IETF Logo Mail Archive

Re: [radext] Review of draft-winter-radext-populating-eapidentity-01

Bernard Aboba <bernard_aboba@hotmail.com> Fri, 24 July 2015 11:20 UTC

Return-Path: <bernard_aboba@hotmail.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F36A31A910E for <radext@ietfa.amsl.com>; Fri, 24 Jul 2015 04:20:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.61
X-Spam-Level:
X-Spam-Status: No, score=-2.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LPHbOlbC7s0O for <radext@ietfa.amsl.com>; Fri, 24 Jul 2015 04:20:55 -0700 (PDT)
Received: from BLU004-OMC1S36.hotmail.com (blu004-omc1s36.hotmail.com [65.55.116.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54AD01A8BB3 for <radext@ietf.org>; Fri, 24 Jul 2015 04:20:55 -0700 (PDT)
Received: from BLU406-EAS149 ([65.55.116.9]) by BLU004-OMC1S36.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008); Fri, 24 Jul 2015 04:20:54 -0700
X-TMN: [GEmTS8/F93/opoa4CBdrhgpx81DOWVXi]
X-Originating-Email: [bernard_aboba@hotmail.com]
Message-ID: <BLU406-EAS149CFB080AF0F5828BA114D93810@phx.gbl>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
From: Bernard Aboba <bernard_aboba@hotmail.com>
MIME-Version: 1.0 (1.0)
Date: Fri, 24 Jul 2015 13:20:53 +0200
References: <11856_1427820628_551AD054_11856_4576_1_6B7134B31289DC4FAF731D844122B36EEF6888@PEXCVZYM13.corporate.adroot.infra.ftgroup> <tsllhid84gm.fsf@mit.edu> <BLU181-W6B49664DD504DDAF5CC9F93F40@phx.gbl> <30317_1427824394_551ADF0A_30317_14370_1_6B7134B31289DC4FAF731D844122B36EEF74CD@PEXCVZYM13.corporate.adroot.infra.ftgroup> <BLU181-W86B005505E6468F75180593F40@phx.gbl> <tsl4mp182ku.fsf@mit.edu> <BA6CBD09-148F-4F8C-9B81-8A4A88B64287@deployingradius.com> <BLU406-EAS343D630A63D85F897C0EC8793F40@phx.gbl> <14078_1427880628_551BBAB4_14078_5155_1_6B7134B31289DC4FAF731D844122B36EF0B91F@PEXCVZYM13.corporate.adroot.infra.ftgroup> <190D3355-0BB7-48D5-BEA2-55773E9BD785@deployingradius.com> <24001_1437383629_55ACBBCD_24001_3716_1_6B7134B31289DC4FAF731D844122B36E01CC9ED3@OPEXCLILM43.corporate.adroot.infra.ftgroup> <BLU181-W94C6FC52C2E3CD666F631A93850@phx.gbl> <55AE9EDF.9000105@restena.lu> <BLU406-EAS346AF21C878460C2F9BC0F93840@phx.gbl> <tsl615czgxp.fsf@mit.edu> <DCD31EEF-6AA0-431F-9F6E-0F6348C1D0C5@deployingradius.com>
To: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <DCD31EEF-6AA0-431F-9F6E-0F6348C1D0C5@deployingradius.com>
X-OriginalArrivalTime: 24 Jul 2015 11:20:54.0068 (UTC) FILETIME=[CDEA8F40:01D0C602]
Archived-At: <http://mailarchive.ietf.org/arch/msg/radext/7-3u6CglntJQnDZuXPjaCffIE74>
Cc: Sam Hartman <hartmans@painless-security.com>, "radext@ietf.org" <radext@ietf.org>, Winter Stefan <stefan.winter@restena.lu>
Subject: Re: [radext] Review of draft-winter-radext-populating-eapidentity-01
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jul 2015 11:20:57 -0000

On Jul 24, 2015, at 12:51, Alan DeKok <aland@deployingradius.com> wrote:
> 
>  What does it mean when the inner identity is "user@example.com", and the method identity is "CORP/bob"  ?  Who is being authenticated here?

[BA] It means that the example.com RADIUS server is being asked to authenticate user bob in the CORP domain. In practice, this typically means that CORP is within the example.com Forrest (e.g. Corp.example.com), otherwise the authentication would not succeed.

v2.23.0 | Report a Bug | By Email