Re: [secdir] Review of draft-ietf-isms-radius-usage-05
Sam Hartman <hartmans-ietf@mit.edu> Wed, 06 May 2009 16:06 UTC
Return-Path: <hartmans@mit.edu>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C86083A6C54; Wed, 6 May 2009 09:06:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.278
X-Spam-Level:
X-Spam-Status: No, score=-2.278 tagged_above=-999 required=5 tests=[AWL=-0.013, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fvT-gRv1DpQG; Wed, 6 May 2009 09:06:38 -0700 (PDT)
Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) by core3.amsl.com (Postfix) with ESMTP id E4A723A69B9; Wed, 6 May 2009 09:05:26 -0700 (PDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 4F9224160; Wed, 6 May 2009 12:06:50 -0400 (EDT)
To: Dave Nelson <d.b.nelson@comcast.net>
References: <20090505171306.8D40E50822@romeo.rtfm.com> <28137ED4FBEF49BBB99BCFF561806165@NEWTON603>
From: Sam Hartman <hartmans-ietf@mit.edu>
Date: Wed, 06 May 2009 12:06:50 -0400
In-Reply-To: <28137ED4FBEF49BBB99BCFF561806165@NEWTON603> (Dave Nelson's message of "Tue\, 5 May 2009 23\:44\:50 -0400")
Message-ID: <tsliqketdut.fsf@mit.edu>
User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: iesg@ietf.org, draft-ietf-isms-radius-usage@tools.ietf.org, isms-chairs@tools.ietf.org, secdir@ietf.org
Subject: Re: [secdir] Review of draft-ietf-isms-radius-usage-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 May 2009 16:06:44 -0000
>>>>> "Dave" == Dave Nelson <d.b.nelson@comcast.net> writes: >> - If the user is authenticating with SSH pubkey auth, who >> checks that? Dave> The SSH server, i.e. the NAS. SSH is used to create a Dave> protected transport session (a tunnel, if you will) and the Dave> RADIUS credentials are obtained from the SSH server Dave> implementation in the NAS and used by the RADIUS client in Dave> the NAS to authenticate the user with the RADIUS server. Of Dave> course, it has to be an authentication method that RADIUS Dave> supports, and SSH public key is not one of those. I'm sorry, but I didn't understand this answer at all. It seems like you're both saying "you can't do that with RADIUS (what I thought the answer was)," and "the ssh server." I don't understand how to reconcile those.
- [secdir] Review of draft-ietf-isms-radius-usage-05 Eric Rescorla
- Re: [secdir] Review of draft-ietf-isms-radius-usa… Dave Nelson
- Re: [secdir] Review of draft-ietf-isms-radius-usa… Eric Rescorla
- Re: [secdir] Review of draft-ietf-isms-radius-usa… Juergen Schoenwaelder
- Re: [secdir] Review of draft-ietf-isms-radius-usa… Dave Nelson
- Re: [secdir] Review of draft-ietf-isms-radius-usa… Sam Hartman
- Re: [secdir] Review of draft-ietf-isms-radius-usa… Dave Nelson