Yes, this looks good.
> Date: Wed, 26 Aug 2009 22:36:42 -0400
> Subject: Re: draft-zorn-radius-pkmv1-05.txt
> From: d3e...@gmail.com
> To: g...@net-zen.net
> CC: bernard_ab...@hotmail.com; ietf@ietf.org; sec...@ietf.org
>
> Looks OK to me,
> Donald
>
> On Wed,
Looks OK to me,
Donald
On Wed, Aug 26, 2009 at 9:24 PM, Glen Zorn wrote:
> …
> PKMv1 has some fairly serious security problems that are described here:
> http://www2.computer.org/portal/web/csdl/doi/10.1109/SNPD.2008.138
>
> So I think the question is whether this document can make those serious
>
Yes, the changes below look good to me.
Thanks,
Donald
On Wed, Aug 26, 2009 at 9:40 PM, Glen Zorn wrote:
> Donald Eastlake [mailto:d3e...@gmail.com] writes:
>
> ...
>
>> >> The wording in Sections 3.1 and 3.2 see to almost be designed to
>> allow
>> >> the possibility of the multiple *-Cert Attri
Donald Eastlake [mailto:d3e...@gmail.com] writes:
...
> >> The wording in Sections 3.1 and 3.2 see to almost be designed to
> allow
> >> the possibility of the multiple *-Cert Attributes carrying a
> >> certificate to appear in more than one Access-Request message. But I
> >> would assume that's
.
PKMv1 has some fairly serious security problems that are described here:
http://www2.computer.org/portal/web/csdl/doi/10.1109/SNPD.2008.138
So I think the question is whether this document can make those serious
security problems even worse, in a way that has not already been
documented.
AFAI
Bernard Aboba [mailto:bernard_ab...@hotmail.com] writes:
Donald Eastlake said:
"Doing a little more research, 802.16e-2005, which
you don't reference, does begin to touch on this by at least
specifying how EAP fits into 802.16."
[BA] As I understand it, this document is focused entirely on
Donald Eastlake [mailto:d3e...@gmail.com] writes:
...
> >> This document defines seven RADIUS Attributes to support the
> >> implementation of 802.16 (WiMax) PKMv1 (Privacy Key Management
> version
> >> 1). I would guess that RADIUS can be used between the 802.16 Base
> >> Station and an authori
Donald Eastlake said:
"Doing a little more research, 802.16e-2005, which
you don't reference, does begin to touch on this by at least
specifying how EAP fits into 802.16."
[BA] As I understand it, this document is focused entirely on
PKMv1, which does not support EAP. So it does not apply t
Hi Glen,
See below...
On Mon, Aug 24, 2009 at 1:16 PM, Glen Zorn wrote:
> Donald Eastlake [mailto:d3e...@gmail.com] writes:
>
>> I have reviewed this document as part of the security directorate's
>> ongoing effort to review all IETF documents being processed by the
>> IESG. Document editors and
Donald Eastlake [mailto:d3e...@gmail.com] writes:
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG. Document editors and WG chairs should treat these comments just
> like any other last call comments.
10 matches
Mail list logo