RE: [Isms] Comments on draft-ietf-isms-secshell-07.txt
"David Harrington" <ietfdbh@comcast.net> Wed, 27 June 2007 22:18 UTC
Return-path: <isms-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1I3fpx-00062J-Q8; Wed, 27 Jun 2007 18:18:09 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1I3fpw-0005xC-Sw for isms@ietf.org; Wed, 27 Jun 2007 18:18:08 -0400
Received: from rwcrmhc15.comcast.net ([216.148.227.155]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1I3fpP-0004yG-VL for isms@ietf.org; Wed, 27 Jun 2007 18:18:08 -0400
Received: from harrington73653 (c-24-128-104-207.hsd1.nh.comcast.net[24.128.104.207]) by comcast.net (rwcrmhc15) with SMTP id <20070627221734m15009f5s8e>; Wed, 27 Jun 2007 22:17:34 +0000
From: David Harrington <ietfdbh@comcast.net>
To: "'David B. Nelson'" <d.b.nelson@comcast.net>, isms@ietf.org
References: <00ff01c7b906$548ce290$6401a8c0@NEWTON603>
Subject: RE: [Isms] Comments on draft-ietf-isms-secshell-07.txt
Date: Wed, 27 Jun 2007 18:17:12 -0400
Message-ID: <051e01c7b908$e9b245c0$0600a8c0@china.huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
Thread-Index: Ace5BlRFGq4GH77dR7qBCJYvxLKkMAAAUpWg
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
In-Reply-To: <00ff01c7b906$548ce290$6401a8c0@NEWTON603>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 4adaf050708fb13be3316a9eee889caa
Cc:
X-BeenThere: isms@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Mailing list for the ISMS working group <isms.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/isms>
List-Post: <mailto:isms@lists.ietf.org>
List-Help: <mailto:isms-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=subscribe>
Errors-To: isms-bounces@lists.ietf.org
Hi, I am of the impression that implementers can encrypt their own storage of the password, so I don't see "require" or "leave" as accurate. How about, "At some point during the processing, these mechanisms require the password be made available as cleartext on the device ... which might introduce ...". dbh > -----Original Message----- > From: David B. Nelson [mailto:d.b.nelson@comcast.net] > Sent: Wednesday, June 27, 2007 5:59 PM > To: isms@ietf.org > Subject: [Isms] Comments on draft-ietf-isms-secshell-07.txt > > In section 3.1.3: > > It is also possible to use a different > password validation protocol such as CHAP [RFC1994] or digest > authentication [RFC 2617, draft-ietf-radext-digest-auth-04] to > integrate with RADIUS or Diameter. These mechanisms leave the > password in the clear on the device that is authenticating the > password which introduces threats to the authentication > infrastructure. > > Note that draft-ietf-radext-digest-auth-04 has been published > as RFC 4590. > This is currently under revision, to fix a couple or errors, as > draft-ietf-radext-rfc4590bis-01.txt. > > In the second sentence I would recommend changing "leave" to > "require". > > > > > _______________________________________________ > Isms mailing list > Isms@lists.ietf.org > https://www1.ietf.org/mailman/listinfo/isms > _______________________________________________ Isms mailing list Isms@lists.ietf.org https://www1.ietf.org/mailman/listinfo/isms
- [Isms] Comments on draft-ietf-isms-secshell-07.txt David B. Nelson
- RE: [Isms] Comments on draft-ietf-isms-secshell-0… David Harrington
- RE: [Isms] Comments on draft-ietf-isms-secshell-0… David Harrington
- RE: [Isms] Comments on draft-ietf-isms-secshell-0… David B. Nelson
- RE: [Isms] Comments on draft-ietf-isms-secshell-0… David Harrington