#28: Missing Security Consideration - AAA protection of the MSK
Changes (by ietf@…):
* status: closed => reopened
* resolution: fixed =>
Comment:
You did in fact make the general change that was requested, however I
think this needs to be an extremely explicit statement on the lack of
protection.
Currently text in -01 requires that the reader knit this together from
Client <-> RP
no security until the MSK is sent from the IdP
RP <-> IdP
Everything is point to point.
I thin that in the RP <-> IdP the text should include
Since all of the security is provided on a Point-to-Point bases, and the
RP cannot know if the message is seen by a AAA proxy, there is always a
possibility that a AAA proxy can break the security.
--
--------------------+--------------------------------------
Reporter: ietf@… | Owner: draft-ietf-abfab-arch@…
Type: defect | Status: reopened
Priority: major | Milestone:
Component: arch | Version:
Severity: - | Resolution:
Keywords: |
--------------------+--------------------------------------
Ticket URL: <http://trac.tools.ietf.org/wg/abfab/trac/ticket/28#comment:2>
abfab <http://tools.ietf.org/abfab/>
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
