[Sip-security] Re: Digest AKA in IETF
Greg Rose <ggr@qualcomm.com> Thu, 18 April 2002 22:45 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA24861 for <sip-security-archive@odin.ietf.org>; Thu, 18 Apr 2002 18:45:48 -0400 (EDT)
Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id SAA10042 for sip-security-archive@odin.ietf.org; Thu, 18 Apr 2002 18:45:51 -0400 (EDT)
Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA09994; Thu, 18 Apr 2002 18:44:51 -0400 (EDT)
Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA09961 for <sip-security@optimus.ietf.org>; Thu, 18 Apr 2002 18:44:46 -0400 (EDT)
Received: from servo.qualcomm.com (servo.qualcomm.com [129.46.76.82]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA24855 for <sip-security@ietf.org>; Thu, 18 Apr 2002 18:44:40 -0400 (EDT)
Received: from GROSE.qualcomm.com (servo.qualcomm.com [129.46.76.82]) by servo.qualcomm.com (8.12.1/8.12.1/1.0) with ESMTP id g3IMiNQP005343; Thu, 18 Apr 2002 15:44:23 -0700 (PDT)
Message-Id: <5.1.0.14.2.20020419084411.02dd4c88@127.0.0.1>
X-Sender: ggr2@127.0.0.1
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Fri, 19 Apr 2002 08:44:47 +1000
To: aki.niemi@nokia.com
From: Greg Rose <ggr@qualcomm.com>
Cc: 3GPP_TSG_SA_WG3@list.etsi.fr, sip-security@ietf.org
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Subject: [Sip-security] Re: Digest AKA in IETF
Sender: sip-security-admin@ietf.org
Errors-To: sip-security-admin@ietf.org
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: Security Issues for the SIP protocol <sip-security.ietf.org>
X-BeenThere: sip-security@ietf.org
[Resend -- I goofed the sip-security address.] At 02:36 PM 4/18/2002 +0300, Aki Niemi wrote: >The draft is in WG Last Call starting from beginning of this week, and >will remain so for two weeks. This is the time to collect comments from >the WG review of the document. Once the WGLC ends, the document will enter >IETF LC for two weeks, now soliciting feedback from the entire IETF >community. After that the draft is ready for the IESG, and to pursuit >Standards Track RFC status. The objective is to do all this by mid May (in >bundle #2). > >Please comment the draft, and also preferably send the comments also on >the SIP WG list at: Hello Aki, I directed this message to sip.security, rather than all of sip... I apologise if this is the wrong thing to do. The draft appears to allow "algorithm=AKAv1-MD5-sess", which would implicitly allow reuse of the (possibly only 32-bit) RES in the context of the password. As we have already discussed on this list, that would be both insecure and contrary to the intent of AKA. Unless there is an explicit reason for inclusion of this option (other than allowing reuse of RES...) I would limit AKA to be used only with MD5 and not MD5-sess. regards, Greg. Greg Rose INTERNET: ggr@qualcomm.com Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199 Level 3, 230 Victoria Road, http://people.qualcomm.com/ggr/ Gladesville NSW 2111 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C _______________________________________________ Sip-security mailing list Sip-security@ietf.org https://www1.ietf.org/mailman/listinfo/sip-security
- [Sip-security] Re: Digest AKA in IETF Greg Rose
- [Sip-security] Re: Digest AKA in IETF Jari Arkko