Re: [Emu] I-D Action:draft-ietf-emu-eap-gpsk-09.txt
"Dan Harkins" <dharkins@lounge.org> Fri, 27 June 2008 22:51 UTC
Return-Path: <emu-bounces@ietf.org>
X-Original-To: emu-archive@megatron.ietf.org
Delivered-To: ietfarch-emu-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DCB823A6A60; Fri, 27 Jun 2008 15:51:04 -0700 (PDT)
X-Original-To: emu@core3.amsl.com
Delivered-To: emu@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 84F533A6906 for <emu@core3.amsl.com>; Fri, 27 Jun 2008 15:51:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.265
X-Spam-Level:
X-Spam-Status: No, score=-2.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4J5WA+w4pb2q for <emu@core3.amsl.com>; Fri, 27 Jun 2008 15:51:02 -0700 (PDT)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by core3.amsl.com (Postfix) with ESMTP id A8B143A67F7 for <emu@ietf.org>; Fri, 27 Jun 2008 15:51:02 -0700 (PDT)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id 9A07E10224076; Fri, 27 Jun 2008 15:51:08 -0700 (PDT)
Received: from 69.12.173.8 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Fri, 27 Jun 2008 15:51:08 -0700 (PDT)
Message-ID: <fc3a945a71ce672633ae6fd3904b239f.squirrel@www.trepanning.net>
In-Reply-To: <20080627153001.CA9BD28C15E@core3.amsl.com>
References: <20080627153001.CA9BD28C15E@core3.amsl.com>
Date: Fri, 27 Jun 2008 15:51:08 -0700
From: Dan Harkins <dharkins@lounge.org>
To: emu@ietf.org
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
X-Priority: 3 (Normal)
Importance: Normal
Cc: Pasi.Eronen@nokia.com
Subject: Re: [Emu] I-D Action:draft-ietf-emu-eap-gpsk-09.txt
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/emu>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: emu-bounces@ietf.org
Errors-To: emu-bounces@ietf.org
Hi, I just glanced over this draft. In section 12.1 each of the security claims seems to refer to sections from the -08 version of the draft. For instance, Confidentiality: No (section 11.14 and 11.16) where in the -08 draft sections 11.14 and 11.16 discuss ID protection and confidentiality, respectively, but it's 12.15 and 12.17 in the -09 version. Am I misreading this somehow? I also think that the security claims in 12.1 should explicitly spell out whether they meet RFC 4017 requirements, like the charter says. I'm glad that my comment on non-resistance to dictionary attack was accepted. Thanks! But I still think that section is somewhat ambiguous. It says, "Users who use passwords as the basis of their PSK are not protected against dictionary attacks." Well, that's true but users who do not use passwords as the basis of their PSK are also not protected against dictionary attacks! I'd like to suggest the following text for section 12.7: The success of a dictionary attack against EAP-GPSK depends on the strength of the long-term shared secret (PSK) it uses. The PSK used by EAP-GPSK SHOULD be drawn from a pool of secrets that is at least 2^128 bits large and whose distribution is uniformly random. Note that this does not imply resistance to dictionary attack, only that the probability of success in such an attack is acceptably remote. That is, I believe, fair, accurate, and unambiguous. regards, Dan. On Fri, June 27, 2008 8:30 am, Internet-Drafts@ietf.org wrote: > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the EAP Method Update Working Group of the > IETF. > > > Title : EAP Generalized Pre-Shared Key (EAP-GPSK) Method > Author(s) : C. Clancy, H. Tschofenig > Filename : draft-ietf-emu-eap-gpsk-09.txt > Pages : 38 > Date : 2008-06-27 > > This Internet Draft defines an Extensible Authentication Protocol > method called EAP Generalized Pre-Shared Key (EAP-GPSK). This method > is a lightweight shared-key authentication protocol supporting mutual > authentication and key derivation. > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-ietf-emu-eap-gpsk-09.txt > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > Below is the data which will enable a MIME compliant mail reader > implementation to automatically retrieve the ASCII version of the > Internet-Draft. > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu > _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
- [Emu] I-D Action:draft-ietf-emu-eap-gpsk-09.txt Internet-Drafts
- Re: [Emu] I-D Action:draft-ietf-emu-eap-gpsk-09.t… Dan Harkins
- Re: [Emu] I-D Action:draft-ietf-emu-eap-gpsk-09.t… Hannes Tschofenig
- Re: [Emu] I-D Action:draft-ietf-emu-eap-gpsk-09.t… Dan Harkins