[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Compound authentication "issue"

To: Dale Gustafson <degustafson@xxxxxxxxx>, stephen.farrell@xxxxxxxxxxxx
Subject: Re: Compound authentication "issue"
From: Lawrence Greenfield <leg+@xxxxxxxxxxxxxx>
Date: Fri, 20 Dec 2002 12:15:30 -0500
Cc: ietf-sacred@xxxxxxx, "Nystrom, Magnus" <magnus@xxxxxxxxxxxxxxx>
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-sacred/mail-archive/>
List-id: <ietf-sacred.imc.org>
List-unsubscribe: <mailto:ietf-sacred-request@imc.org?body=unsubscribe>
References: <> <> <> <> <> <>
Sender: owner-ietf-sacred@xxxxxxxxxxxx

--On Friday, December 20, 2002 7:37 AM -0600 Dale Gustafson <degustafson@xxxxxxxxx> wrote:

SACRED clients will include a unique value received from the TLS server
(e.g., during session negotiation) within their digest-MD5 response.

DIGEST-MD5 is a mature standard that's already been deployed in other protocols (as a MUST implement for LDAP, for instance).

Changing DIGEST-MD5 is definitely a no-go. If you were going to do that, you could just define a new SASL mechanism.

Again, due to the properties of DIGEST-MD5 the attack under consideration is thwarted (and I like the proposed text).

Larry

References:
- Re: Compound authentication "issue"
  - From: Nystrom, Magnus
- Re: Compound authentication "issue"
  - From: Dale Gustafson
- Re: Compound authentication "issue"
  - From: Stephen Farrell
- Re: Compound authentication "issue"
  - From: Dale Gustafson
- Re: Compound authentication "issue"
  - From: Stephen Farrell
- Re: Compound authentication "issue"
  - From: Dale Gustafson

Prev by Date: Re: Compound authentication "issue"
Next by Date: I-D ACTION:draft-ietf-sacred-protocol-bss-05.txt
Previous by thread: Re: Compound authentication "issue"
Next by thread: Re: Compound authentication "issue"
Index(es):
- Date
- Thread