[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: AD review of draft-ietf-radext-management-authorization-05.txt
On Thu, Sep 04, 2008 at 05:47:10PM -0400, David B. Nelson wrote:
> Integrity protection, as used here, is *not* the same as authentication, as
> used in SNMP. Integrity protection requires the sharing of cryptographic
> keys, but it does not require authenticated principals. Integrity
> protection could be used, for example, with anonymous Diffie-Hellman key
> agreement. In SNMP the proof of identity of the principals (authentication)
> is conflated with tamper-resistance of the protected messages (integrity).
> In this document we assume that integrity protection and authentication as
> separate concerns. Authentication is part of the base RADIUS protocol.
> In SNMP we have auth and noAuth, as well as priv and noPriv. There is no
> analog to auth or noAuth in this document. In the ISMS RADIUS Usage
> document, we specifically call that out. Perhaps it would improve that
> document to include the text above about separation of authentication from
This explanation perfectly makes sense and I am in favour of adding
Juergen Schoenwaelder Jacobs University Bremen gGmbH
Phone: +49 421 200 3587 Campus Ring 1, 28759 Bremen, Germany
Fax: +49 421 200 3103 <http://www.jacobs-university.de/>
to unsubscribe send a message to firstname.lastname@example.org with
the word 'unsubscribe' in a single line as the message text body.