I'd be glad to add a reference.
On 9/1/10 7:40 AM, "Hoeper Katrin-QWKN37" <khoe...@motorola.com> wrote: > I agree. That's why I was thinking that adding a reference that makes > implementers aware of this problem would be a good idea. Then they can > make an educated decision about whether they want to implement > additional mitigation techniques (i.e. enforce policies) or to not use > password-based inner methods. > > >> -----Original Message----- >> From: Alan DeKok [mailto:al...@deployingradius.com] >> Sent: Wednesday, September 01, 2010 9:34 AM >> To: Hoeper Katrin-QWKN37 >> Cc: Glen Zorn; Bernard Aboba; emu@ietf.org >> Subject: Re: [Emu] security paper on tunneled authentication >> >> Hoeper Katrin-QWKN37 wrote: >>> I will check the current draft for conflicts and, if necessary, > propose >>> changes. >> >> I think that the main issue with the draft is that it requires >> tunneled methods to allow for password authentication. Your analysis >> paper says that password methods cannot be made resistant to these > attacks. >> >> If that is right, then I don't think there is anything to do in the >> draft. >> >> Alan DeKok. > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
