Re: [Isms] comments on draft-nelson-isms-extended-vacm-00

To: Dave Nelson <d.b.nelson at comcast.net>
Subject: Re: [Isms] comments on draft-nelson-isms-extended-vacm-00
From: Juergen Schoenwaelder <j.schoenwaelder at jacobs-university.de>
Date: Mon, 27 Jul 2009 14:36:01 +0200
Cc: "isms at ietf.org" <isms at ietf.org>
Delivered-to: isms at core3.amsl.com
In-reply-to: <A1B512CB9018492C90EEDB94D8515C41 at NEWTON603>
List-archive: <http://www.ietf.org/mail-archive/web/isms>
List-help: <mailto:isms-request@ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.ietf.org>
List-post: <mailto:isms@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
Mail-followup-to: Dave Nelson <d.b.nelson at comcast.net>, "isms at ietf.org" <isms at ietf.org>
References: <20090727072452.GA10456 at elstar.local> <A1B512CB9018492C90EEDB94D8515C41 at NEWTON603>
Reply-to: Juergen Schoenwaelder <j.schoenwaelder at jacobs-university.de>
User-agent: Mutt/1.5.19 (2009-01-05)

On Mon, Jul 27, 2009 at 02:10:15PM +0200, Dave Nelson wrote:
> Juergen Schoenwaelder writes...
> 
> > here are a few comments (posted as a technical contributor) on the
> > RADIUS / VACM document:
> 
> I think you have nicely summarized the open technical issues in the -00
> draft.
> 
> > A: How specific should the document refer to the TSM? Should we try to
> >    phrase things such that things still work in case we replace TSM
> >    with something else?
> 
> I think that might be nice to do.  My one concern is that the mechanism of
> this document is dependent upon the tmStateReference.  While some
> yet-to-be-written security model might also work with a secure transport
> model, allowing the VACM extensions in this document to be used without a
> RADIUS-aware transport model seems to open up a security issue, or at the
> very least an undefined mode of operation. 

But isn't the RADIUS aware transport doing the manipulation of the
VACM table? Perhaps this is one thing to clarify further - which
component is actually manipulating the VACM table.

/js  

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>

Follow-Ups:
- Re: [Isms] comments on draft-nelson-isms-extended-vacm-00
  - From: Dave Nelson
- Re: [Isms] comments on draft-nelson-isms-extended-vacm-00
  - From: David Harrington

References:
- [Isms] comments on draft-nelson-isms-extended-vacm-00
  - From: Juergen Schoenwaelder
- Re: [Isms] comments on draft-nelson-isms-extended-vacm-00
  - From: Dave Nelson

Prev by Date: Re: [Isms] comments on draft-nelson-isms-extended-vacm-00
Next by Date: Re: [Isms] comments on draft-nelson-isms-extended-vacm-00
Previous by thread: Re: [Isms] comments on draft-nelson-isms-extended-vacm-00
Next by thread: Re: [Isms] comments on draft-nelson-isms-extended-vacm-00
Index(es):
- Date
- Thread

Re: [Isms] comments on draft-nelson-isms-extended-vacm-00

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.