Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Cable Modem [really more about PPPoE]

  • From: Fletcher E Kittredge
  • Date: Tue Jun 26 09:42:01 2001

On Mon, 25 Jun 2001 17:09:24 -0500  Chris Parker wrote:
> >2) To balance this one special case advantage,  radius auth has a
> >    number of flaws:
> >    i) it is an older protocol designed for a different model of
> >       networking and thus is missing many features of DHCP.  In
> >       particular, clean mechanisms for setting an arbitrary number of
> >       client configuration values.
> 
> Removing radius-auth from PPPoE for a second, I would hazzard that
> with the use of the defined radius VSA format, the number of client
> configuration values is not limited in practical applications.

You know, I started down that path once.

Good luck trying to get Microsoft and Apple to support radius VSA for
configuring clients.  Can you imagine what Microsoft would do?

> >    ii) public networks, it uses username/password authentication.
> >       This is a flawed mechanism for auth.  It is insecure[1] and
> >       generates a fair amount of support traffic.
> 
> You failed to include your [1] reference, so I'm not sure what you
> are refuting here.  I would suggest that relying on username/password
> auth via CHAP is less susceptible to spoofing than a MAC address.  I'm
> definitely open for other means of authenticating yourself on the
> network.

Sorry about that missing footnote.

[1] Radius is auth mechanism independent.  There are probably more
than a dozen currently supported by one implemenation or another.
However, for large, public access networks, the only one I know of in
use is username/password.

Username/password is weak authorization.  If you don't agree, please
see "Secrets and Lies : Digital Security in a Networked World" by
Bruce Schneir, [John Wiley & Sons, August 2000 ; ISBN: 0471253111 ].
It is an accessable discussion of the issues by an expert.






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.