[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [eap] RE: [Isms] RADIUS is not a trusted third party

To: Martin Soukup <msoukup@nortel.com>
Subject: RE: [eap] RE: [Isms] RADIUS is not a trusted third party
From: Bernard Aboba <aboba@internaut.com>
Date: Mon, 25 Apr 2005 09:00:18 -0700 (PDT)
Cc: "'Thierry Moreau'" <thierry.moreau@connotech.com>, radiusext@ops.ietf.org, isms@ietf.org, eap@frascone.com
In-reply-to: <0BDFFF51DC89434FA33F8B37FCE363D5030B9BBA@zcarhxm2.corp.nortel.com>
References: <0BDFFF51DC89434FA33F8B37FCE363D5030B9BBA@zcarhxm2.corp.nortel.com>

> The use of RADIUS itself without a defined extension such as EAP-TLS or
> EAP-PEAP over RADIUS cannot securely pass attributes between entities. Note
> that the defined EAP-TLS (or other EAP mechanisms) over RADIUS provides for
> secure attribute passing between entities even through proxies.

EAP does not affect how RADIUS attributes are passed, nor does it enable
the passing of RADIUS attributes between the EAP peer and server.  So as
far as RADIUS attributes are concerned, what EAP method is used, or
whether EAP is used does not affect RADIUS security, except that an
EAP-Message attribute is included in the messages.

Also, EAP-TLS does not permit passing of TLVs between the peer and server;
this is only allowed in tunneled mechanisms such as EAP-TTLS and PEAP.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: Re: Issue: 2486bis internationalization and ! syntax
Next by Date: Re: Implementation Survey: How does your EAP peer/RADIUS proxy handle internationalization?
Previous by thread: RE: [eap] RE: [Isms] RADIUS is not a trusted third party
Next by thread: RE: [eap] RE: [Isms] RADIUS is not a trusted third party
Index(es):
- Date
- Thread