Re: Re: [SECMECH] Framework Bindings Vs. Mechanism Bridges
Shumon Huque <shuque@isc.upenn.edu> Mon, 22 August 2005 11:41 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E7Ag4-0006lh-BA; Mon, 22 Aug 2005 07:41:20 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E7Ag1-0006lZ-SY for secmech@megatron.ietf.org; Mon, 22 Aug 2005 07:41:18 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA08128 for <secmech@ietf.org>; Mon, 22 Aug 2005 07:41:16 -0400 (EDT)
Received: from talkeetna.isc-net.upenn.edu ([128.91.197.188]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1E7BGY-0005ia-Bl for secmech@ietf.org; Mon, 22 Aug 2005 08:19:04 -0400
Received: by talkeetna.isc-net.upenn.edu (Postfix, from userid 4127) id A6B34443B; Mon, 22 Aug 2005 07:41:12 -0400 (EDT)
Date: Mon, 22 Aug 2005 07:41:12 -0400
From: Shumon Huque <shuque@isc.upenn.edu>
To: t.otto@sharevolution.de
Subject: Re: Re: [SECMECH] Framework Bindings Vs. Mechanism Bridges
Message-ID: <20050822114112.GA343@isc.upenn.edu>
References: <5057734.1124708889160.JavaMail.servlet@kundenserver>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <5057734.1124708889160.JavaMail.servlet@kundenserver>
User-Agent: Mutt/1.4.2.1i
Organization: University of Pennsylvania
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 9182cfff02fae4f1b6e9349e01d62f32
Cc: secmech@ietf.org
X-BeenThere: secmech@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Security mechanisms BOF <secmech.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/secmech>, <mailto:secmech-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/secmech>
List-Post: <mailto:secmech@lists.ietf.org>
List-Help: <mailto:secmech-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/secmech>, <mailto:secmech-request@lists.ietf.org?subject=subscribe>
Sender: secmech-bounces@lists.ietf.org
Errors-To: secmech-bounces@lists.ietf.org
On Mon, Aug 22, 2005 at 01:08:09PM +0200, t.otto@sharevolution.de wrote: > > There already exists a Kerberos extension to TLS, RFC 2712 (Oct.99), > which can be run in EAP-TLS, so the question is: > > * Is there need for EAP-Kerberos at all? * RFC 2712 doesn't provide for initial and service ticket acquisition. So, at the very least an EAP method that allows you to do that needs to be developed. > So before all, we should investigate in how far EAP-Kerberos improves > the TLS-based solution. > > For instance, the mandatory resistance to dictionary attacks. Thomas Wu > has given in his Kerberos paper a hint how to mitigate this, however, > even if there is a strong-password protocol without IPR claims, > strong password methods suffer in general from heavy computation and thus > the EAP method would have worse performance. That's true. But as long as performance is good enough, it might be okay. It's probably certainly an issue for handheld devices needing to use it. --Shumon. _______________________________________________ SECMECH mailing list SECMECH@lists.ietf.org https://www1.ietf.org/mailman/listinfo/secmech
- AW: Re: [SECMECH] Framework Bindings Vs. Mechanis… t.otto
- Re: Re: [SECMECH] Framework Bindings Vs. Mechanis… Shumon Huque
- AW: Re: [SECMECH] Framework Bindings Vs. Mechanis… t.otto
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Jari Arkko
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Shumon Huque
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Nicolas Williams
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Jari Arkko