Re: [TLS] draft-badra-tls-password-ext-01

To: ah at tr-sys.de
Subject: Re: [TLS] draft-badra-tls-password-ext-01
From: badra at isima.fr
Date: Mon, 3 Mar 2008 21:55:24 +0100 (CET)
Cc: tls at ietf.org
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
Importance: Normal
In-reply-to: <c24c21d80803031250u223ccc64q49724cfa2d134050 at mail.gmail.com>
List-archive: <http://www.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <c24c21d80803031250u223ccc64q49724cfa2d134050 at mail.gmail.com>
Sender: tls-bounces at ietf.org
User-agent: SquirrelMail/1.4.2

Dear Alfred,

Thank you very much for this detailed and useful review. I will integrate
all of these comments in the future version. However, two comments are
in-line..


> Hello,
> after studying the Internet-Draft authored/edited by you,
>                draft-badra-tls-password-ext-01,
> I'd like to submit a few comments.


>      o   Entering a username consisting of up to 128 printable Unicode
>          characters.
>      o   Entering a passphrase of up to 64 octets in length as ASCII
>                  ^^^    ^^^^^^^^^^
> |         strings or in hexadecimal encoding.  The user interface MAY
>                  ^^                               ^^^^
>          accept other encodings if the algorithm for translating the
>          encoding to a binary string is specified.
>
> BTW: Why only 64 octets?


Do you mean that 128 octets is more appropriate?

>
> Furthermore, I strongly recommend to set requirements to ensure
> a minimum entropy of the passphrase.  A simple rule (suitable for
> being checked easily by humans), might be:
>
>   The passphrase SHOULD at least contain 16 different octets, and at
>   least 16 octets (say, x) in the passphrase must have neighbor octets
>   not contained in the set {x-1, x, x+1} (mod 256).
>
> (The latter part aims at excluding long 'runs' of ascending/descending
> sequences.)
>

It seems good for me, please give a reference to recommend that, if any.

>
> (4)  Sections 4 through 6
>
> When the ref. to RFC 4346 is updated to 4346bis, there's no more
> need to also refer to RFC 4366 (or 4366bis), because 4346bis has
> incorporated the Hello extension framework and the draft does not
> make any use of the particular extensions documented in RFC 4366 /
> 4366bis.

OK

>
> Best regards,
>  Alfred H�nes.

Best regards,
Badra

_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] draft-badra-tls-password-ext-01
  - From: Alfred Hönes

Prev by Date: Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The TransportLayer Security (TLS) Protocol Version 1.2) to Proposed Standard
Next by Date: Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The TransportLayer Security (TLS) Protocol Version 1.2) to Proposed Standard
Previous by thread: [TLS] draft-kato-tls-rfc4132bis-00
Next by thread: Re: [TLS] draft-badra-tls-password-ext-01
Index(es):
- Date
- Thread

Re: [TLS] draft-badra-tls-password-ext-01

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.