[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Progress on RADIUS Extension for Digest Authentication
Hi Bernard,
Regarding Issue[7] The need to use Message Authenticator.
I think we all agreed that a message authenticator is needed here.
I think the debate was whether the Message-Autheticator will suffice here.
You suggested that maybe we introduce a new attribute. But as you pointed
out that while MD5 was found to be vunerable HMAC-MD5 was not. There was
lots of debate on this issue.
I don't think we would solve this issue in the near future. This is
because, judging from the emails I don't think we would get consensus even
if we created a new message authenticator based on HMAC-SHA1.
So my suggestion is to use Message-Authenticator(80) which is based
on(HMAC-MD5). Which is not broken and proceed with the work. Not having
anything is clearly bad.
> -----Original Message-----
> From: Bernard Aboba [mailto:aboba@internaut.com]
> Sent: Thursday, November 18, 2004 1:16 PM
> To: radiusext@ops.ietf.org
> Subject: Progress on RADIUS Extension for Digest Authentication
>
>
> The specification "RADIUS Extension for Digest
> Authentication" has completed RADEXT WG Last call. Issues
> filed against the specification are available here:
>
> http://www.drizzle.com/~aboba/RADEXT/
>
> The latest version of the specification is available here:
> http://www.ietf.org/internet-drafts/draft-sterman-aaa-sip-04.txt
>
> Further progress on this document requires that we verify
> that changes made in the -04 document represent RADEXT WG
> consensus. Since detailed text changes were not posted to the
> RADEXT WG mailing list prior to the submission of the -04
> document, it is not possible to determine whether RADEXT WG
> consensus exists on the changes based on examination of the
> mailing list discussion. It is therefore not possible to
> move forward on this document until this issue is cleared up.
>
> In order to make progress, we have made a request that Issue
> submitters and other WG participants examine the changes in
> -04 and send email to the WG list, stating whether the
> changes are acceptable. So far, the mail received indicates
> the following:
>
> Issue 4: No mail received. WG consensus not verified.
> Issue 5: No mail received, Diameter draft needs to be updated before
> determining whether the resolutions can work. WG consensus
> not verified.
> Issue 6: No mail received. WG consensus not verified.
> Issue 7: Mail received, indicates WG consensus *against* the proposed
> resolution. No consensus verified.
> Issue 8: No mail received, security issues raised at IETF 60. No
> consensus verified.
> Issue 11: No mail received. No consensus verified.
> Issue 12: No mail received. No censensus verified.
>
> Given the lack of confirming email, we are at present unable
> to confirm whether the changes made in -04 represent WG
> consensus, and in one case (Issue 7) it appears that the
> proposed resolution has been rejected by the RADEXT WG.
>
> In order to enable the WG to demonstrate sufficient interest,
> we are going to extend the Request for Comment on the
> proposed resolutions until
> December 6, 2004. If you have submitted an Issue on the
> document, and
> believe it has been resolved, please send mail with "Issue X:
> Resolved" in the subject line, where X is the Issue number of
> your issue.
>
> If you have additional comments on the specification, or wish
> to contest the resolution of an issue, please send email to
> the RADEXT WG mailing list (radiusext@ops.ietf.org) in the
> format described on the RADEXT WG mailing list:
>
> http://www.drizzle.com/~aboba/RADEXT/
>
> --
> to unsubscribe send a message to
> radiusext-request@ops.ietf.org with the word 'unsubscribe' in
> a single line as the message text body.
> archive: <http://psg.com/lists/radiusext/>
>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>