[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Progress on RADIUS Extension for Digest Authentication

To: "'gwz@cisco.com'" <gwz@cisco.com>, "'Nelson, David'" <dnelson@enterasys.com>, Avi Lior <avi@bridgewatersystems.com>, 'Bernard Aboba' <aboba@internaut.com>
Subject: RE: Progress on RADIUS Extension for Digest Authentication
From: Avi Lior <avi@bridgewatersystems.com>
Date: Mon, 22 Nov 2004 11:10:13 -0500
Cc: radiusext@ops.ietf.org, 'AC Mahendran' <mahendra@qualcomm.com>

Glen and all,

I agree, if the keywrap doc is ready we should ask for it to be: a) a
working group item; and b) put it in to working last call ASAP.

As for its use for sterman draft, ideally we should use keywrap for this
document. I am all for that with the caveat that we should not delay
sterman. I don't want to see sterman delayed.  Especially since
Message-Authenticator is not busted. 

Also, if Message-Authenticator is busted or close to being busted it is
busted for EAP as well as Sterman.  So Key Wrap document can basically
indicated that Message-Authenticator should be deprecated and replaced with
Key-Wrap. What is wrong with this strartegy?


> -----Original Message-----
> From: Glen Zorn (gwz) [mailto:gwz@cisco.com] 
> Sent: Friday, November 19, 2004 4:07 PM
> To: 'Nelson, David'; 'Avi Lior'; 'Bernard Aboba'
> Cc: radiusext@ops.ietf.org; 'AC Mahendran'
> Subject: RE: Progress on RADIUS Extension for Digest Authentication
> 
> 
> Nelson, David <> wrote:
> >> Okay. So lets get this draft into last call right away.
> > 
> > Which draft?  The keywrap draft?  We haven't reached consensus
> that
> > it should be a WG work item yet,
> 
> Has anybody called for consensus from the WG?  It's 
> incredibly difficult to reach something without moving your hand...
> 
> > although Bernard has suggested that
> > it should be, and it seems to address a valid issue (NIST/FIPS
> > approved algorithms).   
> > 
> > Perhaps we ought to follow your earlier suggestion and use the 
> > existing Message-Authenticator Attribute in the Digest
> Authentication
> > draft (as it is a short-term dependency for 3GPP2).  We 
> could then let 
> > the keywrap draft take its course, hopefully eliciting more 
> review and 
> > comment on the list than heretofore.
> 
> I like this plan!  Let's 1) rubberstamp a flawed document, insuring
> 2) either massive upgrades or (more likely) non-action later because
> 3) we can't make a decision on anything of substance in less 
> than 2 years.
>   
> > 
> > -- Dave
> 
> Hope this helps,
> 
> ~gwz
> 
> Why is it that most of the world's problems can't be solved by simply
>   listening to John Coltrane? -- Henry Gabriel
> 

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: Progress on RADIUS Extension for Digest Authentication
  - From: Jari Arkko <jari.arkko@piuha.net>

Prev by Date: Adoption of CUI as a RADEXT WG Work Item
Next by Date: [Sterman Issue 7] Message Authenticator: Options
Previous by thread: RE: Progress on RADIUS Extension for Digest Authentication
Next by thread: Re: Progress on RADIUS Extension for Digest Authentication
Index(es):
- Date
- Thread