Re: [Mip4] dynamic keys

To: "Jeremy A. Greene" <Jeremy at TataraSystems.com>
Subject: Re: [Mip4] dynamic keys
From: Henrik Levkowetz <henrik at levkowetz.com>
Date: Wed, 11 Feb 2004 20:55:55 +0100
Cc: <mip4 at ietf.org>, <aaa-wg at merit.edu>
In-reply-to: <87ED4812394BA14980CC352C3A7483CC816721@tatara.tatarasystems.com>
List-help: <mailto:mip4-request@ietf.org?subject=help>
List-id: Mobility for IPv4 <mip4.ietf.org>
List-post: <mailto:mip4@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/mip4>,<mailto:mip4-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/mip4>,<mailto:mip4-request@ietf.org?subject=unsubscribe>
References: <87ED4812394BA14980CC352C3A7483CC816721@tatara.tatarasystems.com>
Sender: mip4-admin at ietf.org

Jeremy,

Wednesday 11 February 2004, Jeremy A. Greene wrote:
> But, more importantly, there's a concern in the 802.11, wpa area that
> touches on this:
> http://wifinetnews.com/archives/002452.html 

No, there's no real similarity here.  The concern in this article is
that it uses a broken procedure to generate a temporary session key,
resulting in eavesdropping being possible, and goes on to discusses
offline attacks on the passphrase.  Offline attacks on an authenticating
password/username combination is not that relevant in a bootstrap
scenario where you only use a specific username/password combination
once, and any repeated use will be blocked.

	Henrik

Attachment: pgp00084.pgp
Description: PGP signature

References:
- RE: [Mip4] dynamic keys
  - From: Jeremy A. Greene

Prev by Date: RE: [Mip4] dynamic keys
Next by Date: [Mip4] I-D ACTION:draft-ietf-mip4-vpn-problem-statement-01.txt
Previous by thread: RE: [Mip4] dynamic keys
Next by thread: RE: [Mip4] dynamic keys
Index(es):
- Date
- Thread

Re: [Mip4] dynamic keys

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.