RE: Progress on RADIUS Extension for Digest Authentication
Avi Lior <avi@bridgewatersystems.com> Thu, 18 November 2004 23:18 UTC
Envelope-to: radiusext-data@psg.com
Delivery-date: Thu, 18 Nov 2004 23:18:50 +0000
Message-ID: <F17FB067A86B2D488382C923C532EAA7024A4DBD@exch01.bridgewatersys.com>
From: Avi Lior <avi@bridgewatersystems.com>
To: 'Bernard Aboba' <aboba@internaut.com>, radiusext@ops.ietf.org
Subject: RE: Progress on RADIUS Extension for Digest Authentication
Date: Thu, 18 Nov 2004 18:18:34 -0500
MIME-Version: 1.0
Content-Type: text/plain
Hi Bernard, Regarding Issue[7] The need to use Message Authenticator. I think we all agreed that a message authenticator is needed here. I think the debate was whether the Message-Autheticator will suffice here. You suggested that maybe we introduce a new attribute. But as you pointed out that while MD5 was found to be vunerable HMAC-MD5 was not. There was lots of debate on this issue. I don't think we would solve this issue in the near future. This is because, judging from the emails I don't think we would get consensus even if we created a new message authenticator based on HMAC-SHA1. So my suggestion is to use Message-Authenticator(80) which is based on(HMAC-MD5). Which is not broken and proceed with the work. Not having anything is clearly bad. > -----Original Message----- > From: Bernard Aboba [mailto:aboba@internaut.com] > Sent: Thursday, November 18, 2004 1:16 PM > To: radiusext@ops.ietf.org > Subject: Progress on RADIUS Extension for Digest Authentication > > > The specification "RADIUS Extension for Digest > Authentication" has completed RADEXT WG Last call. Issues > filed against the specification are available here: > > http://www.drizzle.com/~aboba/RADEXT/ > > The latest version of the specification is available here: > http://www.ietf.org/internet-drafts/draft-sterman-aaa-sip-04.txt > > Further progress on this document requires that we verify > that changes made in the -04 document represent RADEXT WG > consensus. Since detailed text changes were not posted to the > RADEXT WG mailing list prior to the submission of the -04 > document, it is not possible to determine whether RADEXT WG > consensus exists on the changes based on examination of the > mailing list discussion. It is therefore not possible to > move forward on this document until this issue is cleared up. > > In order to make progress, we have made a request that Issue > submitters and other WG participants examine the changes in > -04 and send email to the WG list, stating whether the > changes are acceptable. So far, the mail received indicates > the following: > > Issue 4: No mail received. WG consensus not verified. > Issue 5: No mail received, Diameter draft needs to be updated before > determining whether the resolutions can work. WG consensus > not verified. > Issue 6: No mail received. WG consensus not verified. > Issue 7: Mail received, indicates WG consensus *against* the proposed > resolution. No consensus verified. > Issue 8: No mail received, security issues raised at IETF 60. No > consensus verified. > Issue 11: No mail received. No consensus verified. > Issue 12: No mail received. No censensus verified. > > Given the lack of confirming email, we are at present unable > to confirm whether the changes made in -04 represent WG > consensus, and in one case (Issue 7) it appears that the > proposed resolution has been rejected by the RADEXT WG. > > In order to enable the WG to demonstrate sufficient interest, > we are going to extend the Request for Comment on the > proposed resolutions until > December 6, 2004. If you have submitted an Issue on the > document, and > believe it has been resolved, please send mail with "Issue X: > Resolved" in the subject line, where X is the Issue number of > your issue. > > If you have additional comments on the specification, or wish > to contest the resolution of an issue, please send email to > the RADEXT WG mailing list (radiusext@ops.ietf.org) in the > format described on the RADEXT WG mailing list: > > http://www.drizzle.com/~aboba/RADEXT/ > > -- > to unsubscribe send a message to > radiusext-request@ops.ietf.org with the word 'unsubscribe' in > a single line as the message text body. > archive: <http://psg.com/lists/radiusext/> > -- to unsubscribe send a message to radiusext-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/radiusext/>
- RE: Progress on RADIUS Extension for Digest Authe… Glen Zorn (gwz)
- Re: Progress on RADIUS Extension for Digest Authe… Jari Arkko
- RE: Progress on RADIUS Extension for Digest Authe… Avi Lior
- RE: Progress on RADIUS Extension for Digest Authe… Glen Zorn (gwz)
- RE: Progress on RADIUS Extension for Digest Authe… Nelson, David
- RE: Progress on RADIUS Extension for Digest Authe… Glen Zorn (gwz)
- RE: Progress on RADIUS Extension for Digest Authe… Avi Lior
- RE: Progress on RADIUS Extension for Digest Authe… Nelson, David
- RE: Progress on RADIUS Extension for Digest Authe… Avi Lior
- RE: Progress on RADIUS Extension for Digest Authe… Bernard Aboba
- RE: Progress on RADIUS Extension for Digest Authe… Glen Zorn (gwz)
- RE: Progress on RADIUS Extension for Digest Authe… Avi Lior
- Progress on RADIUS Extension for Digest Authentic… Bernard Aboba