Re: [Emu] I-D Action:draft-ietf-emu-eap-gpsk-09.txt
"Dan Harkins" <dharkins@lounge.org> Fri, 27 June 2008 22:51 UTC
Return-Path: <emu-bounces@ietf.org>
X-Original-To: emu-archive@megatron.ietf.org
Delivered-To: ietfarch-emu-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DCB823A6A60; Fri, 27 Jun 2008 15:51:04 -0700 (PDT)
X-Original-To: emu@core3.amsl.com
Delivered-To: emu@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 84F533A6906 for <emu@core3.amsl.com>; Fri, 27 Jun 2008 15:51:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.265
X-Spam-Level:
X-Spam-Status: No, score=-2.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4J5WA+w4pb2q for <emu@core3.amsl.com>; Fri, 27 Jun 2008 15:51:02 -0700 (PDT)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by core3.amsl.com (Postfix) with ESMTP id A8B143A67F7 for <emu@ietf.org>; Fri, 27 Jun 2008 15:51:02 -0700 (PDT)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id 9A07E10224076; Fri, 27 Jun 2008 15:51:08 -0700 (PDT)
Received: from 69.12.173.8 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Fri, 27 Jun 2008 15:51:08 -0700 (PDT)
Message-ID: <fc3a945a71ce672633ae6fd3904b239f.squirrel@www.trepanning.net>
In-Reply-To: <20080627153001.CA9BD28C15E@core3.amsl.com>
References: <20080627153001.CA9BD28C15E@core3.amsl.com>
Date: Fri, 27 Jun 2008 15:51:08 -0700
From: Dan Harkins <dharkins@lounge.org>
To: emu@ietf.org
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
X-Priority: 3 (Normal)
Importance: Normal
Cc: Pasi.Eronen@nokia.com
Subject: Re: [Emu] I-D Action:draft-ietf-emu-eap-gpsk-09.txt
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/emu>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: emu-bounces@ietf.org
Errors-To: emu-bounces@ietf.org
Hi,
I just glanced over this draft. In section 12.1 each of the security
claims seems to refer to sections from the -08 version of the draft.
For instance,
Confidentiality: No (section 11.14 and 11.16)
where in the -08 draft sections 11.14 and 11.16 discuss ID protection
and confidentiality, respectively, but it's 12.15 and 12.17 in the -09
version. Am I misreading this somehow?
I also think that the security claims in 12.1 should explicitly spell
out whether they meet RFC 4017 requirements, like the charter says.
I'm glad that my comment on non-resistance to dictionary attack
was accepted. Thanks! But I still think that section is somewhat
ambiguous. It says, "Users who use passwords as the basis of their PSK
are not protected against dictionary attacks." Well, that's true but users
who do not use passwords as the basis of their PSK are also not protected
against dictionary attacks!
I'd like to suggest the following text for section 12.7:
The success of a dictionary attack against EAP-GPSK depends on
the strength of the long-term shared secret (PSK) it uses. The
PSK used by EAP-GPSK SHOULD be drawn from a pool of secrets that
is at least 2^128 bits large and whose distribution is uniformly
random. Note that this does not imply resistance to dictionary
attack, only that the probability of success in such an attack
is acceptably remote.
That is, I believe, fair, accurate, and unambiguous.
regards,
Dan.
On Fri, June 27, 2008 8:30 am, Internet-Drafts@ietf.org wrote:
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> This draft is a work item of the EAP Method Update Working Group of the
> IETF.
>
>
> Title : EAP Generalized Pre-Shared Key (EAP-GPSK) Method
> Author(s) : C. Clancy, H. Tschofenig
> Filename : draft-ietf-emu-eap-gpsk-09.txt
> Pages : 38
> Date : 2008-06-27
>
> This Internet Draft defines an Extensible Authentication Protocol
> method called EAP Generalized Pre-Shared Key (EAP-GPSK). This method
> is a lightweight shared-key authentication protocol supporting mutual
> authentication and key derivation.
>
> A URL for this Internet-Draft is:
> http://www.ietf.org/internet-drafts/draft-ietf-emu-eap-gpsk-09.txt
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
> Below is the data which will enable a MIME compliant mail reader
> implementation to automatically retrieve the ASCII version of the
> Internet-Draft.
> _______________________________________________
> Emu mailing list
> Emu@ietf.org
> https://www.ietf.org/mailman/listinfo/emu
>
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
- [Emu] I-D Action:draft-ietf-emu-eap-gpsk-09.txt Internet-Drafts
- Re: [Emu] I-D Action:draft-ietf-emu-eap-gpsk-09.t… Dan Harkins
- Re: [Emu] I-D Action:draft-ietf-emu-eap-gpsk-09.t… Hannes Tschofenig
- Re: [Emu] I-D Action:draft-ietf-emu-eap-gpsk-09.t… Dan Harkins