RE: Progress on RADIUS Extension for Digest Authentication
"Glen Zorn \(gwz\)" <gwz@cisco.com> Thu, 18 November 2004 23:38 UTC
Envelope-to: radiusext-data@psg.com
Delivery-date: Thu, 18 Nov 2004 23:38:44 +0000
Message-Id: <200411182338.iAINcVYr010565@sj-core-3.cisco.com>
Reply-To: gwz@cisco.com
From: "Glen Zorn (gwz)" <gwz@cisco.com>
To: 'Avi Lior' <avi@bridgewatersystems.com>, 'Bernard Aboba' <aboba@internaut.com>, radiusext@ops.ietf.org
Subject: RE: Progress on RADIUS Extension for Digest Authentication
Date: Thu, 18 Nov 2004 15:38:31 -0800
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Thread-Index: AcTNxVC84hx3SIMVRpGVMMPGuSQHjQAAddYA
Avi Lior <> wrote: > Hi Bernard, > > Regarding Issue[7] The need to use Message Authenticator. > > I think we all agreed that a message authenticator is needed here. > I think the debate was whether the Message-Autheticator will suffice > here. > > You suggested that maybe we introduce a new attribute. But as you > pointed out that while MD5 was found to be vunerable HMAC-MD5 was > not. There was lots of debate on this issue. > > I don't think we would solve this issue in the near future. This is > because, judging from the emails I don't think we would get consensus > even if we created a new message authenticator based on HMAC-SHA1. Doesn't this draft (http://www.ietf.org/internet-drafts/draft-zorn-radius-keywrap-01.tx t) solve your problem? > > So my suggestion is to use Message-Authenticator(80) which is based > on(HMAC-MD5). Which is not broken and proceed with the work. Not > having anything is clearly bad. > > >> -----Original Message----- >> From: Bernard Aboba [mailto:aboba@internaut.com] >> Sent: Thursday, November 18, 2004 1:16 PM >> To: radiusext@ops.ietf.org >> Subject: Progress on RADIUS Extension for Digest Authentication >> >> >> The specification "RADIUS Extension for Digest Authentication" has >> completed RADEXT WG Last call. Issues filed against the >> specification are available here: >> >> http://www.drizzle.com/~aboba/RADEXT/ >> >> The latest version of the specification is available here: >> http://www.ietf.org/internet-drafts/draft-sterman-aaa-sip-04.txt >> >> Further progress on this document requires that we verify that >> changes made in the -04 document represent RADEXT WG consensus. >> Since detailed text changes were not posted to the RADEXT WG mailing >> list prior to the submission of the -04 document, it is not possible >> to determine whether RADEXT WG consensus exists on the changes based >> on examination of the mailing list discussion. It is therefore not >> possible to move forward on this document until this issue is >> cleared up. >> >> In order to make progress, we have made a request that Issue >> submitters and other WG participants examine the changes in >> -04 and send email to the WG list, stating whether the changes are >> acceptable. So far, the mail received indicates the following: >> >> Issue 4: No mail received. WG consensus not verified. >> Issue 5: No mail received, Diameter draft needs to be updated before >> determining whether the resolutions can work. WG consensus >> not verified. Issue 6: No mail received. WG consensus not verified. >> Issue 7: Mail received, indicates WG consensus *against* the proposed >> resolution. No consensus verified. >> Issue 8: No mail received, security issues raised at IETF 60. No >> consensus verified. Issue 11: No mail received. No consensus >> verified. >> Issue 12: No mail received. No censensus verified. >> >> Given the lack of confirming email, we are at present unable to >> confirm whether the changes made in -04 represent WG consensus, and >> in one case (Issue 7) it appears that the proposed resolution has >> been rejected by the RADEXT WG. >> >> In order to enable the WG to demonstrate sufficient interest, we are >> going to extend the Request for Comment on the proposed resolutions >> until December 6, 2004. If you have submitted an Issue on the >> document, and >> believe it has been resolved, please send mail with "Issue X: >> Resolved" in the subject line, where X is the Issue number of your >> issue. >> >> If you have additional comments on the specification, or wish to >> contest the resolution of an issue, please send email to the RADEXT >> WG mailing list (radiusext@ops.ietf.org) in the format described on >> the RADEXT WG mailing list: >> >> http://www.drizzle.com/~aboba/RADEXT/ >> >> -- >> to unsubscribe send a message to >> radiusext-request@ops.ietf.org with the word 'unsubscribe' in a >> single line as the message text body. >> archive: <http://psg.com/lists/radiusext/> Hope this helps, ~gwz Why is it that most of the world's problems can't be solved by simply listening to John Coltrane? -- Henry Gabriel -- to unsubscribe send a message to radiusext-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/radiusext/>
- RE: Progress on RADIUS Extension for Digest Authe… Glen Zorn (gwz)
- Re: Progress on RADIUS Extension for Digest Authe… Jari Arkko
- RE: Progress on RADIUS Extension for Digest Authe… Avi Lior
- RE: Progress on RADIUS Extension for Digest Authe… Glen Zorn (gwz)
- RE: Progress on RADIUS Extension for Digest Authe… Nelson, David
- RE: Progress on RADIUS Extension for Digest Authe… Glen Zorn (gwz)
- RE: Progress on RADIUS Extension for Digest Authe… Avi Lior
- RE: Progress on RADIUS Extension for Digest Authe… Nelson, David
- RE: Progress on RADIUS Extension for Digest Authe… Avi Lior
- RE: Progress on RADIUS Extension for Digest Authe… Bernard Aboba
- RE: Progress on RADIUS Extension for Digest Authe… Glen Zorn (gwz)
- RE: Progress on RADIUS Extension for Digest Authe… Avi Lior
- Progress on RADIUS Extension for Digest Authentic… Bernard Aboba