Re: [Emu] Working Group Last Call for draft-ietf-emu-chbind-04.txt
Yaron Sheffer <yaronf@checkpoint.com> Sun, 06 December 2009 10:02 UTC
Return-Path: <yaronf@checkpoint.com>
X-Original-To: emu@core3.amsl.com
Delivered-To: emu@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 04AC33A67AE for <emu@core3.amsl.com>; Sun, 6 Dec 2009 02:02:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.559
X-Spam-Level:
X-Spam-Status: No, score=-3.559 tagged_above=-999 required=5 tests=[AWL=0.040, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QyEVzM2uC6ut for <emu@core3.amsl.com>; Sun, 6 Dec 2009 02:02:45 -0800 (PST)
Received: from michael.checkpoint.com (michael.checkpoint.com [194.29.32.68]) by core3.amsl.com (Postfix) with ESMTP id 7804A3A6403 for <emu@ietf.org>; Sun, 6 Dec 2009 02:02:45 -0800 (PST)
Received: from il-ex01.ad.checkpoint.com (localhost [127.0.0.1]) by michael.checkpoint.com (8.12.10+Sun/8.12.10) with ESMTP id nB6A2YGo011504 for <emu@ietf.org>; Sun, 6 Dec 2009 12:02:34 +0200 (IST)
Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([126.0.0.2]) with mapi; Sun, 6 Dec 2009 12:02:44 +0200
From: Yaron Sheffer <yaronf@checkpoint.com>
To: "emu@ietf.org" <emu@ietf.org>
Date: Sun, 06 Dec 2009 12:02:31 +0200
Thread-Topic: Working Group Last Call for draft-ietf-emu-chbind-04.txt
Thread-Index: Acp15ZmDxYsma/7oTkSCurGf4fvL7QAcZ0qQ
Message-ID: <7F9A6D26EB51614FBF9F81C0DA4CFEC801BDF88E0C14@il-ex01.ad.checkpoint.com>
References: <mailman.47.1260043204.5501.emu@ietf.org>
In-Reply-To: <mailman.47.1260043204.5501.emu@ietf.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [Emu] Working Group Last Call for draft-ietf-emu-chbind-04.txt
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/emu>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Dec 2009 10:02:47 -0000
Hi, IMHO this document is not ready to be advanced, at least not as Standards Track. The document is extremely abstract: it defines the problem statement very well, but then keep its options open when describing the solution. The fact that the document has an empty IANA section is a strong hint that it is not really defining a protocol. This can be resolved either of two ways: - Change it to Informational, and add text to clarify that the document is *not* defining a protocol (despite the title of Sec. 5), but rather presents the problem and proposes several alternative solution strategies. - Or extend it to really define a protocol. In which case you need to answer some simple questions like: * Is this taking place at the EAP level? The SAP level? Is it a new EAP method? Should it be built into each and every new EAP method? * How does it apply to the few existing EAP methods that can accommodate it today? * How are the actual TLVs represented/encoded? BTW, just defining the TLV formats (and IANA numbers) for EAP methods would serve the community well: looking at the IANA registry for EAP-GPSK, there's a "protected payload" defined (http://www.iana.org/assignments/eap-gpsk-parameters/eap-gpsk-parameters.xhtml#eap-gpsk-parameters-2). But nobody ever bothered defining *any* specific payloads for channel bindings. Thanks, Yaron > > ---------------------------------------------------------------------- > > Date: Fri, 4 Dec 2009 12:12:30 -0800 > From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com> > Subject: [Emu] Working Group Last Call for > draft-ietf-emu-chbind-04.txt > To: <emu@ietf.org> > Message-ID: > <AC1CFD94F59A264488DC2BEC3E890DE5093AAD03@xmb-sjc- > 225.amer.cisco.com> > Content-Type: text/plain; charset="us-ascii" > > This is an announcement of working group last call for the Channel > Bindings draft: draft-ietf-emu-chbind-04. Please send comments to the > list by December 18, 2009. When proposing changes to the document it is > helpful to provide some sample text. Also if you have reviewed the > document and found no issues it is appropriate to send a message to the > list indicating your approval. > > The URL for the document is > http://www.ietf.org/id/draft-ietf-emu-chbind-04.txt > > Cheers, > > Joe > > > ------------------------------ > > Message: 2 > Date: Fri, 4 Dec 2009 13:11:26 -0800 (PST) > From: "Dan Harkins" <dharkins@lounge.org> > Subject: Re: [Emu] Issue #7: Password Authentication > To: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com> > Cc: emu@ietf.org > Message-ID: > <356e783c475bc4bfd423f50e6b5a4302.squirrel@www.trepanning.net> > Content-Type: text/plain;charset=iso-8859-1 > > > Hi Joe, > > I like your suggestion. Using "EAP server" would satisfy my concern. > > thanks, > > Dan. > > On Fri, December 4, 2009 11:56 am, Joseph Salowey (jsalowey) wrote: > > OK good points. I can see the problem with the authentication server > > wording. I think EAP server is more correct in this case as it leaves > > deployment options open. Is the text OK if we change Authentication > > Server to EAP server in this paragraph? > > > > Joe > > > >> -----Original Message----- > >> From: Alan DeKok [mailto:aland@deployingradius.com] > >> Sent: Friday, December 04, 2009 10:00 AM > >> To: Joseph Salowey (jsalowey) > >> Cc: Dan Harkins; emu@ietf.org > >> Subject: Re: [Emu] Issue #7: Password Authentication > >> > >> Joseph Salowey (jsalowey) wrote: > >> > This section is about transporting clear text usernames and > >> passwords > >> > within the tunnel, so password transport requirement needs > >> to stay. > >> > I'm fine with more accurate text for describing the attacks. I > >> > propose the following text: > >> > > >> > "The tunnel method MUST support transporting clear text > >> username and > >> > password to the authentication server. It MUST NOT reveal > >> information > >> > about the username and password to parties in the > >> communication path > >> > between the peer and the EAP Server. The advantage any > >> attacker gains > >> > against the tunneled method when employing a username and > >> password for > >> > authentication MUST be through interaction and not computation. " > >> > >> The first sentence refers to "authentication server", while > >> the second uses "EAP server". I suggest using "EAP server" > >> for both, as it is used elsewhere in the document, too. > >> > >> Alan DeKok. > >> > > > > > > > ------------------------------ > > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu > > > End of Emu Digest, Vol 47, Issue 7 > ********************************** > > Scanned by Check Point Total Security Gateway.
- [Emu] Working Group Last Call for draft-ietf-emu-… Joseph Salowey (jsalowey)
- Re: [Emu] Working Group Last Call for draft-ietf-… Glen Zorn
- Re: [Emu] Working Group Last Call for draft-ietf-… Yaron Sheffer
- Re: [Emu] Working Group Last Call for draft-ietf-… Hoeper Katrin-QWKN37
- Re: [Emu] Working Group Last Call for draft-ietf-… Hoeper Katrin-QWKN37
- Re: [Emu] Working Group Last Call for draft-ietf-… Yaron Sheffer