RADIUS Extension for Digest Authentication
Note: This ballot was opened for revision 02 and is now closed.
(Jari Arkko) Yes
Comment (2007-07-03 for -)
I verified diffs to RFC 4590 too. Everything looks good.
(Dan Romascanu) Yes
(Ron Bonica) No Objection
(Ross Callon) No Objection
(Lisa Dusseault) No Objection
Lars Eggert No Objection
(Sam Hartman) No Objection
(Cullen Jennings) (was Discuss, No Objection) No Objection
(Chris Newman) No Objection
Comment (2007-07-04 for -)
Might want to make sure IANA knows to update the RADIUS registry entries for these parameters to refer to the new RFC when it's published. The IANA considerations section didn't say that explicitly. I question whether RADIUS over IPsec will deploy as widely as HTTPS/SIPS has. This makes me wonder if IPsec is an adequate answer to protect these exchanges, especially given a simple passive eavesdrop of H(A1) leaves that user's account completely compromised in that realm.