Alan DeKok [mailto:aland(_at_)deployingradius(_dot_)com] writes:
Glen Zorn wrote:
But none of the Attributes mentioned in Appendix B have anything to
do with
RADIUS security as I understand it. Can you explain?
From the document:
Appendix B includes a
listing of complex attributes used within [RFC2865], [RFC2868],
[RFC2869], [RFC3162], [RFC4818], and [RFC4675]. The discussion of
these attributes includes reasons why a complex type is acceptable,
or suggestions for how the attribute could have been defined to
follow the RADIUS data model.
The intent of Appendix B is to explain what is *wrong* about the use
of complex attributes in previous RFCs.
You seem to be honing you mastery of the non sequitur ;-). My original
question was:
<quote>
Yeah. I've always been a bit uncomfortable with the "security
functionality" escape clause in the RADIUS Design Guidelines draft.
Lots of things can reasonably be claimed to be "security related". I
would have preferred the exception to be crafted a bit narrower,
just for this reason. But, unless wording of Design Guidelines is
changed, you have a legitimate argument.
I believe the intent was "related to RADIUS security".
This statement puzzles me: section 2.1.3 of the design guidelines document
says:
As can be seen in Appendix B, most of the existing complex attributes
involve authentication or security functionality. Supporting this
functionality requires code changes on both the RADIUS client and
server, regardless of the attribute format. As a result, in most
cases, the use of complex attributes to represent these methods is
acceptable, and does not create additional interoperability or
deployment issues.
But none of the Attributes mentioned in Appendix B have anything to do with
RADIUS security as I understand it. Can you explain?
</quote>
How does your response relate to my original question?
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf