Re: draft-ietf-radext-digest-auth-06

[Miguel Garcia <Miguel.An.Garcia@nokia.com>]

As far as I know version -06 is not available yet. The latest available 
version is -05, where the issue is still present.

Once we have seen version -06 or a preliminary version I can comment.

/Miguel

Nelson, David wrote:
> Does this resolve RADEXT Issue 138?
> 
> 
>>The latest version of the draft does no longer contain a link between
>>sips/https and
>>RADIUS. However, the Security Considerations section names refusing
>>sips/https request as one non-normative option to avoid the security
>>level mismatch of sips/https and unencrypted RADIUS:
>>
>>"To prevent RADIUS from representing the weak link, a RADIUS
>>client receiving an HTTP-style request via TLS or IPsec could use an
>>equally secure connection to the RADIUS server.  There are several
>>ways to achieve this, for example:
>>   o  the RADIUS client may reject HTTP-style requests received over
> 
> TLS
> 
>>      or IPsec
>>   o  the RADIUS client require that traffic be sent and received over
>>      IPsec.
>>RADIUS over IPsec, if used, MUST conform to the requirements
>>described in [RFC3579] section 4.2."
> 
> 

-- 
Miguel A. Garcia           tel:+358-50-4804586
sip:miguel.an.garcia@openlaboratory.net
Nokia Research Center      Helsinki, Finland


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>