ity is ideal, increasing the cost of casual
> style dragnet surveillance is still a Good Thing.
>
> - Ted
>
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Ric
edirect purposes.
All the rest of the text is fine.
Greetings,
Stefan Winter
>
>However, the use of DNS-based dynamic peer discovery is optional for
> Diameter
>implementations. For deployments which do not make use of S-NAPTR peer
>discovery, support of realm-based redi
y ;-)
> But as I said, it is only based on my understanding and I'm not an expert on
> DNS.
I don't think DNS is the problem here. It's more that Diameter butchers
its NAPTR usage unnecessarily.
Greetings,
Stefan Winter
>
> Regards,
>
> Lionel
>
>
eter agents.
For deployments which do not make use of S-NAPTR peer discovery, support
of realm-based redirection MUST be specified as part of functionality
supported by a Diameter application. (... continue with the rest of the
section ...)
Greetings,
Stefan Winter
>
> The IESG plans to make a de
be to do that in EAP core:
* Specify the encoding in which phase 2's Peer-Id is used during the EAP
negotiation that precedes the TEAP exchange. If Peer-Ids are not used
(i.e. identity privacy support is enabled), specify in which encoding
the privacy-preserving identity hints are expected.
Th
really has "force use of UTF-8" written all over it. The
question for me is which path to take, and where/who does the work.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherch
f we can agree that updating RFC3748 with stricter i18n rules is
going to be chartered work and will happen, then I can live with a
cliffhanger statement of "stay tuned for that update" in the
eapapplicability draft.
Greetings,
Stefan Winter
>
>
>
>
>
> That would
document.
>
> [BA] Exactly. It's just an applicability statement, not a prescription
> for world peace :)
Sure: we need more than an applicability statement update to achieve
peace in the EAP world. But if an applicability statement update is all
we can work with, we could try and
entity is in a tunnel
anyway, and the EAP type is known at that time; but that doesn't cover
all cases. EAP-pwd has no tunnel, and needs to rely on the "outer"
identity being in a format it can process. There are more untunneled EAP
types.
Greetings,
Stefan Winter
--
Stefan WINTER
I
t NAIs exclusively. I could well
imagine ABFAB being deployed inside an enterprise where EAP identities
do not follow the NAI provisions; any restrictions on the encoding or
normalization should apply to those deployments nontheless.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Re
possibly also require a
normalisation). That would indeed solve ABFAB's i18n'ed use of EAP, but
not everybody else's. That's a bit selfish, but it would certainly be
better than nothing.
I wonder what the other authors think about nailing down a
UTF-8/NFC-normalised Identity int
the *good* things about having an I-D cutoff
deadline. One finally finds time to do /other/ things ;-)
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
signature.asc
Description: OpenPGP digital signature
Hi,
> [...] ferkakte [...]
As a German, I'm now torn apart between being flattered that we've
successfully exported a German word to the U.S. and being speechlessly
shocked by the way spelling was b0rked in the process.
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RES
ingerprint. Implementations MUST support
SHA-1 as the hash algorithm.
* TLS using TLS-PSK (this model is optional to implement)
(note that some changed to this text might occur due to pending
DISCUSSes and COMMENTs in the IESG review).
Greetings,
Stefan Winter
>
> ___
on; but it's not for the
RAIDUS/TLS draft to decide. That would need a wg chartered item (luckily
radext is discussing rechartering right now; this might be worthwhile to
include...)
Please let me know if you'd prefer the Error-Cause "patch" to be in this
spec; I'll do a
is the failover option if the
TLS session cannot be established, a down-bidding attack can occur
if an adversary can maliciously close the TCP connection, or
prevent it from being established.
Just to make sure people realise that RADIUS/UDP security is untouched
by this spec?
Greetings,
Ste
to prepare the IESG review phase. It would be nice
if you could let me know whether the changes I did in the document
satisfactorily address your concerns.
Greetings,
Stefan Winter
>
> In any case, I take the point that the text is confusing for readers.
>
> While resolving the AD com
amic-discovery related
> material
> into a separate section prior to 3.1.
Moved out of the document, to go into dynamic-discovery.
> Appendix C. Assessment of Crypto-Agility Requirements
>
>
>The RADIUS Crypto-Agility Requirements (link to RFC once issued here)
>de
v6. So
there is no working IPv6 for you.
Stefan
>
> Kind regards,
>
> Otunte Otueneh
> ISOC Nigeria Chapter
>
>
> On Fri, Jun 10, 2011 at 7:32 AM, Stefan Winter
> mailto:stefan.win...@restena.lu>> wrote:
>
> Hi,
>
> >> ... when the suppor
hat's in Germany
though. Apparently, realities differ depending on where you are.
Greetings,
Stefan Winter
>
>> Keith Moore wrote:
>> Meanwhile, 6to4 continues to work just fine for me.
>> So please explain again why it isn't premature to
>> discourage a v
E. Or any kind
of search engine that would yield the document in a fraction of a
second. Or the internet at all?
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L
new IT equipment every n years, where "n" is by
preference (for the vendor) a low number? I'm shocked. BTW, switching
your DSL contract after the 2-year-handcuff of your favourite operator
will give you a new model for free.
Stefan
-Martin
--
Stefan WINTER
Ingenieur de Reche
y: they can sell new stuff to you then. That kind
of thinking is probably not what you as a customer appreciate, but it's
just fine if seen from the other side :-)
Stefan
-Martin
_______
Ietf mailing list
Ietf@ietf.org
https://www.ietf.
in 3588 also applies to the T-Bit in 3588bis then.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352
ethod on the card, I won't get service. Due to that, I can not use any
automatic-payment refueling stations in Luxembourg, nor rent a bike
("Veloh!") in Luxembourg City. Or train ticketing machines in the UK.
I'm delighted. Thanks, financials!
That's it for the rant of the
tp://is.gd/2kf0s
>
> ___
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
l see Tim's
message on the IETF web archives. Note the perfectly rendered "space"
instead of a question mark.
http://www.ietf.org/mail-archive/web/ietf/current/msg60578.html
(if you still see the ? instead, read above paragraph about
misconfigured or broken software)
Greetings,
S
better discussion ground.
(Disclaimer: I was not one of the people needing a visa. But I can have
empathy for other beings.)
Greetings,
Stefan Winter
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
ibility. I think you're implicitly
> arguing that that's not the right tradeoff, and frankly
> I think it's exactly the right tradeoff, myself.
>
> Melinda
>
> _______
> Ietf mailing list
> Ietf@ietf.org
> https://www.
t allows people to express their problems and solutions without
ugly hacks (read: as long as it supports the full set of Unicode - not
just the first 127 characters).
Greetings,
Stefan Winter
P.S.: "a2ps" never failed on me for producing 2-up, nicely framed and
properly page-breaked pr
ate that. There are no hard numbers and facts to prove that yet
though. In any case, for plain RADIUS deployments, a
max-desired-EAP-chunk discovery mechanism would be interesting.
That should be pretty much it.
May the force be with you,
Stefan Winter
_
r, but I'm open to better ideas at any
time.
Greetings,
Stefan Winter
___
IETF mailing list
IETF@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
Hello!
My name is Stefan Winter of the National Research and Education Network in
Luxembourg, RESTENA. We are an ISP for academia and take the lead in research
and development of a global academic wireless LAN federated roaming
consortium: "eduroam". This is based on EAP and 802.1X e
33 matches
Mail list logo