[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Issue 100: Security Considerations (IEEE802 WG Last Call)

To: "Sanchez, Mauricio (PNB Roseville)" <mauricio.sanchez@hp.com>
Subject: Re: Issue 100: Security Considerations (IEEE802 WG Last Call)
From: "Alan DeKok" <aland@ox.org>
Date: Thu, 08 Sep 2005 18:14:50 -0400
Cc: radiusext@ops.ietf.org
In-reply-to: Your message of "Thu, 08 Sep 2005 14:30:28 PDT." <D6D515539AD08046B7E6A4C02E72623E031C7480@cacexc08.americas.cpqcorp.net>

"Sanchez, Mauricio (PNB Roseville)" <mauricio.sanchez@hp.com> wrote:
> One could say that the cat is out of the bag. Section 7 was taken mostly
> from existing RFCs, in particular RFC3580.  The specific sentence your
> issue relates to already exists verbatim in RFC3580 section 5.3.  My
> proposal is to change the last sentence in section 7 to:
> 
> "For IEEE 802.X environments, best practices outlined in [RFC3580]
> mandate the use of different RADIUS shared secrets for IEEE 802.1X
> authentication and PAP authentication."
> 
> An normative reference will also need to be added to RFC3580 in section
> 8.1.

  This change would address any concerns I have.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- Issue 100: Security Considerations (IEEE802 WG Last Call)
  - From: "Sanchez, Mauricio (PNB Roseville)" <mauricio.sanchez@hp.com>

Prev by Date: Issue 130: Diameter Compatibility (IEEE 802 Last call)
Next by Date: RE: Capabilities (was Re: AW: Review of draft-ietf-geopriv-radius-lo-04.txt )
Previous by thread: Issue 100: Security Considerations (IEEE802 WG Last Call)
Next by thread: Issue 100: Security Considerations (IEEE802 WG Last Call)
Index(es):
- Date
- Thread