Hi Brian, Thanks for the review.
> -----Original Message----- > From: Brian E Carpenter [mailto:[email protected]] > Sent: Saturday, July 26, 2014 8:30 PM > To: [email protected]; General Area Review > Team > Subject: Gen-ART LC review of draft-ietf-tram-auth-problems-02 > > I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, > please see the FAQ at > <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. > > Please resolve these comments along with any other Last Call comments you > may receive. > > Document: draft-ietf-tram-auth-problems-02.txt > Reviewer: Brian Carpenter > Review Date: 2014-07-26 > IETF LC End Date: 2014-08-08 > IESG Telechat date: > > Summary: Almost ready > -------- > > Minor issues: > ------------- > > In Problem 2, would it be useful to reference RFC 6151, which indicates why > MD5 is problematic? Yes. NEW: Long-term credentials (username, realm, and password) need to be stored on the server- side using MD5 hash over the credentials, which is not considered best current practice. RFC 6151 discusses security vulnerabilities of MD5 and encourages not to it. > > Problem 6 (Hosting multiple realms on a single IP address is challenging...) > doesn't really seem to be a problem with authentication as such, so while it's > clearly a problem, is it in scope? It isn't quite clear to me that there's a > security > threat there. Yes, it's within the scope of TRAM. I will update Abstract as per your suggestion. Thanks and Regards, -Tiru _______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
