Re: [TLS] draft-badra-tls-password-ext-01
badra@isima.fr Mon, 03 March 2008 20:56 UTC
Return-Path: <tls-bounces@ietf.org>
X-Original-To: ietfarch-tls-archive@core3.amsl.com
Delivered-To: ietfarch-tls-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D675C3A6D21; Mon, 3 Mar 2008 12:56:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.848
X-Spam-Level:
X-Spam-Status: No, score=-0.848 tagged_above=-999 required=5 tests=[AWL=-0.761, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_EQ_FR=0.35, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZqBGLTzgzxkW; Mon, 3 Mar 2008 12:55:59 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5A8133A6C5C; Mon, 3 Mar 2008 12:55:59 -0800 (PST)
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E78223A6C37 for <tls@core3.amsl.com>; Mon, 3 Mar 2008 12:55:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3ofkwwWs3Ls6 for <tls@core3.amsl.com>; Mon, 3 Mar 2008 12:55:57 -0800 (PST)
Received: from sp.isima.fr (sp.isima.fr [193.55.95.1]) by core3.amsl.com (Postfix) with ESMTP id DC5A63A699C for <tls@ietf.org>; Mon, 3 Mar 2008 12:55:56 -0800 (PST)
Received: from www.isima.fr (www-data@www.isima.fr [193.55.95.79]) by sp.isima.fr (8.13.8/8.13.8) with SMTP id m23LqeHo483452; Mon, 3 Mar 2008 21:52:40 GMT
Received: from 86.218.35.200 (SquirrelMail authenticated user badra) by www.isima.fr with HTTP; Mon, 3 Mar 2008 21:55:24 +0100 (CET)
Message-ID: <50754.86.218.35.200.1204577724.squirrel@www.isima.fr>
In-Reply-To: <c24c21d80803031250u223ccc64q49724cfa2d134050@mail.gmail.com>
References: <c24c21d80803031250u223ccc64q49724cfa2d134050@mail.gmail.com>
Date: Mon, 03 Mar 2008 21:55:24 +0100
From: badra@isima.fr
To: ah@tr-sys.de
User-Agent: SquirrelMail/1.4.2
MIME-Version: 1.0
X-Priority: 3
Importance: Normal
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (sp.isima.fr [193.55.95.1]); Mon, 03 Mar 2008 21:52:41 +0000 (WET)
Cc: tls@ietf.org
Subject: Re: [TLS] draft-badra-tls-password-ext-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Sender: tls-bounces@ietf.org
Errors-To: tls-bounces@ietf.org
Dear Alfred,
Thank you very much for this detailed and useful review. I will integrate
all of these comments in the future version. However, two comments are
in-line..
> Hello,
> after studying the Internet-Draft authored/edited by you,
> draft-badra-tls-password-ext-01,
> I'd like to submit a few comments.
> o Entering a username consisting of up to 128 printable Unicode
> characters.
> o Entering a passphrase of up to 64 octets in length as ASCII
> ^^^ ^^^^^^^^^^
> | strings or in hexadecimal encoding. The user interface MAY
> ^^ ^^^^
> accept other encodings if the algorithm for translating the
> encoding to a binary string is specified.
>
> BTW: Why only 64 octets?
Do you mean that 128 octets is more appropriate?
>
> Furthermore, I strongly recommend to set requirements to ensure
> a minimum entropy of the passphrase. A simple rule (suitable for
> being checked easily by humans), might be:
>
> The passphrase SHOULD at least contain 16 different octets, and at
> least 16 octets (say, x) in the passphrase must have neighbor octets
> not contained in the set {x-1, x, x+1} (mod 256).
>
> (The latter part aims at excluding long 'runs' of ascending/descending
> sequences.)
>
It seems good for me, please give a reference to recommend that, if any.
>
> (4) Sections 4 through 6
>
> When the ref. to RFC 4346 is updated to 4346bis, there's no more
> need to also refer to RFC 4366 (or 4366bis), because 4346bis has
> incorporated the Hello extension framework and the draft does not
> make any use of the particular extensions documented in RFC 4366 /
> 4366bis.
OK
>
> Best regards,
> Alfred H�nes.
Best regards,
Badra
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
- Re: [TLS] draft-badra-tls-password-ext-01 Alfred Hönes
- Re: [TLS] draft-badra-tls-password-ext-01 badra
- [TLS] draft-badra-tls-password-ext-01 Alfred Hönes