IETF Logo Mail Archive

[HOKEY] ERX issues

Charles Clancy <clancy@cs.umd.edu> Tue, 18 March 2008 00:08 UTC

Return-Path: <hokey-bounces@ietf.org>
X-Original-To: ietfarch-hokey-archive@core3.amsl.com
Delivered-To: ietfarch-hokey-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E7BB13A6A64; Mon, 17 Mar 2008 17:08:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.069
X-Spam-Level:
X-Spam-Status: No, score=-100.069 tagged_above=-999 required=5 tests=[AWL=-0.232, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, J_CHICKENPOX_21=0.6, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gye4XJ-q88JD; Mon, 17 Mar 2008 17:08:41 -0700 (PDT)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 225C13A6BFE; Mon, 17 Mar 2008 17:08:41 -0700 (PDT)
X-Original-To: hokey@core3.amsl.com
Delivered-To: hokey@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D4E413A6A64 for <hokey@core3.amsl.com>; Mon, 17 Mar 2008 17:08:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SYM9Y1qbxUVO for <hokey@core3.amsl.com>; Mon, 17 Mar 2008 17:08:40 -0700 (PDT)
Received: from bacon.cs.umd.edu (server-nat-2.cs.umd.edu [128.8.127.145]) by core3.amsl.com (Postfix) with ESMTP id E739E3A6BFE for <hokey@ietf.org>; Mon, 17 Mar 2008 17:08:39 -0700 (PDT)
Received: from [127.0.0.1] (pool-71-179-91-146.bltmmd.fios.verizon.net [71.179.91.146]) (authenticated bits=0) by bacon.cs.umd.edu (8.13.1/8.12.5) with ESMTP id m2I06J80027557 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <hokey@ietf.org>; Mon, 17 Mar 2008 20:06:19 -0400
Message-ID: <47DF077C.300@cs.umd.edu>
Date: Mon, 17 Mar 2008 20:06:20 -0400
From: Charles Clancy <clancy@cs.umd.edu>
User-Agent: Thunderbird 2.0.0.12 (Windows/20080213)
MIME-Version: 1.0
To: hokey@ietf.org
X-CSD-MailScanner-Information: Please email staff@cs.umd.edu for more information
X-CSD-MailScanner: Found to be clean
X-CSD-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-4.399, required 5, autolearn=not spam, ALL_TRUSTED -1.80, BAYES_00 -2.60)
X-CSD-MailScanner-From: clancy@cs.umd.edu
Subject: [HOKEY] ERX issues
X-BeenThere: hokey@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: HOKEY WG Mailing List <hokey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/hokey>
List-Post: <mailto:hokey@ietf.org>
List-Help: <mailto:hokey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: hokey-bounces@ietf.org
Errors-To: hokey-bounces@ietf.org

During IESG evaluation, and at the last WG meeting, the following points 
were raised.  I've opened issues to track their progress:

ERX: authorization attack
http://www.ltsnet.net:8080/hokey/issue43

ERX document needs text defining behavior when re-authing across AAA DNS 
domains, and relate that to key management domains and administrative 
domains.  As-is, a re-auth across DNS domains without performing an ERP 
bootstrap results in authorization in a new domain with no accounting 
record of an initial authentication.  This could lead to fraudulent 
charges across AAA domains.


ERX: lower layer support
http://www.ltsnet.net:8080/hokey/issue44

 From Jari's DISCUSS.  ERX needs "truth in advertising" with respect to 
how existing authenticators may deal with a new EAP code.  See:
https://datatracker.ietf.org/idtracker/draft-ietf-hokey-erx/comment/78738/

-- 
t. charles clancy, ph.d.                 eng.umd.edu/~tcc
electrical & computer engineering, university of maryland
_______________________________________________
HOKEY mailing list
HOKEY@ietf.org
https://www.ietf.org/mailman/listinfo/hokey

v2.23.0 | Report a Bug | By Email