[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

draft-bradner-pbk-frame-04

To: iesg-secretary@ietf.org
Subject: draft-bradner-pbk-frame-04
From: Russ Housley <housley@vigilsec.com>
Date: Wed, 30 Apr 2003 00:21:49 -0400
Cc: iesg@ietf.org

Please spell out first use of AAA.

Section 1.0 says:

By not using registered keys, the PBK mechanism preserves user
pseudonymity as long as the identities of the users are not obtained
by some other process during the communication.

s/obtained/disclosed/

Section 1.0 also says:

The PBK mechanism is susceptible to man-in-the-middle attacks which
affect its initialization. Such attacks may make it possible for a
pseudonymous identity to be used by a party other than the issuer.
There is an "initial leap of faith" about the pseudonymous identity
since it has no parties, other than the issuer, vouching for it, and
though only the issuer holds the private key, a man-in-the-middle
attacker may appear to hold and use the identity without good care
being taken in a protocol design that makes use of PBK. ...

I think that "issuer" is the wrong term. To me, the term "issuer" has the wrong connotation. I think you mean the party that generated the public/private key pair and then sent it to the recipient.

Prev by Date: Re: Evaluation: draft-ietf-pkix-rfc2510bis - Internet X.509 Public Key Infrastructure Certificate Management Protocols to Proposed Standard
Next by Date: Discuss on draft-zeilenga-ldap-user-schema-06.txt
Previous by thread: draft-bradner-pbk-frame-04
Next by thread: draft-foster-mgcp-bulkaudits (Informational)
Index(es):
- Date
- Thread