re: Review of draft-lior-radius-bandwidth-capability-00.txt
Index(es):
- Date
- Thread