Re: [RADIUS FIXES] Authorize Only / RADIUS layering

["Alan DeKok" <aland@ox.org>]

"Nelson, David" <dnelson@enterasys.com> wrote:
> The specific practice that I'm suggesting is undesirable is the
> definition of new RADIUS attributes, and their basic semantic
> descriptions, in RFCs defining the applications, rather than in
> [companion] RADIUS extensions RFCs.  That does not mean that the I-Ds
> for such RADIUS extensions need to be work items for the RADEXT WG.

  That makes sense.

  To address Emile's view, let's take PEAP as an example.  The RADIUS
server gets these layers:

  ethernet
  IPv4
  UDP
  RADIUS
  EAP
  EAP-PEAP
  TLS'
  EAP'
  EAP-MSCHAPv2

  Those layers don't map 1-1 to the OSI 7 layer stack.  I think what
Emile is saying is is that if you pick a layer, everything "below" you
is transport, and everything "above" you is application.

  Alan DeKok.


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>