[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Progress on RADIUS Extension for Digest Authentication

To: "Glen Zorn (gwz)" <gwz@cisco.com>
Subject: RE: Progress on RADIUS Extension for Digest Authentication
From: Bernard Aboba <aboba@internaut.com>
Date: Thu, 18 Nov 2004 20:56:15 -0800 (PST)
Cc: "'Avi Lior'" <avi@bridgewatersystems.com>, radiusext@ops.ietf.org
In-reply-to: <200411182338.iAINcVYr010565@sj-core-3.cisco.com>
References: <200411182338.iAINcVYr010565@sj-core-3.cisco.com>

> Doesn't this draft
> http://www.ietf.org/internet-drafts/draft-zorn-radius-keywrap-01.txt
> solve your problem?

I believe that Section 3.2 of this document does provide for the
following:

a. Integrity protection and authentication of messages.
b. Multiple algorithm support (HMAC-MD5 & HMAC-SHA1 for starters)

My reason for suggesting that the WG consider this is that the Security
ADs have expressed concern about MD5 usage in new documents.  In addition,
NIST is likely to require a FIPS-approved MAC such as HMAC-SHA1 for FIPS
certification.  So I think that RADEXT WG will eventually need something
along these lines.  So why not bite the bullet now?

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- RE: Progress on RADIUS Extension for Digest Authentication
  - From: "Glen Zorn \(gwz\)" <gwz@cisco.com>

Prev by Date: CUI: WG Work Item
Next by Date: RE: Request for Review: Chargeable User Identity (CUI)
Previous by thread: RE: Progress on RADIUS Extension for Digest Authentication
Next by thread: RE: Progress on RADIUS Extension for Digest Authentication
Index(es):
- Date
- Thread