[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Progress on RADIUS Extension for Digest Authentication



Okay. So lets get this draft into last call right away.

Bernard, remember that 3GPP2 is looking for the sterman draft ASAP.  There
is a document that is ready to publish that must have an RFC number for
sterman.  So if this achievable then I am all for doing it right.

> -----Original Message-----
> From: Bernard Aboba [mailto:aboba@internaut.com] 
> Sent: Thursday, November 18, 2004 11:56 PM
> To: Glen Zorn (gwz)
> Cc: 'Avi Lior'; radiusext@ops.ietf.org
> Subject: RE: Progress on RADIUS Extension for Digest Authentication
> 
> 
> > Doesn't this draft 
> > http://www.ietf.org/internet-drafts/draft-zorn-radius-keywrap-01.txt
> > solve your problem?
> 
> I believe that Section 3.2 of this document does provide for the
> following:
> 
> a. Integrity protection and authentication of messages.
> b. Multiple algorithm support (HMAC-MD5 & HMAC-SHA1 for starters)
> 
> My reason for suggesting that the WG consider this is that 
> the Security ADs have expressed concern about MD5 usage in 
> new documents.  In addition, NIST is likely to require a 
> FIPS-approved MAC such as HMAC-SHA1 for FIPS certification.  
> So I think that RADEXT WG will eventually need something 
> along these lines.  So why not bite the bullet now?
> 

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>