IESG telechat Gen-ART review of draft-harkins-salted-eap-pwd-06 (Dale R. Worley) Sat, 15 October 2016 01:45 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B324F1296AD for <>; Fri, 14 Oct 2016 18:45:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.934
X-Spam-Status: No, score=-1.934 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id uQ1xU2lNEKkL for <>; Fri, 14 Oct 2016 18:45:05 -0700 (PDT)
Received: from ( [IPv6:2001:558:fe16:19:96:114:154:171]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id EEB00129739 for <>; Fri, 14 Oct 2016 18:45:03 -0700 (PDT)
Received: from ([]) by with SMTP id vE1PbKUlllHMYvE23bWUiy; Sat, 15 Oct 2016 01:45:03 +0000
Received: from ([]) by with SMTP id vE22bYgzjEk93vE22bNQA8; Sat, 15 Oct 2016 01:45:03 +0000
Received: from ( []) by (8.14.7/8.14.7) with ESMTP id u9F1j1Bw011697; Fri, 14 Oct 2016 21:45:01 -0400
Received: (from worley@localhost) by (8.14.7/8.14.7/Submit) id u9F1j0kY011685; Fri, 14 Oct 2016 21:45:00 -0400
X-Authentication-Warning: worley set sender to using -f
Subject: IESG telechat Gen-ART review of draft-harkins-salted-eap-pwd-06
Date: Fri, 14 Oct 2016 21:45:00 -0400
Message-ID: <>
X-CMAE-Envelope: MS4wfBArgF5cJq+6/IsaApBoyaT9t9yKGNtHjTJsvGNJhf2GX2nrTpevrIcRTGqoUnwzeHE3GXzjFpmBHjNtgrtN9BB2CdnaHiCEabTv4zpl/+EO3DNQm3u9 Bm+tQFjW5qn+be5K+bwPsEnMnrh75NRa+pO68J5znQ0Yj0YfA0trttt28X5UuWd7g8IsTox/vW/0OnsHy8tHcp2v+xkpiTDMSXt3GRhKv3aK+gIBo+65MEOz /ekEc6Ybg2Pjq3JMaKYESg==
Archived-At: <>
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 15 Oct 2016 01:45:07 -0000

Document: draft-harkins-salted-eap-pwd-06
Reviewer: Dale R. Worley
Review Date: 2016-09-05
IESG Telechat date: 2016-10-27

I am the assigned Gen-ART reviewer for this draft.  The General Area
Review Team (Gen-ART) reviews all IETF documents being processed by
the IESG for the IETF Chair.  Please wait for direction from your
document shepherd or AD before posting a new version of the draft.

For more information, please see the FAQ at

Summary:  This draft is basically ready for publication, but has
possible nits that should be considered for fixing before publication.

Minor issues:

2.5.  Payload Modifications

The construction of the EAP-pwd-Commit/Request message limits the salt
to 255 octets, or 2040 bits.  This probably ought to be mentioned in
section 2.1 where the length of the salt is discussed.

Is there any reason to be concerned that 2040 bits will be inadequate
in the near-to-medium future?

Nits/editorial comments:


   It included support for raw keys and RFC2751-style double
   hashing of a password but did not include support for salted

I believe that the reference to RFC 2751 is incorrect.  Probably what
is meant is RFC 2759 (see the reference thereto in RFC 5931).  In any
case, the referenced RFC should be listed as a reference.

1.1.  Background

   Databases of stored passwords present an attractive target for
   attack-- get access to the database, learn the passwords.

Normally, the spacing before and after "--" is the same.  There are
also examples of this in sections 2.1 and 5.  Perhaps discuss this
with the RFC Editor concerning the meaning the authors want to
associate with this punctuation.

2.1.  Password Pre-Processing

   o  TBD8: OpaqueString and a UNIX crypt() ([CRY])

Probably change "a UNIX crypt" to "UNIX crypt".

   o  TBD5: OpaqueString and a random salt with SHA-1 ([SHS])

For TBD5-TBD8, it might be clearer to say "OpaqueString and then ...",
as all of them have a two-phase structure.

5.  Security Considerations

   there is no dictionary attack needed to recover the plaintext

This is correct but doesn't emphasize the important point.  Perhaps

   since the plaintext password need not be recovered, no dictionary
   attack is needed


   While the immediate effect of such a compromise would be the
   compromised server,

I think changing "would be the compromised server" to "would be the
compromise of the server" would make this clearer.