Re: Security -13 draft

To: Bernard Aboba <bernard_aboba@hotmail.com>
Subject: Re: Security -13 draft
From: Philip MacKenzie <philmac@research.bell-labs.com>
Date: Wed, 05 Jun 2002 13:36:24 -0400
CC: ips@ece.cmu.edu
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii; format=flowed
Organization: Bell Labs, Lucent Technologies
References: <F20qPOMnlVHaerSdFiS00019f58@hotmail.com>
Sender: owner-ips@ece.cmu.edu
User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1

 > A -13 version of the security draft is available for your examination at:
 >
 > http://www.drizzle.com/~aboba/IPS/draft-ietf-ips-security-13.txt
 >
 > Since this is potentially the version that will go to WG last call, a 
careful reading is encouraged.


This seemed odd to me:

SRP is given what seems like an offhand comment in
section 5.8.3, which seems totally incongruous to the
laborious SRP implementation details given in
section 5.10 and Appendix A.

Why all the details for something that's just mentioned
in passing as an alternative authentication method?
Also, why in section 5.8.3 is CHAP not mentioned, given
that it is the MUST implement method?

-Phil

References:
- Security -13 draft
  - From: "Bernard Aboba" <bernard_aboba@hotmail.com>

Prev by Date: RE: iSCSI: keys/parameter dependence
Next by Date: Re: iSCSI CRC inconsistency
Prev by thread: Security -13 draft
Next by thread: Re: Security -13 draft
Index(es):
- Date
- Thread

Home

Last updated: Fri Jun 07 13:18:46 2002
10581 messages in chronological order