> I would suggest that these attacks aren't very relevant. Or if they are, there > is very little which can be done about them.
+1 An AAA infrastructure is a logical extension of the NAS that enables authentication, key derivation and other security functions to be externalised. That externalisation yields a distributed AAA architecture, and its security depends on a set of assumptions between the participating actors. It is not a weakness of the architecture if one or more of those assumptions are not appropriate for a particular environment. It just means that the architecture is not the right tool for that case. It only becomes a weakness of the architecture if the assumption(s) become untenable for the important use cases. Personally, I don't think that is the case here. However, I think it is still useful input as we consider ways of improving AAA infrastructure technologies (e.g., in this case minimising the number of intermediaries between the NAS and the EAP server) to better serve EAP. Josh _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
