IETF Logo Mail Archive

Re: [dix] Agenda bashing

Eliot Lear <lear@cisco.com> Fri, 07 July 2006 08:00 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FylG0-000337-3K; Fri, 07 Jul 2006 04:00:12 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FylFy-00032c-Cn for dix@ietf.org; Fri, 07 Jul 2006 04:00:10 -0400
Received: from sj-iport-4.cisco.com ([171.68.10.86]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FylFw-0005et-3V for dix@ietf.org; Fri, 07 Jul 2006 04:00:10 -0400
Received: from sj-dkim-7.cisco.com ([171.68.10.88]) by sj-iport-4.cisco.com with ESMTP; 07 Jul 2006 01:00:07 -0700
X-IronPort-AV: i="4.06,215,1149490800"; d="scan'208"; a="1835956677:sNHT29488324"
Received: from sj-core-4.cisco.com (sj-core-4.cisco.com [171.68.223.138]) by sj-dkim-7.cisco.com (8.12.11/8.12.11) with ESMTP id k67807gi017704; Fri, 7 Jul 2006 01:00:07 -0700
Received: from imail.cisco.com (sjc12-sbr-sw3-3f5.cisco.com [172.19.96.182]) by sj-core-4.cisco.com (8.12.10/8.12.6) with ESMTP id k67807fr028699; Fri, 7 Jul 2006 01:00:07 -0700 (PDT)
Received: from [212.254.247.3] (ams3-vpn-dhcp4756.cisco.com [10.61.82.147]) by imail.cisco.com (8.12.11/8.12.10) with ESMTP id k677sTpR031032; Fri, 7 Jul 2006 00:54:29 -0700
Message-ID: <44AE1485.3020908@cisco.com>
Date: Fri, 07 Jul 2006 10:00:05 +0200
From: Eliot Lear <lear@cisco.com>
User-Agent: Thunderbird 1.5.0.4 (Macintosh/20060530)
MIME-Version: 1.0
To: Eric Rescorla <ekr@networkresonance.com>
Subject: Re: [dix] Agenda bashing
References: <20060707053732.57E01222426@laser.networkresonance.com>
In-Reply-To: <20060707053732.57E01222426@laser.networkresonance.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Authentication-Results: sj-dkim-7.cisco.com; header.From=lear@cisco.com; dkim=pass ( sig from cisco.com verified; );
DKIM-Signature: a=rsa-sha1; q=dns; l=688; t=1152259207; x=1153123207; c=relaxed/simple; s=sjdkim7001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=lear@cisco.com; z=From:Eliot=20Lear=20<lear@cisco.com> |Subject:Re=3A=20[dix]=20Agenda=20bashing; X=v=3Dcisco.com=3B=20h=3D6inNqoEUmFyA1l2ZAW91r5N7nQI=3D; b=eCLjMReyfvOB7j12RGskDawfUz/WlSMmaiB43KrYty46kK6f3SXetErTvawfxUbj5Me4bLj0 88OEXsf0LLpXxM1hr/H0f70EjnuBX0qVehWNlHuLBw4g1oTCno54vOGP;
X-Spam-Score: 0.0 (/)
X-Scan-Signature: d6b246023072368de71562c0ab503126
Cc: Digital Identity Exchange <dix@ietf.org>
X-BeenThere: dix@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Digital Identity Exchange <dix@ietf.org>
List-Id: Digital Identity Exchange <dix.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/dix>
List-Post: <mailto:dix@ietf.org>
List-Help: <mailto:dix-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
Errors-To: dix-bounces@ietf.org

Eric Rescorla wrote:
> Eliot Lear <lear@cisco.com> wrote:
>   
>> Eric Rescorla wrote:
>> That the password is at all related to the hash result at all is an
>> (IMHO) unnecessary risk that would in our scenarios impact more than a
>> single service.  There exists methods where this is NOT the case.
>>     
>
> Yes, there do. But they all involve lugging some object around,
> in which case the problem becomes vastly easier. We need 
> a system which doesn't require a token.
>   

That's not true, Eric.  Anything you can lug around can be "lugged"
around in software.  It doesn't solve the malware/bot problem, but the
two issues are separate and distinct.

Eliot

_______________________________________________
dix mailing list
dix@ietf.org
https://www1.ietf.org/mailman/listinfo/dix

v2.23.0 | Report a Bug | By Email