Thanks! That seems fine. Regards Brian
On 28/07/2014 20:58, Tirumaleswar Reddy (tireddy) wrote: > Hi Brian, > > Thanks for the review. > >> -----Original Message----- >> From: Brian E Carpenter [mailto:[email protected]] >> Sent: Saturday, July 26, 2014 8:30 PM >> To: [email protected]; General Area Review >> Team >> Subject: Gen-ART LC review of draft-ietf-tram-auth-problems-02 >> >> I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, >> please see the FAQ at >> <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. >> >> Please resolve these comments along with any other Last Call comments you >> may receive. >> >> Document: draft-ietf-tram-auth-problems-02.txt >> Reviewer: Brian Carpenter >> Review Date: 2014-07-26 >> IETF LC End Date: 2014-08-08 >> IESG Telechat date: >> >> Summary: Almost ready >> -------- >> >> Minor issues: >> ------------- >> >> In Problem 2, would it be useful to reference RFC 6151, which indicates why >> MD5 is problematic? > > Yes. > NEW: > Long-term credentials (username, realm, and password) need to be stored on > the server- side using MD5 hash over the credentials, which is not > considered best current practice. RFC 6151 discusses security > vulnerabilities of MD5 and encourages not to it. > >> Problem 6 (Hosting multiple realms on a single IP address is challenging...) >> doesn't really seem to be a problem with authentication as such, so while >> it's >> clearly a problem, is it in scope? It isn't quite clear to me that there's a >> security >> threat there. > > Yes, it's within the scope of TRAM. I will update Abstract as per your > suggestion. > > Thanks and Regards, > -Tiru _______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
