RE: Progress on RADIUS Extension for Digest Authentication

["Glen Zorn \(gwz\)" <gwz@cisco.com>]

Avi Lior <> wrote:
> Hi Bernard,
> 
> Regarding Issue[7] The need to use Message Authenticator.
> 
> I think we all agreed that a message authenticator is needed here.
> I think the debate was whether the Message-Autheticator will
suffice
> here. 
> 
> You suggested that maybe we introduce a new attribute.  But as you
> pointed out that while MD5 was found to be vunerable HMAC-MD5 was
> not. There was lots of debate on this issue.  
> 
> I don't think we would solve this issue in the near future.  This
is
> because, judging from the emails I don't think we would get
consensus
> even if we created a new message authenticator based on HMAC-SHA1.


Doesn't this draft
(http://www.ietf.org/internet-drafts/draft-zorn-radius-keywrap-01.tx
t) solve your problem?

> 
> So my suggestion is to use Message-Authenticator(80) which is
based
> on(HMAC-MD5). Which is not broken and proceed with the work.  Not
> having anything is clearly bad.  
> 
> 
>> -----Original Message-----
>> From: Bernard Aboba [mailto:aboba@internaut.com]
>> Sent: Thursday, November 18, 2004 1:16 PM
>> To: radiusext@ops.ietf.org
>> Subject: Progress on RADIUS Extension for Digest Authentication
>> 
>> 
>> The specification "RADIUS Extension for Digest Authentication"
has
>> completed RADEXT WG Last call.  Issues filed against the
>> specification are available here: 
>> 
>> http://www.drizzle.com/~aboba/RADEXT/
>> 
>> The latest version of the specification is available here:
>> http://www.ietf.org/internet-drafts/draft-sterman-aaa-sip-04.txt
>> 
>> Further progress on this document requires that we verify that
>> changes made in the -04 document represent RADEXT WG consensus.
>> Since detailed text changes were not posted to the RADEXT WG
mailing
>> list prior to the submission of the -04 document, it is not
possible
>> to determine whether RADEXT WG consensus exists on the changes
based
>> on examination of the mailing list discussion.  It is therefore
not
>> possible to move forward on this document until this issue is
>> cleared up. 
>> 
>> In order to make progress, we have made a request that Issue
>> submitters and other WG participants examine the changes in
>> -04 and send email to the WG list, stating whether the changes
are
>> acceptable.  So far, the mail received indicates the following:
>> 
>> Issue 4: No mail received. WG consensus not verified.
>> Issue 5: No mail received, Diameter draft needs to be updated
before
>>          determining whether the resolutions can work. WG
consensus 
>> not verified. Issue 6: No mail received. WG consensus not
verified.
>> Issue 7: Mail received, indicates WG consensus *against* the
proposed
>>          resolution. No consensus verified.
>> Issue 8: No mail received, security issues raised at IETF 60. No

>> consensus verified. Issue 11: No mail received. No consensus
>> verified. 
>> Issue 12: No mail received. No censensus verified.
>> 
>> Given the lack of confirming email, we are at present unable to
>> confirm whether the changes made in -04 represent WG consensus,
and
>> in one case (Issue 7) it appears that the proposed resolution has
>> been rejected by the RADEXT WG. 
>> 
>> In order to enable the WG to demonstrate sufficient interest, we
are
>> going to extend the Request for Comment on the proposed
resolutions
>> until December 6, 2004.   If you have submitted an Issue on the
>> document, and
>> believe it has been resolved, please send mail with "Issue X:
>> Resolved" in the subject line, where X is the Issue number of
your
>> issue. 
>> 
>> If you have additional comments on the specification, or wish to
>> contest the resolution of an issue, please send email to the
RADEXT
>> WG mailing list (radiusext@ops.ietf.org) in the format described
on
>> the RADEXT WG mailing list: 
>> 
>> http://www.drizzle.com/~aboba/RADEXT/
>> 
>> --
>> to unsubscribe send a message to
>> radiusext-request@ops.ietf.org with the word 'unsubscribe' in a
>> single line as the message text body.
>> archive: <http://psg.com/lists/radiusext/>

Hope this helps,

~gwz

Why is it that most of the world's problems can't be solved by
simply
  listening to John Coltrane? -- Henry Gabriel


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>