than Hiroshima.
Alan DeKok.
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
in previous RFCs.
Alan DeKok.
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
Glen Zorn wrote:
Alan DeKok wrote:
... It would have been preferable ...
To which I reply:
So it seems that what you _really_ meant was ... well, screw 'em.
I think there is a miscommunication here.
Alan DeKok.
___
Ietf mailing list
Ietf
attributes are not security related. They either follow the RADIUS data
model (int, IP address, etc.), or they are opaque data that RADIUS is
simply transporting on the behalf of the other protocol.
Alan DeKok.
___
Ietf mailing list
Ietf@ietf.org
https
interest. Maybe it should be a cisco VSA?
If it's documented, sure.
Alan DeKok.
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
the suggestion to use MS-MPPE-Send-Key into a
mandatory requirement, and making it part of the specification.
Alan DeKok.
[1] http://tools.ietf.org/html/draft-ietf-radext-design-07
[2] http://tools.ietf.org/html/draft-ietf-radext-extended-attributes-08
Call...
The guidelines document has seen multiple last calls, with last-minute
comments at each one.
Alan DeKok.
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
/session, so that
those keys can no longer be used to obtain network access.
Alan DeKok.
___
Ietf mailing list
Ietf@ietf.org
http://www.ietf.org/mailman/listinfo/ietf
was that as it stands, it's unclear as to what that text
means. Perhaps the EMSK document could define parameterized functions
to calculate S. This document could then reference those functions.
Alan DeKok.
___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org
, to avoid requiring people to read another
document to discover how to calculate 'S'.
Alan DeKok.
___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
On page 22, the second bullet point has a type, roaming is spell
roamig, without the 'n'.
Alan DeKok.
___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
network traffic. Current
RADIUS deployments *already* do ad-hoc posture assessment, there are a
number of startups implementing this today.
I don't see how NEA is such a big philosophical change from existing
RADIUS practices.
Alan DeKok.
--
http://deployingradius.com - The web site
in NEA is the desire to do *more* than what the current
access protocols have to offer. Even if NEA was to leverage existing
protocols to their fullest extent, we would *still* need a
standardized way to exchange the data needed to implement the more
part of NEA.
Alan DeKok.
--
http
, authentication
servers, administrators, etc. have all been around for years. The NEA
names are new, because people are starting to realize that there are
classes of behavior that cannot be adequately described using the
existing names.
Alan DeKok.
--
http://deployingradius.com - The web site
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
-
sensitive compliance certificates offering just the five points listed.
Pretty much, yes. With the addition of a protocol to carry that
information from the end point to elsewhere in the network.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http
hosts in the
network.
No one can prevent a determined attacker from getting in. But by
providing fewer hosts for him to attack, the attacks become less
feasibly, and more visible.
Alan DeKok.
___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org
proposal has an incompatible
interpretation of SPF records, then that belief should be relevant to
the discussion. Otherwise, any large company can DoS the IETF by
publishing incompatible interpretations and/or implementations of
proposals they don't like.
Alan DeKok
18 matches
Mail list logo