[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DISCUSS and COMMENT: draft-ietf-radext-status-server




-----Original Message-----
From: Peter Saint-Andre [mailto:stpeter@stpeter.im] 
Sent: Tuesday, April 20, 2010 11:31 AM
To: iesg@ietf.org
Cc: aland@freeradius.org; radext-chairs@tools.ietf.org; draft-ietf-radext-status-server@tools.ietf.org
Subject: DISCUSS and COMMENT: draft-ietf-radext-status-server 

Discuss:
Is the use of MD5 in generating the Response Authenticator subject to collision attacks? If not, it would be helpful to describe why not, and provide a reference to RFC 4270. If so, then the security considerations need to be updated.

Comment:
Given that the Request Authenticator should be unpredictable and unique, a reference to RFC 4086 would be appropriate.

Please add a reference to RFC 1321 for the definition of MD5.



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>