[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Review of draft-zorn-radius-keywrap-07.txt

To: "Radius Ext Mailing List" <radiusext@ops.ietf.org>
Subject: RE: Review of draft-zorn-radius-keywrap-07.txt
From: "Pat Calhoun \(pacalhou\)" <pcalhoun@cisco.com>
Date: Tue, 30 Aug 2005 15:28:20 -0700

>> >> In speaking with Russ Housely on the key-wrap issues, Russ
indicated
>> >> that it would need to be on an end-to-end basis.
>> 
>> Except that that's not how RADIUS works...
>
>Right.  RADIUS security is between a RADIUS client and server.  There
are 
>no other entities involved. 

Correct. Further, while proxies exist in the RADIUS world, and are
mentioned in various drafts, clearly fixing how proxies should work,
from transport to security, is a much bigger work item, and one that I
would caution the WG to embark on. I believe that for customers that
have interest in secure, reliable proxies, then the work in AAA should
be used instead.

I'd like to thank Bernard on his excellent review and comments. I am
encouraged to see that he is positive on the work in progress - this is
goodness to the Internet Community, who really needs a more secure key
delivery mechanism in RADIUS, while minimizing impact on backward
compatibility.

Pat Calhoun
CTO, Wireless Networking Business Unit
Cisco Systems

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: Review of DIGEST-04 document
Next by Date: RE: Review of DIGEST-04 document
Previous by thread: RE: Review of draft-zorn-radius-keywrap-07.txt
Next by thread: Issue 123/124 Radius Digest requirement to clients
Index(es):
- Date
- Thread