[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Question about RFC 2752

To: "'Hannes.Tschofenig@mchp.siemens.de'" <Hannes.Tschofenig@mchp.siemens.de>, rap@ops.ietf.org
Subject: RE: Question about RFC 2752
From: "Hess, Rodney" <rodney.hess@intel.com>
Date: Wed, 18 Jul 2001 12:57:44 -0700

Hey, Hannes,

You are correct on both points.  RFC 2752 is in error, as are the equivalent
paragraphs in <draft-ietf-rap-rsvp-better-identity-00.txt> (which updates
RFC 2752).  This will be fixed in the next draft.  Thanks for pointing this
out.

Rodney Hess
rodney.hess@intel.com


-----Original Message-----
From: Hannes Tschofenig [mailto:Hannes.Tschofenig@mchp.siemens.de]
Sent: Friday, June 29, 2001 3:01 AM
To: rap@ops.ietf.org
Subject: Question about RFC 2752


hi

a remark in RFC 2752 in section 4.2.1 notes: 'The KDC is used to validate
the ticket and authentication the user sending RSVP message.'. this sounds
strange to me since the network element for which the ticket was requested
is able to decrypt the ticket and to authenticated the user and hence no kdc
involvement is required at this processing step.

an other statement which I think is somewhat misleading is given in section
6.3 of rfc 2752 in the context of user authentication at the router or the
PDP: 'Send the Kerberos ticket to the KDC to obtain the session key. Using
the session key authenticate the user.' if the service ticket is requested
by the user for the router or the pdp then no involvement of the kdc is
requried.

ciao
hannes

Prev by Date: RE: "Identity Representation for RSVP" question
Next by Date: FW: I-D ACTION:draft-hegde-mpls-setup-pib-00.txt
Prev by thread: Question about RFC 2752
Next by thread: Question to Kerberos/Multicast/RSVP
Index(es):
- Date
- Thread