RE: [HOKEY] EMSK Issue
Bernard Aboba <bernarda@windows.microsoft.com> Mon, 24 March 2008 12:45 UTC
Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietfarch-ietf-archive@core3.amsl.com
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7605928C38F; Mon, 24 Mar 2008 05:45:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.163
X-Spam-Level:
X-Spam-Status: No, score=-101.163 tagged_above=-999 required=5 tests=[AWL=-0.726, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i56t71gvlwbk; Mon, 24 Mar 2008 05:45:56 -0700 (PDT)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5960B28C32D; Mon, 24 Mar 2008 05:45:28 -0700 (PDT)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AEF663A6919 for <ietf@core3.amsl.com>; Sun, 23 Mar 2008 20:38:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4HTsdZIiE4Ln for <ietf@core3.amsl.com>; Sun, 23 Mar 2008 20:38:22 -0700 (PDT)
Received: from smtp.microsoft.com (mail2.microsoft.com [131.107.115.215]) by core3.amsl.com (Postfix) with ESMTP id 07ED23A67AA for <ietf@ietf.org>; Sun, 23 Mar 2008 20:38:21 -0700 (PDT)
Received: from TK5-EXHUB-C102.redmond.corp.microsoft.com (157.54.18.53) by TK5-EXGWY-E802.partners.extranet.microsoft.com (10.251.56.168) with Microsoft SMTP Server (TLS) id 8.1.240.5; Sun, 23 Mar 2008 20:36:33 -0700
Received: from TK5-EXMLT-W603.wingroup.windeploy.ntdev.microsoft.com (157.54.18.6) by TK5-EXHUB-C102.redmond.corp.microsoft.com (157.54.18.53) with Microsoft SMTP Server id 8.1.240.5; Sun, 23 Mar 2008 20:36:03 -0700
Received: from NA-EXMSG-W602.wingroup.windeploy.ntdev.microsoft.com ([157.54.62.196]) by TK5-EXMLT-W603.wingroup.windeploy.ntdev.microsoft.com ([157.54.18.6]) with mapi; Sun, 23 Mar 2008 20:36:33 -0700
From: Bernard Aboba <bernarda@windows.microsoft.com>
To: Charles Clancy <clancy@cs.umd.edu>
Date: Sun, 23 Mar 2008 20:36:32 -0700
Subject: RE: [HOKEY] EMSK Issue
Thread-Topic: [HOKEY] EMSK Issue
Thread-Index: AciNVVVCckKZeWCnRSOC6QIf7ZcEJgACPz85
Message-ID: <BF39D5928B74A44A99310240EDDF5AB02B41DC22A1@NA-EXMSG-W602.wingroup.windeploy.ntdev.microsoft.com>
References: <47DF04FC.4060706@cs.umd.edu> <A3DA4C2546E1614D8ACC896746CDCF29E7BF6E@aruba-mx1.arubanetworks.com> <C24CB51D5AA800449982D9BCB90325130142DBF9@NAEX13.na.qualcomm.com>, <47E70F45.2020106@cs.umd.edu>
In-Reply-To: <47E70F45.2020106@cs.umd.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
MIME-Version: 1.0
X-Mailman-Approved-At: Mon, 24 Mar 2008 05:45:26 -0700
Cc: "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
> For example, consider using a USRK to secure HTTP. If your access > provider did this to deliver firmware updates to your handset, this > might be reasonable, but if amazon.com required it for authentication, > this would be unreasonable. I do not believe that either application is reasonable. The EAP peer has no reason to trust a third party to update its firmware merely because they can prove possession of a key derived from the EMSK. Given that any proxy on the path could obtain such a key, this kind of architecture provides such flimsy security that it needs to be restricted to use in protecting a commodity (e.g. network access) that has virtually no value. Existing firmware distribution models provide much higher levels of trust, typically providing verification of the identity of the third party, as well as demonstration that they are authorized to provide firmware updates, and proof that the firmware itself has not been tampered with. _______________________________________________ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
- RE: [HOKEY] EMSK Issue Glen Zorn
- RE: [HOKEY] EMSK Issue Narayanan, Vidya
- RE: [HOKEY] EMSK Issue Avi Lior
- Re: [HOKEY] EMSK Issue Brian E Carpenter
- RE: [HOKEY] EMSK Issue Glen Zorn
- Re: [HOKEY] EMSK Issue Charles Clancy
- RE: [HOKEY] EMSK Issue Bernard Aboba
- RE: [HOKEY] EMSK Issue Narayanan, Vidya
- RE: [HOKEY] EMSK Issue Joseph Salowey (jsalowey)
- Re: [HOKEY] EMSK Issue Charles Clancy
- RE: [HOKEY] EMSK Issue Bernard Aboba