I never said the document was broken, just that my paper would be a good reference to make implementers aware of the potential dangers of MITM attacks.
I will check the current draft for conflicts and, if necessary, propose changes. Katrin ________________________________ From: [email protected] [mailto:[email protected]] On Behalf Of Glen Zorn Sent: Tuesday, August 31, 2010 9:31 PM To: 'Bernard Aboba'; [email protected] Subject: Re: [Emu] security paper on tunneled authentication I agree w/Bernard. It is never too late to fix a broken document. Hope this helps. ~gwz From: [email protected] [mailto:[email protected]] On Behalf Of Bernard Aboba Sent: Tuesday, August 31, 2010 10:48 PM To: [email protected] Subject: Re: [Emu] security paper on tunneled authentication Katrina Hoeper said: "Unfortunately, it seems to be too late to reference the analysis in the tunnel requirement draft, but I hope that some people still might find it interesting." [BA] The paper represents the most comprehensive analysis of tunneled authentication security to date, and brings into question a number of assumptions that have been made as to how MITM in the middle attacks can be mitigated. In looking over the tunnel requirements document, there are only a few places where the issue of MITM attacks is discussed, so if you believe there are changes that need to be made, you should go ahead and propose them.
_______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
