Re: [HOKEY] ERX issues
Lakshminath Dondeti <ldondeti@qualcomm.com> Tue, 18 March 2008 02:47 UTC
Return-Path: <hokey-bounces@ietf.org>
X-Original-To: ietfarch-hokey-archive@core3.amsl.com
Delivered-To: ietfarch-hokey-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 01EA33A6A1B; Mon, 17 Mar 2008 19:47:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.607
X-Spam-Level:
X-Spam-Status: No, score=-100.607 tagged_above=-999 required=5 tests=[AWL=-0.170, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HBBOvmrxKoOB; Mon, 17 Mar 2008 19:47:39 -0700 (PDT)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0A72B3A6EAE; Mon, 17 Mar 2008 19:47:39 -0700 (PDT)
X-Original-To: hokey@core3.amsl.com
Delivered-To: hokey@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0E95C3A6EAE for <hokey@core3.amsl.com>; Mon, 17 Mar 2008 19:47:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1LcTo56+vzf1 for <hokey@core3.amsl.com>; Mon, 17 Mar 2008 19:47:37 -0700 (PDT)
Received: from wolverine01.qualcomm.com (wolverine01.qualcomm.com [199.106.114.254]) by core3.amsl.com (Postfix) with ESMTP id 1A3F03A6942 for <hokey@ietf.org>; Mon, 17 Mar 2008 19:47:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qualcomm.com; i=ldondeti@qualcomm.com; q=dns/txt; s=qcdkim; t=1205808320; x=1237344320; h=message-id:date:from:user-agent:mime-version:to:cc: subject:references:in-reply-to:content-type: content-transfer-encoding:x-ironport-av; z=Message-ID:=20<47DF2CB6.6060300@qualcomm.com>|Date:=20Mo n,=2017=20Mar=202008=2019:45:10=20-0700|From:=20Lakshmina th=20Dondeti=20<ldondeti@qualcomm.com>|User-Agent:=20Thun derbird=202.0.0.12=20(Windows/20080213)|MIME-Version:=201 .0|To:=20Charles=20Clancy=20<clancy@cs.umd.edu>|CC:=20hok ey@ietf.org|Subject:=20Re:=20[HOKEY]=20ERX=20issues |References:=20<47DF077C.300@cs.umd.edu>|In-Reply-To:=20< 47DF077C.300@cs.umd.edu>|Content-Type:=20text/plain=3B=20 charset=3DISO-8859-15=3B=20format=3Dflowed |Content-Transfer-Encoding:=207bit|X-IronPort-AV:=20E=3DM cAfee=3Bi=3D"5100,188,5253"=3B=20a=3D"1337607"; bh=Qd3dzb9JJflFBSixRnplpom8xIg8DRuw4xZN+cfymuA=; b=gynPdcoHElwyPDwAwa1vnEOC5NrlmIr2W6bZKCmAFr44EiNkqi9bliCj SnJRXsiYQuFDvNelE3fVx5I7hYhAT7V5GSDXEg/IeASAlPGmeOlLKA7b9 AVrWMhdSmJEuLMepLYaHxhXc84VLy1ZSlzxlA9cUkbuxerr65MHBAvWrY A=;
X-IronPort-AV: E=McAfee;i="5100,188,5253"; a="1337607"
Received: from pdmz-ns-mip.qualcomm.com (HELO numenor.qualcomm.com) ([199.106.114.10]) by wolverine01.qualcomm.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 17 Mar 2008 19:45:20 -0700
Received: from msgtransport05.qualcomm.com (msgtransport05.qualcomm.com [129.46.61.150]) by numenor.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id m2I2jJMt029055 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Mon, 17 Mar 2008 19:45:20 -0700
Received: from [10.50.64.115] (qconnect-10-50-64-115.qualcomm.com [10.50.64.115]) by msgtransport05.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id m2I2jB7c005557 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 17 Mar 2008 19:45:11 -0700
Message-ID: <47DF2CB6.6060300@qualcomm.com>
Date: Mon, 17 Mar 2008 19:45:10 -0700
From: Lakshminath Dondeti <ldondeti@qualcomm.com>
User-Agent: Thunderbird 2.0.0.12 (Windows/20080213)
MIME-Version: 1.0
To: Charles Clancy <clancy@cs.umd.edu>
References: <47DF077C.300@cs.umd.edu>
In-Reply-To: <47DF077C.300@cs.umd.edu>
Cc: hokey@ietf.org
Subject: Re: [HOKEY] ERX issues
X-BeenThere: hokey@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: HOKEY WG Mailing List <hokey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/hokey>
List-Post: <mailto:hokey@ietf.org>
List-Help: <mailto:hokey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: hokey-bounces@ietf.org
Errors-To: hokey-bounces@ietf.org
On 3/17/2008 5:06 PM, Charles Clancy wrote: > During IESG evaluation, and at the last WG meeting, the following points > were raised. I've opened issues to track their progress: > > ERX: authorization attack > http://www.ltsnet.net:8080/hokey/issue43 > > ERX document needs text defining behavior when re-authing across AAA DNS > domains, and relate that to key management domains and administrative > domains. As-is, a re-auth across DNS domains without performing an ERP > bootstrap results in authorization in a new domain with no accounting > record of an initial authentication. This could lead to fraudulent > charges across AAA domains. Any proposed text? If the domain name changes, there would be a new domain specific key. Why wouldn't we write in the AAA document that upon ERP bootstrapping, there should be accounting start or equivalent? In fact, that is what I thought should happen with no changes to ERX. Next, procedurally, I haven't seen any AD picking this up as a DISCUSS, so I guess we are doing due diligence as part of the WG process and presumably Tim would support such a change. Could we make sure that this is ok with him? > > > ERX: lower layer support > http://www.ltsnet.net:8080/hokey/issue44 > > From Jari's DISCUSS. ERX needs "truth in advertising" with respect to > how existing authenticators may deal with a new EAP code. See: > https://datatracker.ietf.org/idtracker/draft-ietf-hokey-erx/comment/78738/ > I like Glen's take on this. Ideally, this should require no text changes. Jari thinks otherwise. regards, Lakshminath _______________________________________________ HOKEY mailing list HOKEY@ietf.org https://www.ietf.org/mailman/listinfo/hokey
- [HOKEY] ERX issues Charles Clancy
- Re: [HOKEY] ERX issues Lakshminath Dondeti
- Re: [HOKEY] ERX issues Yoshihiro Ohba
- Re: [HOKEY] ERX issues Alan DeKok
- Re: [HOKEY] ERX issues Yoshihiro Ohba
- Re: [HOKEY] ERX issues Charles Clancy
- Re: [HOKEY] ERX issues Charles Clancy
- Re: [HOKEY] ERX issues Yoshihiro Ohba
- Re: [HOKEY] ERX issues Alan DeKok
- Re: [HOKEY] ERX issues Yoshihiro Ohba
- Re: [HOKEY] ERX issues Alan DeKok
- Re: [HOKEY] ERX issues Yoshihiro Ohba
- Re: [HOKEY] ERX issues Alan DeKok
- Re: [HOKEY] ERX issues David B. Nelson
- Re: [HOKEY] ERX issues Lakshminath Dondeti
- Re: [HOKEY] ERX issues Yoshihiro Ohba
- Re: [HOKEY] ERX issues Alan DeKok
- Re: [HOKEY] ERX issues Yoshihiro Ohba
- Re: [HOKEY] ERX issues Yoshihiro Ohba
- Re: [HOKEY] ERX issues Alan DeKok
- Re: [HOKEY] ERX issues Yoshihiro Ohba
- Re: [HOKEY] ERX issues David B. Nelson
- Re: [HOKEY] ERX issues Yoshihiro Ohba
- Re: [HOKEY] ERX issues Narayanan, Vidya
- Re: [HOKEY] ERX issues Yoshihiro Ohba
- Re: [HOKEY] ERX issues Charles Clancy
- Re: [HOKEY] ERX issues Yoshihiro Ohba
- Re: [HOKEY] ERX issues Rafa Marin Lopez