COMMENT: draft-ietf-radext-status-server
Bernard Aboba <bernard_aboba@hotmail.com> Wed, 21 April 2010 22:24 UTC
Return-Path: <owner-radiusext@ops.ietf.org>
X-Original-To: ietfarch-radext-archive-IeZ9sae2@core3.amsl.com
Delivered-To: ietfarch-radext-archive-IeZ9sae2@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A9C693A6A3A for <ietfarch-radext-archive-IeZ9sae2@core3.amsl.com>; Wed, 21 Apr 2010 15:24:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.32
X-Spam-Level: *
X-Spam-Status: No, score=1.32 tagged_above=-999 required=5 tests=[AWL=-0.786, BAYES_50=0.001, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, HTML_MESSAGE=0.001, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 71B8JrkjN9Vb for <ietfarch-radext-archive-IeZ9sae2@core3.amsl.com>; Wed, 21 Apr 2010 15:24:58 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id CC7BD3A6B2F for <radext-archive-IeZ9sae2@lists.ietf.org>; Wed, 21 Apr 2010 15:24:09 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.71 (FreeBSD)) (envelope-from <owner-radiusext@ops.ietf.org>) id 1O4iH1-0001um-2y for radiusext-data0@psg.com; Wed, 21 Apr 2010 22:19:59 +0000
Received: from [65.55.116.33] (helo=blu0-omc1-s22.blu0.hotmail.com) by psg.com with esmtp (Exim 4.71 (FreeBSD)) (envelope-from <bernard_aboba@hotmail.com>) id 1O4iGx-0001uS-Me for radiusext@ops.ietf.org; Wed, 21 Apr 2010 22:19:55 +0000
Received: from BLU137-W7 ([65.55.116.9]) by blu0-omc1-s22.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 21 Apr 2010 15:19:55 -0700
Message-ID: <BLU137-W7892528D73B56E7638DD493090@phx.gbl>
Content-Type: multipart/alternative; boundary="_b8c58574-3e51-4c71-a9fe-026822cca349_"
X-Originating-IP: [131.107.0.69]
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: "radiusext@ops.ietf.org" <radiusext@ops.ietf.org>
Subject: COMMENT: draft-ietf-radext-status-server
Date: Wed, 21 Apr 2010 15:19:54 -0700
Importance: Normal
In-Reply-To: <20100421214340.DD29728C0E0@core3.amsl.com>
References: <20100421214340.DD29728C0E0@core3.amsl.com>
MIME-Version: 1.0
X-OriginalArrivalTime: 21 Apr 2010 22:19:55.0099 (UTC) FILETIME=[C51512B0:01CAE1A0]
Sender: owner-radiusext@ops.ietf.org
Precedence: bulk
List-ID: <radiusext.ops.ietf.org>
> From: turners@ieca.com > To: iesg@ietf.org > CC: radext-chairs@tools.ietf.org; draft-ietf-radext-status-server@tools.ietf.org > Date: Wed, 21 Apr 2010 14:43:40 -0700 > Subject: COMMENT: draft-ietf-radext-status-server > > Comment: > I support Peter's discuss. > > Additionally, I noted the same thing Peter did wrt to random numbers. > > Section 3: In the Request Authenticator description the two paragraphs repeat that Request Authentication SHOULD be unpredictable and then says why. Maybe the second paragraph should be tweaked: > > The Request Authenticator value in a Status-Server packet > SHOULD also be unpredictable **because** an attacker **could** > trick a server > into responding to a predicted future request, and then use the > response to masquerade as that server to a future Status-Server > request from a client. >
- COMMENT: draft-ietf-radext-status-server Bernard Aboba
- COMMENT: draft-ietf-radext-status-server Bernard Aboba
- RE: COMMENT: draft-ietf-radext-status-server Romascanu, Dan (Dan)
- Re: COMMENT: draft-ietf-radext-status-server Alan DeKok