Hi Vidya,
On Sat, February 17, 2007 11:43 pm, Narayanan, Vidya wrote:
Yes, the problem of an authenticator providing different identities to
the peer and the server is the typical channel binding problem and can
be detected by simply doing a protected exchange of the identity between
the
Hi,
I understand this draft is in IESG evaluation and would like to register
some comments. I apologize for the tardiness of this email.
This draft is well-written and much needed but I feel it does not
completely address the issue of using AAA for key distribution. Let me
summarize the
Hi Sam,
Thanks for the update. My original comment never made it to the ietf
list because I wasn't a member at the time of posting. I was informed that
if the moderator approved my posting it would be sent to the list,
unfortunately it wasn't. :-(
In the new Peer and authenticator
Sam,
The problem I see is that when AAA is used as a key distribution
protocol there are 3 parties involved (peer, AAA server and authenticator)
and it's a 2 party model. For existing protocols-- the peer is speaking
to a NAS and the NAS obtains a key for the peer from the AAA server-- the
If you have a 3 party key distribution scheme and at the
end of it the 3 parties do not share ALL THE SAME STATE yet
believe the protocol has successfully completed then your
key distribution scheme is flawed.
Dan.
On Wed, March 7, 2007 8:32 pm, Narayanan, Vidya wrote:
Since there is no
, Lakshminath Dondeti wrote:
Dan Harkins wrote:
Sam,
But for things like HOKEY or 802.11r they want to have the AAA server
create a key hierarchy rooted off the EMSK or the MSK, respectively,
that
contains keys for specific authenticators. These keys are going to be
distributed using AAA
but are
not on this list.
thanks,
Dan.
On Thu, March 8, 2007 12:41 am, Lakshminath Dondeti wrote:
Dan Harkins wrote:
Hi Lakshminath,
That's not entirely correct. As I recently stated to your
colleage if a 3 party key distribution scheme finishes and
all 3 parties think it finished successfully
Sam,
I guess the question is, what text in this I-D would prevent a new
key distribution protocol based on AAA in which the authentication
server sent a copy of the peer's keys willy-nilly to every
authenticator it had a security association with?
Another question: has the peer no say in
or there is no consensus to solve the problem then publish it
as an RFC. It is important to have an RFC talking about these things, it's
just my personal opinion that it does not go far enough.
Dan.
On Tue, April 3, 2007 5:23 pm, Sam Hartman wrote:
Dan == Dan Harkins [EMAIL PROTECTED] writes:
Dan
Hi Sam,
On Wed, April 4, 2007 6:16 pm, Sam Hartman wrote:
Dan == Dan Harkins [EMAIL PROTECTED] writes:
Dan Sam,
Dan The keys in this hypothetical protocol are for network
Dan access and giving them to authenticators for that purpose
Dan would seem to fall under
On Mon, April 9, 2007 3:38 pm, [EMAIL PROTECTED] wrote:
[snip]
I'd define the EAP channel binding problem as follows. There are two
sets of identities that the peer and authenticator use: one at the EAP
layer and one at a lower layer. There is an additional identity that
the authenticator
You're assuming that if 1000 people decide not to fly to Prague
some weekend that the number of planes burning jet fuel to fly there
will be different. I don't think so.
Maybe you can start a Boycott Prague The Spoke City campaign which,
if wildly successful, will reduce demand to fly there
does it
have to start somewhere else here?
It's Friday...
At 01:30 PM 10/12/2007, Dan Harkins wrote:
You're assuming that if 1000 people decide not to fly to Prague
some weekend that the number of planes burning jet fuel to fly there
will be different. I don't think so.
Maybe you can
the situation is not.
Hope this helps. As I said before, I'll shut up about this now, at
least on this list.
Regards
Marshall
On Oct 13, 2007, at 12:03 AM, Dan Harkins wrote:
Hi James,
I think you're missing the point. I'm not advocating being wasteful
because everyone else is. I'm
Hello,
I believe this is a well organized and complete document. On
numerous occasions while reviewing it I made a mental question
regarding something only to have the question answered in a
subsequent paragraph.
I do have several comments though:
1. this protocol can be used in the
.
regards,
Dan.
On Fri, February 1, 2008 5:16 pm, Dan Harkins wrote:
Hello,
I believe this is a well organized and complete document. On
numerous occasions while reviewing it I made a mental question
regarding something only to have the question answered in a
subsequent paragraph
Hi Glen,
On Sun, February 3, 2008 12:28 am, Glen Zorn wrote:
Dan Harkins scribbled on Saturday, February 02, 2008 8:46 AM:
Hello again,
Pardon my repetition but I have come up with a very valid reason
why naming keys using HMAC-SHA-256 is a bad idea.
If one wants
Hi Glen,
On Mon, February 4, 2008 1:09 am, Glen Zorn wrote:
[snip]
Doesn't sound particularly readable to me; in any case, I don't think
that it really matters (for the purposes you describe, however unlikely
they may be) what the key name looks like. What matters is how easy it
is to
provides a fixed length unique identifier for
the key. EAP Session-ID is not fixed length and can be awkward to use
in protocols, most likely you will end up hashing it anyway.
Joe
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Dan Harkins
Sent
Hi Edward,
On Wed, February 6, 2008 10:29 am, Edward Lewis wrote:
At 8:37 -0800 2/6/08, $someone wrote:
The descriptions of the venue make clear that, once again, the IETF is
meeting
in a ghetto. Periodic bus service doesn't counteract that.
I really have a hard time being sympathetic to
Hi Jari,
On Thu, March 13, 2008 8:49 pm, Jari Arkko wrote:
Avi,
For what it is worth, this ex-EAP co-chair also thinks that
the use of EAP keys for applications is a very bad idea.
Why?
For a number of reasons. Take this from someone who has actually tried
to do this in the distant
Hi Avi,
On Tue, March 18, 2008 3:13 pm, Avi Lior wrote:
[snip]
I suggest we discuss the issues with deriving keys from EMSK so that
people can make informed decisions. Lets keep the FUD factor low.
Good idea. Can we start with the Mother Of All Root Keys (MOARK) that
is derived from the
the key hierarchy and remove a
you can do it this way, or you can do it that way option which
experience has shown is a really bad idea.
regards,
Dan.
On Tue, March 18, 2008 6:22 pm, Dan Harkins wrote:
Hi Avi,
On Tue, March 18, 2008 3:13 pm, Avi Lior wrote:
[snip]
I suggest we discuss
.
regards,
Dan.
regards,
Lakshminath
On 3/19/2008 9:45 AM, Dan Harkins wrote:
Hello,
My apologies for being obtuse. This Mother of All Root Keys I've been
describing is what the EMSK Key Hierarchy calls the DSRK.
The HOKEY key that the ERP/ERX draft uses can be derived in one of
two
and at the network. That is why I
look forward to *constructive* instructions from the IETF.
-Original Message-
From: Dan Harkins [mailto:[EMAIL PROTECTED]
Sent: Monday, March 17, 2008 4:52 PM
To: Jari Arkko
Cc: Avi Lior; ietf@ietf.org; Bernard Aboba
Subject: Re: EAP applicability
Hi Jouni,
Thank you very much for your review of my I-D and for identification
of the issues you describe below.
I have updated the draft to incorporate your suggested modifications:
- mention S2V before CTR in the description of SIV keying.
- define bitand in section 2.1 as the
Certicom's IPR statement dated 13 October 2008 lists some patents
that may be necessary and essential to implementations of... the
TLS extractor draft when used with either: RFC4492, RFC5289
or draft-rescorla-tls-suiteb. Check it out:
Hi Joe,
As I mentioned in the EMU meeting at IETF-71 I have not patented this
exchange, my employer has not patented this exchange, Glen has not
patented this exchange, and neither has his employer. I am unaware of
any patents on this exchange by others and I believe no existing patents
Hi Steve,
On Tue, July 21, 2009 6:16 pm, Steven M. Bellovin wrote:
On Tue, 21 Jul 2009 17:54:23 -0700 (PDT)
Dan Harkins dhark...@lounge.org wrote:
If specification of patented algorithms and drafts subject to IPR
disclosure is not enough to knock a draft of the Standards Track then
I
Hi John,
On Wed, July 22, 2009 10:27 am, John Leslie wrote:
The difference may not be as great as you seem to think. Appeal if
you must, but it's really not unusual to change proposed status as
a result of LastCall comments. It might be more helpful to simply post
(polite) LastCall
.
If the standardization of zero-knowledge algorithms is an
important area of work for the IETF (and I believe this to be true),
then work in this area should be chartered as a working group work item,
with the goal to select a single method for standardization. Prior to
the EMU WG re-charter, Dan
Hi Jari,
I don't believe the simpler solution will increase code size or
complexity when compared to the the reuse EAP solution. In fact,
it will be less on both counts.
In both cases the core key exchange will have to be implemented
and in both cases some configuration glue will be
On Tue, April 27, 2010 3:23 am, Dean Anderson wrote:
On Mon, 26 Apr 2010, Nicolas Williams wrote:
On Mon, Apr 26, 2010 at 04:18:33PM -0500, Marsh Ray wrote:
Taking ietf@ietf.org off of CC list as this seems to be very TLS
specific.
This is an IETF LC, not a WG LC; IETF LC comments should
Hi Simon,
On Mon, May 3, 2010 3:32 pm, Simon Josefsson wrote:
Dan Harkins dhark...@lounge.org writes:
Issues with prf and prf+
- In sections 5.1 and 5.2 the password is passed directly into prf+
(which is the same as the one from RFC 2409 and uses HMAC-SHA1 or
HMAC-SHA256
I have had cab drivers in the US try to force me to pay cash
in similar situations. Saying they don't accept credit cards and
then, when I say that's all I have, telling me how much longer
it will take to get me out of their cab if I really want to use
a credit card. In these cases I just kept
Hello,
Here are some comments on this draft for IETF LC. There are some
editorial nits, some errors that might be considered editorial but
there is a serious issue with the Security Considerations that I think
needs addressing.
I'll start with the security issue since it's the most
26, 2010 3:39 pm, Paul Hoffman wrote:
At 2:22 PM -0700 5/26/10, Dan Harkins wrote:
I would advise a DISCUSS on this draft until this has been worked
out.
Can you say more about what you mean by worked out? More text in the
Security Considerations? If so, at least an outline would be helpful
sentence of this paragraph says that we *do not* have a
workable solution yet. Perhaps we should have worded it more strongly.
Please let me know if you still request additional clarifications in the
draft.
Thanks,
Yaron
On 05/27/2010 12:22 AM, Dan Harkins wrote:
Hello
The IETF 78 LAN is using 802.1X (w/EAP) for authentication. The
wpacracker only works if the AP is doing PSK authentication.
These things seem to get propagated because people punt the hard
problems with statements like well the PSK is required to be a
uniformly random 128 bit string and if
Hi Hannes,
Maastricht is definitely an interesting city and I'm glad I can say
I've been there (Aachen was cool too!). But the venue there sucked. It
was in the middle of a cultural dead zone (which says something because
Maastricht has lots to offer) and the hotels were all scattered around
stayed at the same hotel
and there was only one bar in town would be ideal...
On Sat, Aug 28, 2010 at 7:41 PM, Dan Harkins dhark...@lounge.org wrote:
Hi Hannes,
Maastricht is definitely an interesting city and I'm glad I can say
I've been there (Aachen was cool too!). But the venue
Hello,
I believe there is a problem with this draft that can void a claimed
security property: namely, resistance to dictionary attack. The issue is
not with the underlying key exchange itself, but with the way the key
exchange was added to IKEv2.
In this protocol, a random nonce is
Hi Roni,
Thank you for reviewing my draft. Comments inline
On Mon, April 11, 2011 5:11 am, Roni Even wrote:
I am the assigned Gen-ART reviewer for this draft. For background on
Gen-ART, please see the FAQ at
http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq.
Please resolve
Hi Mykyta,
Thank you for reviewing my draft. Responses inline
On Sat, March 26, 2011 10:06 pm, Mykyta Yevstifeyev wrote:
Hello,
A question on the flowing extract:
This memo contains a new numberspace to be managed by IANA, a
registry used to indicate a password preprocessing
Paul,
The existence of this draft shows a failure of YOUR leadership (and
that of your co-chairman) of the working group. Consensus was achieved
to add an authentication method based on a simple password yet you
seemingly worked to do everything possible to create division in the
working
In addition to the moral and social issues involved, diversity of
leadership across several axes (race, geographic location, gender
and corporate affiliation) is important for three practical reasons:
- It is a well-established fact that diverse groups are smarter
and make better
On Mon, March 11, 2013 1:39 pm, Rhys Smith wrote:
On 11 Mar 2013, at 16:02, Dan Harkins dhark...@lounge.org wrote:
- It is a well-established fact that diverse groups are smarter
and make better decisions than less-diverse groups.
I would really like to see this statement either
On Mon, March 11, 2013 10:08 pm, Margaret Wasserman wrote:
On Mar 11, 2013, at 6:54 PM, Dan Harkins dhark...@lounge.org wrote:
In other words, the statement that gender and racial diversity in
groups makes them smarter has no basis in fact. Do you feel that
an all-female group is stupider
On Tue, March 12, 2013 10:35 am, Randall Gellens wrote:
At 3:54 PM -0700 3/11/13, Dan Harkins wrote:
Do you feel that
an all-female group is stupider than a similarly sized group that is
equal parts male and female?
Based on my own experience, I believe that a broad range
On Wed, March 20, 2013 7:16 am, Jorge Contreras wrote:
On Wed, Mar 20, 2013 at 6:53 AM, Margaret Wasserman
m...@lilacglade.orgwrote:
Hi Stewart,
On Mar 20, 2013, at 2:04 AM, Stewart Bryant stbry...@cisco.com wrote:
Age
Disability
Gender reassignment
Marriage and civil partnership
Hi Dave,
On Wed, March 20, 2013 8:35 am, Dave Crocker wrote:
ps. A small point to watch for, if there is a focus on a defined list
of groups, is the difference between discriminating /against/, versus
ensuring representation /from/. Active prohibition vs. active
solicitation. The
On Wed, March 20, 2013 10:01 am, Jeffrey Haas wrote:
On Wed, Mar 20, 2013 at 09:01:01AM -0700, Dan Harkins wrote:
On Wed, March 20, 2013 8:35 am, Dave Crocker wrote:
ps. A small point to watch for, if there is a focus on a defined list
of groups, is the difference between discriminating
On Fri, April 12, 2013 7:22 pm, Melinda Shore wrote:
On 4/12/13 1:26 PM, Lou Berger wrote:
No argument from me, I'm just asking that a comment/position/question
that I don't understand be substantiated.
And I'm telling you that I think the numbers are highly suggestive
of bias.
This is
On Sat, April 13, 2013 8:18 am, Ray Pelletier wrote:
On Apr 13, 2013, at 8:46 AM, Stephen Farrell stephen.farr...@cs.tcd.ie
wrote:
On 04/13/2013 01:09 PM, Lou Berger wrote:
gender bias
...
western white guys.
It may be that the latter phrase is a common term in
north America, (I
Hi Elliot,
On Wed, April 17, 2013 7:52 am, Eliot Lear wrote:
Dan,
On 4/16/13 2:00 AM, Dan Harkins wrote:
Under the belief of garbage in, garbage out, I tend to lie on these
sorts of repugnant questions. I invite others to join me. The more
suspect the quality of the data, the less value
Hi Eliot,
On Wed, April 17, 2013 12:48 pm, Eliot Lear wrote:
Dan,
On 4/17/13 9:21 PM, Dan Harkins wrote:
We already know who we are.
I disagree. We make a whole lot of assumptions about who we are, but we
don't actually know, and that's why the question is being asked. I
would
On Thu, April 18, 2013 8:34 am, Carsten Bormann wrote:
On Apr 18, 2013, at 17:17, Dan Harkins dhark...@lounge.org wrote:
Why is this a problem?
I think you are more likely to ask this question if you think that if it
is a problem, then we *have* to solve it, e.g. by shooting enough
On Thu, April 18, 2013 1:51 pm, Pete Resnick wrote:
On 4/17/13 2:21 PM, Dan Harkins wrote:
Look, bias stinks and when it exists its stench is detectable.
Dan, leaving aside all of your other comments for the moment (many of
which are straw men that nobody but you have suggested, speaking
On Thu, April 18, 2013 3:24 pm, Pete Resnick wrote:
So, do we need to start this entire conversation over, overtly stating
that we are not interested in looking at *intentional* gender (or
corporate affiliation or other sorts of) bias?
Actually I think it would be better to explicitly state
On Thu, April 18, 2013 6:44 pm, Andrew Sullivan wrote:
On Thu, Apr 18, 2013 at 08:17:21AM -0700, Dan Harkins wrote:
So a problem statement has been made: there is a notable lack of
diversity in the areas of race and gender. Why is this a problem?
Because some people report
On Mon, April 29, 2013 12:39 pm, Sam Hartman wrote:
For what it's worth, I'm not finding the current discussion is providing
me useful information for making decisions. It doesn't really matter to
me whether the problem is selection of WG chairs or selection of
IAB/IESG/IAOC after WG chairs
On Mon, April 29, 2013 2:28 pm, Dave Crocker wrote:
On 4/29/2013 2:20 PM, Michael StJohns wrote:
At 04:40 PM 4/29/2013, Dave Crocker wrote:
Actually, I don't think this is even a mostly correct statement -
that AD select chairs.
It is a long-standing, simple, objective, unvarying management
On Tue, June 18, 2013 9:52 am, Phillip Hallam-Baker wrote:
I am rather disappointed that there hasn't been any followup to the
diversity discussion that took place at the plenary.
I do applications and I do security and so having a diverse range of input
is critical if the final product is
On Wed, June 19, 2013 9:25 am, Melinda Shore wrote:
On 6/19/13 8:12 AM, Peter Saint-Andre wrote:
On 6/19/13 10:00 AM, Melinda Shore wrote:
On 6/19/13 7:56 AM, Peter Saint-Andre wrote:
Why do you believe that my opinions are unexamined? I have been
thinking and reading about social,
64 matches
Mail list logo
