DISCUSS and COMMENT: draft-ietf-radext-status-server
"Bernard Aboba" <bernard_aboba@hotmail.com> Tue, 20 April 2010 21:06 UTC
Return-Path: <owner-radiusext@ops.ietf.org>
X-Original-To: ietfarch-radext-archive-IeZ9sae2@core3.amsl.com
Delivered-To: ietfarch-radext-archive-IeZ9sae2@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9216A28C107 for <ietfarch-radext-archive-IeZ9sae2@core3.amsl.com>; Tue, 20 Apr 2010 14:06:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.301
X-Spam-Level: *
X-Spam-Status: No, score=1.301 tagged_above=-999 required=5 tests=[AWL=-0.804, BAYES_50=0.001, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cwwEPQGjMA89 for <ietfarch-radext-archive-IeZ9sae2@core3.amsl.com>; Tue, 20 Apr 2010 14:06:31 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 71F2D3A6959 for <radext-archive-IeZ9sae2@lists.ietf.org>; Tue, 20 Apr 2010 14:06:28 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.71 (FreeBSD)) (envelope-from <owner-radiusext@ops.ietf.org>) id 1O4KZ3-000Du7-GG for radiusext-data0@psg.com; Tue, 20 Apr 2010 21:01:01 +0000
Received: from [65.55.116.13] (helo=blu0-omc1-s2.blu0.hotmail.com) by psg.com with esmtp (Exim 4.71 (FreeBSD)) (envelope-from <bernard_aboba@hotmail.com>) id 1O4KYy-000Dta-EO for radiusext@ops.ietf.org; Tue, 20 Apr 2010 21:00:56 +0000
Received: from BLU137-DS10 ([65.55.116.7]) by blu0-omc1-s2.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 20 Apr 2010 14:00:56 -0700
X-Originating-IP: [131.107.0.74]
X-Originating-Email: [bernard_aboba@hotmail.com]
Message-ID: <BLU137-DS1074803E73A527CFB4BF31930A0@phx.gbl>
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: radiusext@ops.ietf.org
References: <20100420183124.E173B3A683F@core3.amsl.com>
In-Reply-To: <20100420183124.E173B3A683F@core3.amsl.com>
Subject: DISCUSS and COMMENT: draft-ietf-radext-status-server
Date: Tue, 20 Apr 2010 14:00:54 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQH+QAViIud9GCSFTz6M9KPhOW92qpHFGQqQ
Content-Language: en-us
X-OriginalArrivalTime: 20 Apr 2010 21:00:56.0095 (UTC) FILETIME=[9200B2F0:01CAE0CC]
Sender: owner-radiusext@ops.ietf.org
Precedence: bulk
List-ID: <radiusext.ops.ietf.org>
-----Original Message----- From: Peter Saint-Andre [mailto:stpeter@stpeter.im] Sent: Tuesday, April 20, 2010 11:31 AM To: iesg@ietf.org Cc: aland@freeradius.org; radext-chairs@tools.ietf.org; draft-ietf-radext-status-server@tools.ietf.org Subject: DISCUSS and COMMENT: draft-ietf-radext-status-server Discuss: Is the use of MD5 in generating the Response Authenticator subject to collision attacks? If not, it would be helpful to describe why not, and provide a reference to RFC 4270. If so, then the security considerations need to be updated. Comment: Given that the Request Authenticator should be unpredictable and unique, a reference to RFC 4086 would be appropriate. Please add a reference to RFC 1321 for the definition of MD5. -- to unsubscribe send a message to radiusext-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/radiusext/>
- DISCUSS and COMMENT: draft-ietf-radext-status-ser… Bernard Aboba
- DISCUSS and COMMENT: draft-ietf-radext-status-ser… Bernard Aboba