[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New XAUTH draft



Bronislav,

>One interesting benefit of XAUTH (or rather so-called legacy authentication
>schemes) is that you can revoke user from the RADIUS database very quickland
>reliably - for sure much faster and simpler than dealing with CRLs in it's
>current state of PKI.

Well, CRLs are not hard to manage for closed communities, which is the
comparable (to Radius) model for IPsec use, i.e., remote user access.  One
can also use OCSP, of course.

Steve


References: