[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Question about RFC 2752

To: <rap@ops.ietf.org>
Subject: Question about RFC 2752
From: "Hannes Tschofenig" <Hannes.Tschofenig@mchp.siemens.de>
Date: Fri, 29 Jun 2001 09:01:01 +0200
Delivery-date: Fri, 29 Jun 2001 00:02:27 -0700
Envelope-to: rap-data@psg.com
Reply-To: <Hannes.Tschofenig@mchp.siemens.de>

hi

a remark in RFC 2752 in section 4.2.1 notes: ‘The KDC is used to validate
the ticket and authentication the user sending RSVP message.’. this sounds
strange to me since the network element for which the ticket was requested
is able to decrypt the ticket and to authenticated the user and hence no kdc
involvement is required at this processing step.

an other statement which I think is somewhat misleading is given in section
6.3 of rfc 2752 in the context of user authentication at the router or the
PDP: ‘Send the Kerberos ticket to the KDC to obtain the session key. Using
the session key authenticate the user.’ if the service ticket is requested
by the user for the router or the pdp then no involvement of the kdc is
requried.

ciao
hannes

Prev by Date: Question to Kerberos/Multicast/RSVP
Next by Date: "Identity Representation for RSVP" question
Prev by thread: RE: "Identity Representation for RSVP" question
Next by thread: RE: Question about RFC 2752
Index(es):
- Date
- Thread