I'd be glad to add a reference.
On 9/1/10 7:40 AM, "Hoeper Katrin-QWKN37" <[email protected]> wrote: > I agree. That's why I was thinking that adding a reference that makes > implementers aware of this problem would be a good idea. Then they can > make an educated decision about whether they want to implement > additional mitigation techniques (i.e. enforce policies) or to not use > password-based inner methods. > > >> -----Original Message----- >> From: Alan DeKok [mailto:[email protected]] >> Sent: Wednesday, September 01, 2010 9:34 AM >> To: Hoeper Katrin-QWKN37 >> Cc: Glen Zorn; Bernard Aboba; [email protected] >> Subject: Re: [Emu] security paper on tunneled authentication >> >> Hoeper Katrin-QWKN37 wrote: >>> I will check the current draft for conflicts and, if necessary, > propose >>> changes. >> >> I think that the main issue with the draft is that it requires >> tunneled methods to allow for password authentication. Your analysis >> paper says that password methods cannot be made resistant to these > attacks. >> >> If that is right, then I don't think there is anything to do in the >> draft. >> >> Alan DeKok. > _______________________________________________ > Emu mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/emu _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
