Re: [dix] Agenda bashing
Eliot Lear <lear@cisco.com> Thu, 06 July 2006 17:09 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FyXM4-0002L5-UN; Thu, 06 Jul 2006 13:09:32 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FyXM3-0002Kq-CX for dix@ietf.org; Thu, 06 Jul 2006 13:09:31 -0400
Received: from stsc1260-eth-s1-s1p1-vip.va.neustar.com ([156.154.16.129] helo=chiedprmail1.ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FyUkh-00079v-Hb for dix@ietf.org; Thu, 06 Jul 2006 10:22:47 -0400
Received: from sj-iport-1-in.cisco.com ([171.71.176.70] helo=sj-iport-1.cisco.com) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1FyUbh-0006GS-8J for dix@ietf.org; Thu, 06 Jul 2006 10:13:31 -0400
Received: from sj-dkim-2.cisco.com ([171.71.179.186]) by sj-iport-1.cisco.com with ESMTP; 06 Jul 2006 07:13:29 -0700
Received: from sj-core-1.cisco.com (sj-core-1.cisco.com [171.71.177.237]) by sj-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id k66EDSnr025175; Thu, 6 Jul 2006 07:13:28 -0700
Received: from imail.cisco.com (sjc12-sbr-sw3-3f5.cisco.com [172.19.96.182]) by sj-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id k66EDS9s004031; Thu, 6 Jul 2006 07:13:28 -0700 (PDT)
Received: from [212.254.247.3] (ams3-vpn-dhcp473.cisco.com [10.61.65.217]) by imail.cisco.com (8.12.11/8.12.10) with ESMTP id k66E7rmN007322; Thu, 6 Jul 2006 07:07:53 -0700
Message-ID: <44AD1A86.1050300@cisco.com>
Date: Thu, 06 Jul 2006 16:13:26 +0200
From: Eliot Lear <lear@cisco.com>
User-Agent: Thunderbird 1.5.0.4 (Macintosh/20060530)
MIME-Version: 1.0
To: EKR <ekr@networkresonance.com>
Subject: Re: [dix] Agenda bashing
References: <20060703172550.A182A222425@laser.networkresonance.com> <44A973DC.9040801@cisco.com> <86zmfqa0au.fsf@raman.networkresonance.com> <8C86E9E37E4BD3C-1288-2A5B@FWM-D05.sysops.aol.com> <44ACA9CF.7090605@cisco.com> <86fyhej3hg.fsf@raman.networkresonance.com>
In-Reply-To: <86fyhej3hg.fsf@raman.networkresonance.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Authentication-Results: sj-dkim-2.cisco.com; header.From=lear@cisco.com; dkim=pass ( sig from cisco.com verified; );
DKIM-Signature: a=rsa-sha1; q=dns; l=786; t=1152195208; x=1153059208; c=relaxed/simple; s=sjdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=lear@cisco.com; z=From:Eliot=20Lear=20<lear@cisco.com> |Subject:Re=3A=20[dix]=20Agenda=20bashing; X=v=3Dcisco.com=3B=20h=3D6inNqoEUmFyA1l2ZAW91r5N7nQI=3D; b=JbE3FC67dZhgkg3x3g4Tj5TP2LDlcq7o+WSkxs/pd2c6B/Xv0B2It08Y0iQ+1GA300Xprx5A xejYPdv9ti69eOlJUZB+Cfp8DNCPl9HnLUwOPP54OzDeFRtQow+rvl50;
X-Spam-Score: -2.3 (--)
X-Scan-Signature: de4f315c9369b71d7dd5909b42224370
Cc: Digital Identity Exchange <dix@ietf.org>
X-BeenThere: dix@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Digital Identity Exchange <dix@ietf.org>
List-Id: Digital Identity Exchange <dix.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/dix>
List-Post: <mailto:dix@ietf.org>
List-Help: <mailto:dix-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
Errors-To: dix-bounces@ietf.org
Eric Rescorla wrote: > Well, you could clearly use PwdHash this way. In fact, that's how > your industry standard challenge-response token works. But it doesn't > really help because you don't have HRA against an attacker who > controls the victim's computer. So, they don't capture your > authentication string but they capture the immediately following > session. > PwdHash as an algorithm doesn't protect you from a host computer compromise. For that you need architectural separation, which is why smart cards etc exist. It remains up to the end server as to what transactions might require additional authentication. So for instance, a bank may choose to authenticate on new payees for online billing or for particularly large transactions. Or not. Eliot _______________________________________________ dix mailing list dix@ietf.org https://www1.ietf.org/mailman/listinfo/dix
- Re: [dix] Agenda bashing Eliot Lear
- [dix] Agenda bashing Pete Resnick
- Re: [dix] Agenda bashing Eliot Lear
- Re: [dix] Agenda bashing Eric Rescorla
- RE: [dix] Agenda bashing Hallam-Baker, Phillip
- Re: [dix] Agenda bashing Eric Rescorla
- Re: [dix] Agenda bashing Pete Resnick
- Re: [dix] Agenda bashing Eric Rescorla
- Re: [dix] Agenda bashing Haripriya S
- Re: [dix] Agenda bashing Eric Rescorla
- Re: [dix] Agenda bashing thayes0993
- Re: [dix] Agenda bashing Eric Rescorla
- Re: [dix] Agenda bashing Eliot Lear
- Re: [dix] Agenda bashing Ben Laurie
- Re: [dix] Agenda bashing Eliot Lear
- Re: [dix] Agenda bashing Eric Rescorla
- RE: [dix] Agenda bashing Hallam-Baker, Phillip
- Re: [dix] Agenda bashing Eric Rescorla
- Re: [dix] Agenda bashing Eliot Lear
- Re: [dix] Agenda bashing Eliot Lear
- Re: [dix] Agenda bashing Eric Rescorla
- Re: [dix] Agenda bashing Eliot Lear
- Re[2]: [dix] Agenda bashing Chris Drake