Hi Hannes, What you're saying is not that it "would work" but that it "could work". If it's deployed correctly. And if there's some step that each and every client MUST go through to accept a certificate. So _if_ _every_ client goes through this step than it _can_ work. If, for some reason, this strict regime is not followed then it doesn't work.
The issue isn't whether it can be made secure provided some series of steps are religiously followed. It's whether it will be secure even if those steps are not religiously followed. Dan. On Sat, February 23, 2008 1:19 am, Hannes Tschofenig wrote: > Hi Bernard, > > Bernard Aboba wrote: >> "Zero knowledge" is definitely crypto-intensive. For example, to get >> both privacy and strong password protection, at least two DHs are >> required. >> >> However, there are circumstances where server-side certificates aren't >> acceptable. Even in today, many/(most?) EAP deployments do not involve >> certificates (e.g. LEAP, FAST). > The good thing is that the approach would work with even a self-signed > certificate since there is a big difference between the certificates > used in the Web environment and for network access. In the former case > you want to make sure that the browser with any webserver on the > Internet. This is an any-to-any relationship. For network access you > have a many-to-one relationship. > >> Even if "zero knowledge" isn't used on an ongoing basis (out of >> concern for load, for example), it still can be useful for initial >> provisioning. > Provisioning the initial security is an entirely different problem. EAP > is the wrong way todo that. > See for example the interesting work done in the KEYPROV working group. > >> For example, EAP FAST provisioning is vulnerable to man-in-the-middle >> attack or dictionary attack, which could be removed with use of "zero >> knowledge" algorithms. >> > Need to look at this aspect of the draft again. > > Ciao > Hannes > >> Subject: AW: [Emu] EMU Charter revision >> Date: Fri, 22 Feb 2008 15:34:56 +0100 >> From: [EMAIL PROTECTED] >> To: [EMAIL PROTECTED]; emu@ietf.org >> >> >> >> >> >> >> >> >> >> >> Hi Bernard, >> >> a question your excitment regarding strong password based EAP >> method. >> >> Why do you think they are useful? There are other ways (and they >> are deployed already) that can accomplish the same result without going >> along the SRP & co track. >> Is it because you expect performance improvements or because the >> crypto-mechanisms look nicer? >> >> I cannot quite understand the motivation. >> >> Ciao >> Hannes >> >> >> >> Von: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] Im Auftrag von ext Bernard >> Aboba >> Gesendet: Donnerstag, 21. Februar 2008 21:54 >> An: >> emu@ietf.org >> Betreff: Re: [Emu] EMU Charter >> revision >> >> >> I also do NOT approve of the current charter revision, for several >> reasons: >> >> a. The Charter text contains statements that are no >> longer true. For example: >> "Most of these methods are proprietary methods and only a few methods >> are documented in RFCs." >> >> The following EAP methods are now documented in RFCs: >> >> EAP-TLS (RFC 2716) >> EAP-SIM (RFC 4186) >> EAP-AKA (RFC 4187) >> EAP-PAX (RFC 4746) >> EAP-SAKE (RFC 4763) >> EAP-PSK (RFC 4764) >> EAP-POTP (RFC 4793) >> EAP-FAST (RFC 4851) >> EAP-IKEv2 (RFC 5106) >> >> 9 methods claiming to satify RFC 4017 critieria is more than a "few". >> >> b. The Charter requires support for Channel Bindings without doing the >> preparatory work to define how Channel Bindings works. Either the >> requirement should be removed, or a work item should be added to >> better define the approach to Channel Bindings. >> >> c. The text on tunnel methods does not provide enough guidance to avoid >> potentially fruitless arguments. So far, the EMU WG has not been able >> to come to consensus on selection of one of the existing tunneling >> protocols, and efforts to design "yet another" tunneling protocol >> haven't gotten very far either. I'd like to see more specific >> language that would make it clear that work on improving existing >> tunneling protocols is within scope, and also that the EMU WG, >> if it cannot come to consensus on a single protocol, can proceed to >> work on one or more protocols with significant support. >> >> d. Password-based methods. While I can understand the desire to limit >> the >> number of charter items, I do agree with Dan that work on weak-password >> methods is important. With some of the IPR obstacles likely to fall by >> the wayside in coming years, it is time for the IETF to re-visit its >> policy >> on inclusion of "zero knowledge" algorithms within standards track >> documents. >> Dan >> Harkins said: >> >> " Hi Joe, >> >> I do NOT approve of the current charter revision, specifically the >> change that says the password-based method can only be via the >> tunneled method. I do approve of the inclusion of tunneled methods >> in the charter though and would be willing to contribute as a >> reviewer. >> >> regards, >> >> Dan." >> On Tue, February 19, 2008 11:14 am, Joseph Salowey (jsalowey) wrote: >> >>> The response to the charter revision has been underwhelming. I am a >>> bit >>> concerned that we do not have enough participation to complete the >>> tunnel method work (most of the recent discussion has been about other >>> methods). >>> >>> I would like to get an idea of the number working group members that >>> approve of working on the tunnel method items and are able to >>> participate in the development of requirements and specifications as >>> contributors and/or reviewers. >>> >>> Please respond to this message and state whether you approve of the >>> current charter revision and what capacity you would be willing to >>> contribute towards tunneled method development: contributor, reviewer >>> or >>> not able to contribute. >>> >>> I have submitted an internet draft attempt at an outline of >>> requirements >>> for tunneled methods >>> (http://www.ietf.org/internet-drafts/draft-salowey-emu-eaptunnel-req-00. >>> txt) that I hope can provided a starting point for discussions on the >>> list and in the Philadelphia meeting. >>> >>> Thanks, >>> >>> Joe >>> >> >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Emu mailing list >> Emu@ietf.org >> http://www.ietf.org/mailman/listinfo/emu >> > > _______________________________________________ > Emu mailing list > Emu@ietf.org > http://www.ietf.org/mailman/listinfo/emu > _______________________________________________ Emu mailing list Emu@ietf.org http://www.ietf.org/mailman/listinfo/emu
