On 12/17/2013 07:33 PM, Sam Hartman wrote: > Couple of points. > > Note that the MSK is encrypted even if you don't use RADIUS over TLS. > The encryption is questionable (md5 as a stream cipher) but might > randomly happen to be good enough for encrypting a randomly chosen key. > for myself I'll choose to deploy with TLS rather than trusting that:-)
Yep. > I don't mind removing the trust router references, but I also don't > think it is problematic to leave them in. This document points out > there are multiple ways of solving the trust router solves. I think > it's fine to note that people are working on the trust router, one > specific manifestation of the trust broker approach for managing the > connection between RP and IDP. Other approaches are discussed besides > the trust broker deployment pattern. > So, I don't think there's a dependency creater or implied. > On the other hand, I don't mind removing the reference either. Fair enough. So long as its sorta consistent and doesn't over promise it'll be fine. S. > > _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
