#28: Missing Security Consideration - AAA protection of the MSK
The document needs to discuss the protections (or lack there of) for the
MSK as it travels from the IdP to the RP. Known issues are:
1. In RADIUS the security (encryption and authentication) is hop to hop
-so in theory any AAA proxy can decrypt the messages.
2. In Diameter there is no(?) current ability to encrypt either hop to
hop or end-to-end.
--
--------------------+-------------------------------------
Reporter: ietf@… | Owner: draft-ietf-abfab-arch@…
Type: defect | Status: new
Priority: major | Milestone:
Component: arch | Version:
Severity: - | Keywords:
--------------------+-------------------------------------
Ticket URL: <http://trac.tools.ietf.org/wg/abfab/trac/ticket/28>
abfab <http://tools.ietf.org/abfab/>
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
