Re: [Emu] server unauthenticated provisioning mode
Glen Zorn <glenzorn@gmail.com> Sat, 27 August 2011 05:20 UTC
Return-Path: <glenzorn@gmail.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 787B621F8A97 for <emu@ietfa.amsl.com>; Fri, 26 Aug 2011 22:20:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.299
X-Spam-Level:
X-Spam-Status: No, score=-3.299 tagged_above=-999 required=5 tests=[AWL=0.300, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wtk4yHU6bzhb for <emu@ietfa.amsl.com>; Fri, 26 Aug 2011 22:20:25 -0700 (PDT)
Received: from mail-yi0-f44.google.com (mail-yi0-f44.google.com [209.85.218.44]) by ietfa.amsl.com (Postfix) with ESMTP id DBCDC21F8A67 for <emu@ietf.org>; Fri, 26 Aug 2011 22:20:24 -0700 (PDT)
Received: by yie12 with SMTP id 12so2538539yie.31 for <emu@ietf.org>; Fri, 26 Aug 2011 22:21:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=8FR48bEq3j7Htm9+LlhM9VQZ330tD8oDilvpMHglugw=; b=msFchnT7zEOyQpuM0pkdomND4gUsdA8Kc7xyykAMbc5mzviFptWFo87tzl4Aj9NZjs M2rU12FUdV5JVtbabHgzus9bwSwIolo/NSgUMsXhnZ1N3i88AFXZXJqMKe/sGjFB5XoD 8RbyllmtipNhM5A4yhbFR0cR/BEbdPV581jBc=
Received: by 10.101.26.3 with SMTP id d3mr1821619anj.105.1314422501580; Fri, 26 Aug 2011 22:21:41 -0700 (PDT)
Received: from [192.168.1.98] (ppp-115-87-77-81.revip4.asianet.co.th [115.87.77.81]) by mx.google.com with ESMTPS id d33sm2289464ano.35.2011.08.26.22.21.36 (version=SSLv3 cipher=OTHER); Fri, 26 Aug 2011 22:21:40 -0700 (PDT)
Message-ID: <4E587EDC.6000601@gmail.com>
Date: Sat, 27 Aug 2011 12:21:32 +0700
From: Glen Zorn <glenzorn@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20110812 Thunderbird/6.0
MIME-Version: 1.0
To: Dan Harkins <dharkins@lounge.org>
References: <903fd07b1005de677ae850769bc0d9ba.squirrel@www.trepanning.net> <tslvctm8vu7.fsf@mit.edu> <aec7a052a6bdefd7dbd6651e4979fbd3.squirrel@www.trepanning.net> <tslippm8s7s.fsf@mit.edu> <6b23533ec43dc5c694d925e9302d721d.squirrel@www.trepanning.net> <tsl39gq8hr3.fsf@mit.edu> <4b9c28e27e7a32813d553f4ab78091cb.squirrel@www.trepanning.net> <tslobzd5wsi.fsf@mit.edu> <04f60572044e1534aaa136093e77f0f4.squirrel@www.trepanning.net> <4E572FD4.4040704@gmail.com> <7512996bb3562a81db9cb1d4a7fb5998.squirrel@www.trepanning.net> <4E573CDB.1080006@gmail.com> <9139533370ecd95c12b385c2610bdfb2.squirrel@www.trepanning.net>
In-Reply-To: <9139533370ecd95c12b385c2610bdfb2.squirrel@www.trepanning.net>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: Sam Hartman <hartmans-ietf@mit.edu>, emu@ietf.org
Subject: Re: [Emu] server unauthenticated provisioning mode
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/emu>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Aug 2011 05:20:25 -0000
On 8/26/2011 10:56 PM, Dan Harkins wrote: ... >>>>> I completely missed that. Sorry. But if the IETF standardized a >>>>> wholly inappropriate protocol like MSCHAPv2 (it doesn't even generate >>>>> a >>>>> shared key) >>>> >>>> Please check your sources & refrain from spouting nonsense; if EAP-pwd >>>> is really so wonderful you shouldn't need to disparage other work, it >>>> should stand on its own merit. >>> >>> I stand corrected. That must be why draft-zorn-emu-team proposed using >>> MSCHAPv2. Oh wait, it didn't. It proposed using EAP-pwd. >> >> & this has a relation to your misrepresentation how? > > It doesn't really, it was a reference to your implication that EAP-pwd > cannot stand on its own merit, and requires the disparagement of other > work to prop it up. Which I think we can both agree is not the case. Actually, Dan, I implied (or intended to imply) no such thing. My point was that making demonstrably false claims about other protocols doesn't strengthen your case but only weakens it, making it appear that EAP-pwd cannot stand on its own merits. MS-CHAPv2 was not specifically _not_ standardized by the IETF, the protocol was documented in a purely informational document ("This memo provides information for the Internet community. It does not specify an Internet standard of any kind."). While the ubiquity of Windows undoubtedly had an influence on its adoption, the main reason IMHO was that it solved a real problem which was widely disparaged within the IETF as either nonexistent or inappropriate (i.e., "if you would just change everything you do the way we told you to, that problem wouldn't exist"). > > Anyway, yes I misrepresented MSCHAPv2. It does produce a key. I was > wrong. > > But I still think the statement that MSCHAPv2 is inappropriate for > doing server unauthenticated provisioning mode is valid even with a > secret key output by MSCHAPv2. I hope we can both agree on that too. I am inclined to think that resistance to attack is a valuable thing in this case; EAP-pwd is demonstrably less susceptible to a variety of attacks than MS-CHAPv2 (or for that matter, EAP-GPSK). Furthermore, I think that constraining the choice of a MTI type on the basis of a single academic project (instead of security) is basically unconscionable.
- [Emu] server unauthenticated provisioning mode Dan Harkins
- Re: [Emu] server unauthenticated provisioning mode Sam Hartman
- Re: [Emu] server unauthenticated provisioning mode Dan Harkins
- Re: [Emu] server unauthenticated provisioning mode Sam Hartman
- Re: [Emu] server unauthenticated provisioning mode Dan Harkins
- Re: [Emu] server unauthenticated provisioning mode Sam Hartman
- Re: [Emu] server unauthenticated provisioning mode Dan Harkins
- Re: [Emu] server unauthenticated provisioning mode Sam Hartman
- Re: [Emu] server unauthenticated provisioning mode Dan Harkins
- Re: [Emu] server unauthenticated provisioning mode Glen Zorn
- Re: [Emu] server unauthenticated provisioning mode Dan Harkins
- Re: [Emu] server unauthenticated provisioning mode Glen Zorn
- Re: [Emu] server unauthenticated provisioning mode Glen Zorn
- Re: [Emu] server unauthenticated provisioning mode Dan Harkins
- Re: [Emu] server unauthenticated provisioning mode Glen Zorn