[Sterman Issue 7] Message Authenticator: Options
Avi Lior <avi@bridgewatersystems.com> Mon, 22 November 2004 21:16 UTC
Envelope-to: radiusext-data@psg.com
Delivery-date: Mon, 22 Nov 2004 21:17:10 +0000
Message-ID: <F17FB067A86B2D488382C923C532EAA7024A4DD0@exch01.bridgewatersys.com>
From: Avi Lior <avi@bridgewatersystems.com>
To: radiusext@ops.ietf.org
Subject: [Sterman Issue 7] Message Authenticator: Options
Date: Mon, 22 Nov 2004 16:16:33 -0500
MIME-Version: 1.0
Content-Type: text/plain
Hi folks, We would like to get closure on the issue of the use of Message Authenticator for draft-sterman-aaa-sip-04. Everyone seems to agree that we need to use some sort of RADIUS Message Authenticator. There was a discussion on the strength of HMAC-MD5. Some suggested that we should stregthen the RADIUS Message-Authenticator to HMAC-SHA1. -HMAC-MD5 is not busted (yet). -draft-sterman-aaa-sip-04 carries HTTP digest which are based on MD5. -draft-sterman-aaa-sip-04 seems to be addressing legacy deployements. Recommending that greenfield implementation use Diameter. -There is a push to get draft-sterman-aaa-sip-04 out quickly. -keywrap proposes a new message authenticator Message-Authentication-Code which supports either HMAC-MD5 or MHAC-SHA1 methods. Options: ======== 1) Allow draft-sterman-aaa-sip to use Message-Authenticator(80). And when keywrap is ready we can state in keywrap that RADIUS implmentation should upgrade to Message-Authentication-Code. 2) Require draft-sterman-aaa-sip to use Message-Authentication-Code. Questions: ========== -Will IESG accept a new RFC based on HMAC-MD5? If not then we don't really have a choice. -Will keywrap be ready in time? This is important but the authors feel that it is ready to go. However, note that Keywrap allows Message-Authentication-Code to be HMAC-MD5 isn't this a problem? Your comments and opinion would be appreciated. Avi -- to unsubscribe send a message to radiusext-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/radiusext/>
- Re: [Sterman Issue 7] Message Authenticator: Opti… Jari Arkko
- RE: [Sterman Issue 7] Message Authenticator: Opti… Avi Lior
- RE: [Sterman Issue 7] Message Authenticator: Opti… Glen Zorn (gwz)
- RE: [Sterman Issue 7] Message Authenticator: Opti… Avi Lior
- RE: [Sterman Issue 7] Message Authenticator: Opti… Avi Lior
- RE: [Sterman Issue 7] Message Authenticator: Opti… Avi Lior
- RE: [Sterman Issue 7] Message Authenticator: Opti… Nelson, David
- RE: [Sterman Issue 7] Message Authenticator: Opti… Glen Zorn (gwz)
- [Sterman Issue 7] Message Authenticator: Options Avi Lior