Re: [saag] Improving the CHAP protocol

Alan DeKok <aland@deployingradius.com> Tue, 24 September 2019 13:52 UTC

Return-Path: <aland@deployingradius.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E142812080C for <saag@ietfa.amsl.com>; Tue, 24 Sep 2019 06:52:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vuJsblImWwaD for <saag@ietfa.amsl.com>; Tue, 24 Sep 2019 06:52:11 -0700 (PDT)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E25AB1200C7 for <saag@ietf.org>; Tue, 24 Sep 2019 06:52:10 -0700 (PDT)
Received: from [192.168.20.69] (ottawa.ca.networkradius.com [72.137.155.194]) by mail.networkradius.com (Postfix) with ESMTPSA id 4DD5A19D9; Tue, 24 Sep 2019 13:52:08 +0000 (UTC)
Authentication-Results: NetworkRADIUS; dmarc=none header.from=deployingradius.com
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <CE03DB3D7B45C245BCA0D243277949363070E288@MX307CL04.corp.emc.com>
Date: Tue, 24 Sep 2019 09:52:06 -0400
Cc: Peter Gutmann <pgut001@cs.auckland.ac.nz>, "saag@ietf.org" <saag@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <2534DA2B-76A0-4CC7-95F6-405BCC5ADE91@deployingradius.com>
References: <9641f69d-0ffb-1c1d-7fb6-98ef4a54ad2c@redhat.com> <1569087342890.52733@cs.auckland.ac.nz> <4354cf7e-74f2-d36c-5fa0-587a2118a507@redhat.com> <CE03DB3D7B45C245BCA0D243277949363070E288@MX307CL04.corp.emc.com>
To: "Black, David" <David.Black@dell.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/RsCxC3d4wQ-XspllY3IS_rS4Cgw>
Subject: Re: [saag] Improving the CHAP protocol
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Sep 2019 13:52:13 -0000

On Sep 23, 2019, at 3:28 PM, Black, David <David.Black@dell.com> wrote:
> For clarity, the purpose of this exercise is to register additional hash functions for use by iSCSI, not to prolong the life of CHAP in PPP.  We have no problem asking IANA to restrict the newly registered hashes to be used only with iSCSI (i.e., prohibit their use with PPP).

  I don't see that as necessary.  It should be fine to use new methods with PPP.  Using the new methods in other protocols requires standards actions.  So by default they won't be used unless someone steps up to write those standards.

  Alan DeKok.