IETF Logo Mail Archive

Re: [HOKEY] Review of draft-gaonkar-radext-erp-attrs-02.txt

Alan DeKok <aland@deployingradius.com> Fri, 11 January 2008 06:36 UTC

Return-path: <hokey-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1JDDV1-0001Rh-5K; Fri, 11 Jan 2008 01:36:15 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1JDDUz-0001Lb-9m for hokey@ietf.org; Fri, 11 Jan 2008 01:36:13 -0500
Received: from www.deployingradius.com ([216.240.42.17] helo=deployingradius.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1JDDUy-00078x-To for hokey@ietf.org; Fri, 11 Jan 2008 01:36:13 -0500
Received: from [192.168.0.14] (pas38-1-82-67-71-238.fbx.proxad.net [82.67.71.238]) by deployingradius.com (Postfix) with ESMTP id E9318A704E; Thu, 10 Jan 2008 22:36:05 -0800 (PST)
Message-ID: <47870DE9.7000505@deployingradius.com>
Date: Fri, 11 Jan 2008 07:34:17 +0100
From: Alan DeKok <aland@deployingradius.com>
User-Agent: Thunderbird 2.0.0.6 (X11/20071022)
MIME-Version: 1.0
To: "Narayanan, Vidya" <vidyan@qualcomm.com>
Subject: Re: [HOKEY] Review of draft-gaonkar-radext-erp-attrs-02.txt
References: <477D1029.2060502@deployingradius.com> <2069.69.12.173.8.1199475463.squirrel@www.trepanning.net> <477ED21D.9010301@qualcomm.com> <1608.69.12.173.8.1199495480.squirrel@www.trepanning.net> <C24CB51D5AA800449982D9BCB9032513C22802@NAEX13.na.qualcomm.com> <4062.69.12.173.8.1199655622.squirrel@www.trepanning.net> <C24CB51D5AA800449982D9BCB9032513C22A67@NAEX13.na.qualcomm.com> <47843CFD.3040900@deployingradius.com> <C24CB51D5AA800449982D9BCB9032513CF47ED@NAEX13.na.qualcomm.com> <4785467D.1050607@deployingradius.com> <C24CB51D5AA800449982D9BCB9032513CF486 9@NAEX13.na. qualcomm.com> <7105.216.31.249.246.1199927549.squirrel@www.trepanning.net> <C24CB51D5AA800449982D9BCB9032513CF488D@NAEX13.na.qualcomm.com> <4785DEDC.7070707@deployingradius.com> <47867277.3040206@qualcomm.com> <4786FFA8.9010208@deployingradius.com> <C24CB51D5AA800449982D9BCB9032513CF4990@NAEX13.na.qualcomm.com> <478708BE.102080 5@deployingradius.com> <C24CB51D5AA800449982D9BCB9032513CF4991@NAEX13.na.qualcomm.com>
In-Reply-To: <C24CB51D5AA800449982D9BCB9032513CF4991@NAEX13.na.qualcomm.com>
X-Enigmail-Version: 0.95.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 93238566e09e6e262849b4f805833007
Cc: hokey@ietf.org
X-BeenThere: hokey@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: HOKEY WG Mailing List <hokey.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/hokey>
List-Post: <mailto:hokey@ietf.org>
List-Help: <mailto:hokey-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=subscribe>
Errors-To: hokey-bounces@ietf.org

Narayanan, Vidya wrote:
> You are not serious that we should be basing our future designs on how
> PAP works, are you? 

  <sigh>  No.  I was trying to use analogy and reference.

  To repeat the discussion in short form:

 - DSRK's are necessary
 * Why?
 - to avoid exposing credentials across domains and proxies
 * So?
 - it would be catastrophic!
 * No, it's accepted practice in many areas, and has zero problems
 - you're proposing that we use PAP?
 * Huh?

  All of the arguments for "security" of the re-authentication keys are
to protect against attacks that no one cares about.  I referred to
existing practices as proof that those arguments were unfounded.  I did
NOT propose that we replace EAP with PAP, and it's fairly annoying that
my comments were read that way.

  Alan DeKok.

_______________________________________________
HOKEY mailing list
HOKEY@ietf.org
https://www1.ietf.org/mailman/listinfo/hokey

v2.23.0 | Report a Bug | By Email