| Re: Issue 286: Security | <– Date –> <– Thread –> |
From: Jari Arkko (jari.arkko piuha.net)
|
|
| Date: Thu, 17 Feb 2005 00:34:55 -0500 (EST) | |
Sam,
And add this to the Security Considerations section:
I agree that the text should focus on what the situation is rather than who uses this stuff. I sent an alternative text proposal to the EAP list a while ago (but it did not go to the IESG list). Here's a new revision of that proposal. Would this work for you better?
Add the following new text to the end of the abstract:
The mechanism defined in this document is primarily intended for advertising connectivity to a limited number of entities that find such advertisements of their presence useful.
Replace paragraphs 3-5 in Section 1 with the following:
This mechanism is not generally applicable to all access networks or all home or mediating networks. Basic roaming and AAA routing mechanisms are normally sufficient, and the identification hints are typically useful only when there's too much ambiquity to try all client identity and access network combinations efficiently, or when the scale of the roaming associations precludes full automatic connectivity from all access networks to all home networks. This can happen, for instance, when access networks have contracts with multiple roaming consortiums but do not have a full list of home networks reachable through them.
In the situations mentioned above, a limited number of identity hints can be provided by the mechanism described in this document. Even in this case, for security reasons it is required that the networks that are listed in these hints consent to such advertisements.
Exactly how the identity hint information is used by the peer depends largely on the peer's local policy and configuration, and is outside the scope of this document. However, the peer would typically either decide to use another identity it has, decide to switch to another access network, or attempt to reformat its NAI [rfc2486bis] to assist in proper routing.
This document is also related to the general network discovery and selection problem. See [netsel-problem] for more detailed discussion about this problem space.
And add this to the Security Considerations section:
Any information revealed either from the network or client sides before authentication has occurred can be seen as a security risk. For instance, revealing the existence of network that uses a poor authentication method can make it easier for attackers to discover that such network can be accessed. As a result, the consent of the network being described in the hints is required before such hints can be sent.
- RE: Issue 286: Security, (continued)
- RE: Issue 286: Security Glen Zorn (gwz), February 15 2005
- Re: Issue 286: Security Jari Arkko, February 16 2005
- Message not available
- Re: Issue 286: Security Jari Arkko, February 16 2005
Results generated by Tiger Technologies using MHonArc.