[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: digest-auth, nonce replay issue
firstname.lastname@example.org <mailto:email@example.com> supposedly scribbled:
>> Maybe not: I think that it is only necessary for the attacker to be
>> capable of eavesdropping on the conversation between the RADIUS
>> client & server & then masquerading as the client later, possibly by
>> replaying the Access-Request.
> RADIUS server and client must use IPSec in the relevant mode anyway,
Searching about in the draft, I can't find any place where the words "MUST" and "IPSec" appear in the same sentence. I do find several passages that assume that applications can know whether or not the application traffic is protected by IPSec, something that I was unaware was possible...
Hope this helps,
Why is it that most of the world's problems can't be solved by simply
listening to John Coltrane? -- Henry Gabriel
to unsubscribe send a message to firstname.lastname@example.org with
the word 'unsubscribe' in a single line as the message text body.