Re: [LinkSec] Work in progress on a Security Architecture (onepersons view)
Robert Moskowitz wrote:
>
> rather what I was looking at was managing authentication state within a
> dynamic network. AAA talks about this and presents both models: where
> state is maintained in the network or in the end device. For a number of
> reasons I perfer the model of state in the end device, and
> Needham-Schroeder presents this well. Probably too well.
>
> I am working on a more architectual, less solution presentation.
>
It's not at all clear to me that the roaming requirement (if it's real) can
best be met with a N-S variant. Also, depending on how you cut up the pie,
I can't see how N-S necessarily ends up with all the important state in the
client.
Anyway, time to call in.
--
----------------------------------------------------------------------
Marcus Leech Mail: Dept 8M70, MS 012, FITZ
Advisor Phone: (ESN) 393-9145 +1 613 763 9145
Security Architecture and Planning Fax: (ESN) 393-9435 +1 613 763 9435
Nortel Networks mleech@nortelnetworks.com
-----------------Expressed opinions are my own, not my employer's------