[HOKEY] ERX issues
Charles Clancy <clancy@cs.umd.edu> Tue, 18 March 2008 00:08 UTC
Return-Path: <hokey-bounces@ietf.org>
X-Original-To: ietfarch-hokey-archive@core3.amsl.com
Delivered-To: ietfarch-hokey-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E7BB13A6A64; Mon, 17 Mar 2008 17:08:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.069
X-Spam-Level:
X-Spam-Status: No, score=-100.069 tagged_above=-999 required=5 tests=[AWL=-0.232, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, J_CHICKENPOX_21=0.6, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gye4XJ-q88JD; Mon, 17 Mar 2008 17:08:41 -0700 (PDT)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 225C13A6BFE; Mon, 17 Mar 2008 17:08:41 -0700 (PDT)
X-Original-To: hokey@core3.amsl.com
Delivered-To: hokey@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D4E413A6A64 for <hokey@core3.amsl.com>; Mon, 17 Mar 2008 17:08:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SYM9Y1qbxUVO for <hokey@core3.amsl.com>; Mon, 17 Mar 2008 17:08:40 -0700 (PDT)
Received: from bacon.cs.umd.edu (server-nat-2.cs.umd.edu [128.8.127.145]) by core3.amsl.com (Postfix) with ESMTP id E739E3A6BFE for <hokey@ietf.org>; Mon, 17 Mar 2008 17:08:39 -0700 (PDT)
Received: from [127.0.0.1] (pool-71-179-91-146.bltmmd.fios.verizon.net [71.179.91.146]) (authenticated bits=0) by bacon.cs.umd.edu (8.13.1/8.12.5) with ESMTP id m2I06J80027557 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <hokey@ietf.org>; Mon, 17 Mar 2008 20:06:19 -0400
Message-ID: <47DF077C.300@cs.umd.edu>
Date: Mon, 17 Mar 2008 20:06:20 -0400
From: Charles Clancy <clancy@cs.umd.edu>
User-Agent: Thunderbird 2.0.0.12 (Windows/20080213)
MIME-Version: 1.0
To: hokey@ietf.org
X-CSD-MailScanner-Information: Please email staff@cs.umd.edu for more information
X-CSD-MailScanner: Found to be clean
X-CSD-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-4.399, required 5, autolearn=not spam, ALL_TRUSTED -1.80, BAYES_00 -2.60)
X-CSD-MailScanner-From: clancy@cs.umd.edu
Subject: [HOKEY] ERX issues
X-BeenThere: hokey@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: HOKEY WG Mailing List <hokey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/hokey>
List-Post: <mailto:hokey@ietf.org>
List-Help: <mailto:hokey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: hokey-bounces@ietf.org
Errors-To: hokey-bounces@ietf.org
During IESG evaluation, and at the last WG meeting, the following points were raised. I've opened issues to track their progress: ERX: authorization attack http://www.ltsnet.net:8080/hokey/issue43 ERX document needs text defining behavior when re-authing across AAA DNS domains, and relate that to key management domains and administrative domains. As-is, a re-auth across DNS domains without performing an ERP bootstrap results in authorization in a new domain with no accounting record of an initial authentication. This could lead to fraudulent charges across AAA domains. ERX: lower layer support http://www.ltsnet.net:8080/hokey/issue44 From Jari's DISCUSS. ERX needs "truth in advertising" with respect to how existing authenticators may deal with a new EAP code. See: https://datatracker.ietf.org/idtracker/draft-ietf-hokey-erx/comment/78738/ -- t. charles clancy, ph.d. eng.umd.edu/~tcc electrical & computer engineering, university of maryland _______________________________________________ HOKEY mailing list HOKEY@ietf.org https://www.ietf.org/mailman/listinfo/hokey
- [HOKEY] ERX issues Charles Clancy
- Re: [HOKEY] ERX issues Lakshminath Dondeti
- Re: [HOKEY] ERX issues Yoshihiro Ohba
- Re: [HOKEY] ERX issues Alan DeKok
- Re: [HOKEY] ERX issues Yoshihiro Ohba
- Re: [HOKEY] ERX issues Charles Clancy
- Re: [HOKEY] ERX issues Charles Clancy
- Re: [HOKEY] ERX issues Yoshihiro Ohba
- Re: [HOKEY] ERX issues Alan DeKok
- Re: [HOKEY] ERX issues Yoshihiro Ohba
- Re: [HOKEY] ERX issues Alan DeKok
- Re: [HOKEY] ERX issues Yoshihiro Ohba
- Re: [HOKEY] ERX issues Alan DeKok
- Re: [HOKEY] ERX issues David B. Nelson
- Re: [HOKEY] ERX issues Lakshminath Dondeti
- Re: [HOKEY] ERX issues Yoshihiro Ohba
- Re: [HOKEY] ERX issues Alan DeKok
- Re: [HOKEY] ERX issues Yoshihiro Ohba
- Re: [HOKEY] ERX issues Yoshihiro Ohba
- Re: [HOKEY] ERX issues Alan DeKok
- Re: [HOKEY] ERX issues Yoshihiro Ohba
- Re: [HOKEY] ERX issues David B. Nelson
- Re: [HOKEY] ERX issues Yoshihiro Ohba
- Re: [HOKEY] ERX issues Narayanan, Vidya
- Re: [HOKEY] ERX issues Yoshihiro Ohba
- Re: [HOKEY] ERX issues Charles Clancy
- Re: [HOKEY] ERX issues Yoshihiro Ohba
- Re: [HOKEY] ERX issues Rafa Marin Lopez