| RE: RE: [Isms] RADIUS is not a trusted third party | <– Date –> <– Thread –> |
From: Nelson, David (dnelson enterasys.com)
|
|
| Date: Fri, 22 Apr 2005 10:35:39 -0400 (EDT) | |
John Vollbrecht writes ... [mailto:jrv [at] umich.edu] > The question I am wondering about is whether the RADIUS server could be > a trusted third party if it is directly connected to the NAS. In that > case it has credentials with all parties. However the credentials are > of quite different form - I am wondering if the form of credentials or > the relationship between the credentials makes a difference in whether > it can act effectively as a trusted third party. My first guess is > that it could (especially if RADIUS had stronger hashing) but I am not > sure. > What is your thought? I suspect there are cases in which a single (non-proxy) RADIUS server could act as a trusted third party, but that would depend on the extent to which the RADIUS server and the EAP server were considered a single entity. I think the issue is whether all parties can [directly] validate the bindings of authenticated identity to keys. When one set of bindings is created via the EAP session between the EAP peer and EAP server and another set of bindings is created via the RADIUS authentication and authorization exchanges between the RADIUS server and the NAS, there is certainly the opportunity for the parties to have disjoint sets of key bindings.
- Re: RE: [Isms] RADIUS is not a trusted third party, (continued)
- Re: RE: [Isms] RADIUS is not a trusted third party Julien Bournelle, April 22 2005
- Re: RE: [Isms] RADIUS is not a trusted third party Bernard Aboba, April 22 2005
- Message not available
- Re: RE: [Isms] RADIUS is not a trusted third party Bernard Aboba, April 22 2005
- RE: RE: [Isms] RADIUS is not a trusted third party Bernard Aboba, April 25 2005
Results generated by Tiger Technologies using MHonArc.