Re: [Emu] Impersonation and Lying NAS problem: two distinctissues (with different solutions)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Emu] Impersonation and Lying NAS problem: two distinctissues (with different solutions)

To: <hannes.tschofenig at nsn.com>, <sunseawq at huawei.com>, <emu at ietf.org>
Subject: Re: [Emu] Impersonation and Lying NAS problem: two distinctissues (with different solutions)
From: Bernard Aboba <bernard_aboba at hotmail.com>
Date: Tue, 18 Aug 2009 06:59:01 -0700
Delivered-to: emu at core3.amsl.com
Importance: Normal
In-reply-to: <3D3C75174CB95F42AD6BCC56E5555B45019A21B4 at FIESEXC015.nsn-intra.net>
List-archive: <http://www.ietf.org/mail-archive/web/emu>
List-help: <mailto:emu-request@ietf.org?subject=help>
List-id: "EAP Methods Update $EMU$" <emu.ietf.org>
List-post: <mailto:emu@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
References: <BLU137-W4C1E9263CC3A9EDABFB8A93060 at phx.gbl><AC1CFD94F59A264488DC2BEC3E890DE5088B0F51 at xmb-sjc-225.amer.cisco.com><BLU137-W1351F278F8E9D7DB662C7193050 at phx.gbl><AC1CFD94F59A264488DC2BEC3E890DE5089320CE at xmb-sjc-225.amer.cisco.com><BLU137-DS2F4ECAB3D257851F4099A93FF0 at phx.gbl> <012f01ca1fd1$4ff431f0$260ca40a at china.huawei.com> <3D3C75174CB95F42AD6BCC56E5555B45019A21B4 at FIESEXC015.nsn-intra.net>

Qin said:

"Based on this, impersonation issue seems to overlap with channel binding or lying NAS issue."

RFC 3748 Section 7.15 describes the distinction between the two problems:

"

   Section 4.3.7 of [RFC3579] describes how an EAP pass-through
   authenticator acting as a AAA client can be detected if it attempts
   to impersonate another authenticator (such by sending incorrect NAS-
   Identifier [RFC2865], NAS-IP-Address [RFC2865] or NAS-IPv6-Address
   [RFC3162] attributes via the AAA protocol).  However, it is possible
   for a pass-through authenticator acting as a AAA client to provide
   correct information to the AAA server while communicating misleading
   information to the EAP peer via a lower layer protocol.

References:
- Re: [Emu] #18 Internationalization
  - From: Bernard Aboba
- Re: [Emu] #18 Internationalization
  - From: Joseph Salowey (jsalowey)
- Re: [Emu] #18 Internationalization
  - From: Bernard Aboba
- Re: [Emu] #18 Internationalization
  - From: Joseph Salowey (jsalowey)
- [Emu] Impersonation and Lying NAS problem: two distinct issues (with different solutions)
  - From: Bernard Aboba
- Re: [Emu] Impersonation and Lying NAS problem: two distinct issues (with different solutions)
  - From: Qin Wu
- Re: [Emu] Impersonation and Lying NAS problem: two distinctissues (with different solutions)
  - From: Tschofenig, Hannes (NSN - FI/Espoo)

Prev by Date: Re: [Emu] EAP and authorization
Next by Date: Re: [Emu] #18 Internationalization
Previous by thread: Re: [Emu] Impersonation and Lying NAS problem: two distinctissues (with different solutions)
Next by thread: Re: [Emu] #18 Internationalization
Index(es):
- Date
- Thread

Re: [Emu] Impersonation and Lying NAS problem: two distinctissues (with different solutions)

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.