RE: Issue: draft-ietf-radext-digest-auth-06.txt Digest MD5-sess
"Avi Lior" <avi@bridgewatersystems.com> Thu, 05 January 2006 22:28 UTC
Envelope-to: radiusext-data@psg.com
Delivery-date: Thu, 05 Jan 2006 22:27:17 +0000
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Issue: draft-ietf-radext-digest-auth-06.txt Digest MD5-sess
Date: Thu, 05 Jan 2006 17:28:28 -0500
Message-ID: <E7CCE8A83907104ABEE91AC3AE3709A0022A35C5@exchange.bridgewatersys.com>
Thread-Topic: Issue: draft-ietf-radext-digest-auth-06.txt Digest MD5-sess
Thread-Index: AcYNaW7/kWo7XYi1SZC2JckdX3EqBwE3PxDg
From: Avi Lior <avi@bridgewatersystems.com>
To: Alan DeKok <aland@ox.org>, radiusext@ops.ietf.org
See inline: > -----Original Message----- > From: owner-radiusext@ops.ietf.org > [mailto:owner-radiusext@ops.ietf.org] On Behalf Of Alan DeKok > Sent: Friday, December 30, 2005 12:51 PM > To: radiusext@ops.ietf.org > Subject: Re: Issue: draft-ietf-radext-digest-auth-06.txt > Digest MD5-sess > > Henrik Nordstrom <henrik@henriknordstrom.net> wrote: > > I brought up this question mainly to ask if the Digest extension to > > Radius intentionally blocks session based Digest authentication > > (MD5-sess with offload of authentication of further requests within > > the same session), or if it is just an oversight thinking > that Digest > > is only per-reqest authentication. > > RADIUS *is* per-request authentication. Lets not get dogmatic here. At the RADIUS level perhaps this is true but certainly there are scenarios where once the NAS has received a positive repsonse, the NAS can continue to authenticate without relying on RADIUS. So one example is in Mobile IP. Once the HA has validated the Registration Request or Binding Update with RADIUS. It can continue to authentication subsequent bind request or Registration Request received from that user. This is only limited by a lifetime received from the AAA server. I can give you more examples if you want. -- to unsubscribe send a message to radiusext-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/radiusext/>
- Re: Issue: draft-ietf-radext-digest-auth-06.txt D… Alan DeKok
- Re: Issue: draft-ietf-radext-digest-auth-06.txt D… Henrik Nordstrom
- Re: Issue: draft-ietf-radext-digest-auth-06.txt D… Alan DeKok
- Re: Issue: draft-ietf-radext-digest-auth-06.txt D… Henrik Nordstrom
- Re: Issue: draft-ietf-radext-digest-auth-06.txt D… Henrik Nordstrom
- Re: Issue: draft-ietf-radext-digest-auth-06.txt D… Jo Hermans
- Re: Issue: draft-ietf-radext-digest-auth-06.txt D… Alan DeKok
- Issue: draft-ietf-radext-digest-auth-06.txt Diges… Bernard Aboba
- RE: Issue: draft-ietf-radext-digest-auth-06.txt D… Avi Lior