Re: [dix] Agenda bashing

To: Eric Rescorla <ekr at networkresonance.com>
Subject: Re: [dix] Agenda bashing
From: Eliot Lear <lear at cisco.com>
Date: Fri, 07 Jul 2006 10:00:05 +0200
Authentication-results: sj-dkim-7.cisco.com; header.From=lear@cisco.com; dkim=pass ( sig from cisco.com verified; );
Cc: Digital Identity Exchange <dix at ietf.org>
Dkim-signature: a=rsa-sha1; q=dns; l=688; t=1152259207; x=1153123207; c=relaxed/simple; s=sjdkim7001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=lear@cisco.com; z=From:Eliot=20Lear=20<lear@cisco.com> |Subject:Re=3A=20[dix]=20Agenda=20bashing; X=v=3Dcisco.com=3B=20h=3D6inNqoEUmFyA1l2ZAW91r5N7nQI=3D; b=eCLjMReyfvOB7j12RGskDawfUz/WlSMmaiB43KrYty46kK6f3SXetErTvawfxUbj5Me4bLj0 88OEXsf0LLpXxM1hr/H0f70EjnuBX0qVehWNlHuLBw4g1oTCno54vOGP;
In-reply-to: <20060707053732.57E01222426@laser.networkresonance.com>
List-archive: <http://www1.ietf.org/pipermail/dix>
List-help: <mailto:dix-request@ietf.org?subject=help>
List-id: Digital Identity Exchange <dix.ietf.org>
List-post: <mailto:dix@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
References: <20060707053732.57E01222426@laser.networkresonance.com>
Reply-to: Digital Identity Exchange <dix at ietf.org>
User-agent: Thunderbird 1.5.0.4 (Macintosh/20060530)

Eric Rescorla wrote:
> Eliot Lear <lear at cisco.com> wrote:
>   
>> Eric Rescorla wrote:
>> That the password is at all related to the hash result at all is an
>> (IMHO) unnecessary risk that would in our scenarios impact more than a
>> single service.  There exists methods where this is NOT the case.
>>     
>
> Yes, there do. But they all involve lugging some object around,
> in which case the problem becomes vastly easier. We need 
> a system which doesn't require a token.
>   

That's not true, Eric.  Anything you can lug around can be "lugged"
around in software.  It doesn't solve the malware/bot problem, but the
two issues are separate and distinct.

Eliot

_______________________________________________
dix mailing list
dix at ietf.org
https://www1.ietf.org/mailman/listinfo/dix

References:
- Re: [dix] Agenda bashing
  - From: Eric Rescorla

Prev by Date: Re: [dix] Agenda bashing
Next by Date: Re: [dix] Re: [Ietf-http-auth] Notes on Web authentication enhancements
Previous by thread: Re: [dix] Agenda bashing
Next by thread: Re[2]: [dix] Agenda bashing
Index(es):
- Date
- Thread

Re: [dix] Agenda bashing

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.