[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AW: AW: AW: Digest Authentication: Security issue with https/sips

To: "Beck01, Wolfgang" <BeckW@t-systems.com>
Subject: Re: AW: AW: AW: Digest Authentication: Security issue with https/sips
From: Bernard Aboba <aboba@internaut.com>
Date: Fri, 23 Sep 2005 06:11:51 -0700 (PDT)
Cc: Miguel.An.Garcia@nokia.com, radiusext@ops.ietf.org
In-reply-to: <97A461F3EE5284469E41ED3728202F41121EB8@S4DE9JSAAMW.ost.t-com.de>
References: <97A461F3EE5284469E41ED3728202F41121EB8@S4DE9JSAAMW.ost.t-com.de>

> Consider the following proposal (section RADIUS client behaviour):
> "If the scheme in the digest-uri directive indicates a secure HTTP-style
> connection (eg sips, https) and the RADIUS client does not have a secure
> connection to its RADIUS server, it MUST act as if it had received an
> Access-Reject."
> 
> Less comprehensible, but no normative statement for SIP or HTTP.

How can the RADIUS client act like it received an Access-Reject before 
even sending an Access-Request?

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: AW: AW: AW: Digest Authentication: Security issue with https/sips
  - From: Miguel Garcia <Miguel.An.Garcia@nokia.com>

References:
- AW: AW: AW: Digest Authentication: Security issue with https/sips
  - From: "Beck01, Wolfgang" <BeckW@t-systems.com>

Prev by Date: Re: AW: AW: AW: Digest Authentication: Security issue with https/sips
Next by Date: Re: AW: AW: AW: Digest Authentication: Security issue with https/sips
Previous by thread: Re: AW: AW: AW: Digest Authentication: Security issue with https/sips
Next by thread: Re: AW: AW: AW: Digest Authentication: Security issue with https/sips
Index(es):
- Date
- Thread