...
Can you tell me one use for a key name that is an incomprehensible
string of random bits?
Delete all keys associated with 0x58d610a8ff4128c9
uhm, ok
If not then don't you agree the current key naming scheme is
completely useless?
I don't think that it's really much worse
: Thursday, January 24, 2008 8:13 AM
To: IETF-Announce
Cc: [EMAIL PROTECTED]
Subject: Last Call: draft-ietf-hokey-erx (EAP Extensions for EAP
Re-authentication Protocol (ERP)) to Proposed Standard
The IESG has received a request from the Handover Keying WG
(hokey) to
consider the following
To: IETF-Announce
Cc: [EMAIL PROTECTED]
Subject: Last Call: draft-ietf-hokey-erx (EAP Extensions for EAP
Re-authentication Protocol (ERP)) to Proposed Standard
The IESG has received a request from the Handover Keying WG (hokey) to
consider the following document:
- 'EAP Extensions for EAP Re
: The IESG [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 24, 2008 8:13 AM
To: IETF-Announce
Cc: [EMAIL PROTECTED]
Subject: Last Call: draft-ietf-hokey-erx (EAP Extensions for EAP
Re-authentication Protocol (ERP)) to Proposed Standard
The IESG has received a request from the Handover
: Friday, February 01, 2008 5:46 PM
To: Dan Harkins
Cc: ietf@ietf.org; [EMAIL PROTECTED]
Subject: Re: [HOKEY] Last Call: draft-ietf-hokey-erx (EAP
Extensions for EAP Re-authentication Protocol (ERP)) to
Proposed Standard
Hello again,
Pardon my repetition but I have come up with a very
; [EMAIL PROTECTED]
Subject: Re: [HOKEY] Last Call: draft-ietf-hokey-erx (EAP
Extensions for EAP Re-authentication Protocol (ERP)) to
Proposed Standard
Hello again,
Pardon my repetition but I have come up with a very valid
reason why naming keys using HMAC-SHA-256 is a bad idea
, February 01, 2008 5:46 PM
To: Dan Harkins
Cc: ietf@ietf.org; [EMAIL PROTECTED]
Subject: Re: [HOKEY] Last Call: draft-ietf-hokey-erx (EAP
Extensions
for EAP Re-authentication Protocol (ERP)) to Proposed Standard
Hello again,
Pardon my repetition but I have come up with a very
Hi Glen,
On Mon, February 4, 2008 1:09 am, Glen Zorn wrote:
[snip]
Doesn't sound particularly readable to me; in any case, I don't think
that it really matters (for the purposes you describe, however unlikely
they may be) what the key name looks like. What matters is how easy it
is to
On 2/3/2008 1:23 AM, Glen Zorn wrote:
Lakshminath Dondeti scribbled on Sunday, February 03, 2008 1:30 PM:
...
There was also the issue of not being able to export EAP session IDs
(IIRC) that I referred to in my other message.
Hmmm. draft-ietf-eap-keying-22.txt says
EAP methods
On 2/3/2008 12:28 AM, Glen Zorn wrote:
Dan Harkins scribbled on Saturday, February 02, 2008 8:46 AM:
Hello again,
Pardon my repetition but I have come up with a very valid reason
why naming keys using HMAC-SHA-256 is a bad idea.
If one wants to administratively remove all keys
Hi Glen,
On Sun, February 3, 2008 12:28 am, Glen Zorn wrote:
Dan Harkins scribbled on Saturday, February 02, 2008 8:46 AM:
Hello again,
Pardon my repetition but I have come up with a very valid reason
why naming keys using HMAC-SHA-256 is a bad idea.
If one wants to
Dan Harkins wrote:
Yea, mapping by Username might be better. Oone reason is that you
could develop a rational searching strategy to identify keys if you
indexed with something like Username. That is a great suggestion and
a useful alternative to what is in the draft now. I would support such
Dan Harkins scribbled on Saturday, February 02, 2008 8:46 AM:
Hello again,
Pardon my repetition but I have come up with a very valid reason
why naming keys using HMAC-SHA-256 is a bad idea.
If one wants to administratively remove all keys in a particular
key hierarchy (which
Lakshminath Dondeti scribbled on Sunday, February 03, 2008 1:30 PM:
...
There was also the issue of not being able to export EAP session IDs
(IIRC) that I referred to in my other message.
Hmmm. draft-ietf-eap-keying-22.txt says
EAP methods supporting key derivation and mutual
Hi all,
Some of the reviews I have seen start with good things to say about the
document pointing about a few things that need to be fixed. Yoshi
pointed out one issue that he apparently missed during the WGLC. We
have been going back and forth on these topics and not really making
Hi Dan,
Many thanks for your review. Please see inline for some notes.
On 2/1/2008 5:16 PM, Dan Harkins wrote:
Hello,
I believe this is a well organized and complete document. On
numerous occasions while reviewing it I made a mental question
regarding something only to have the
Hello,
I believe this is a well organized and complete document. On
numerous occasions while reviewing it I made a mental question
regarding something only to have the question answered in a
subsequent paragraph.
I do have several comments though:
1. this protocol can be used in the
Hello again,
Pardon my repetition but I have come up with a very valid
reason why naming keys using HMAC-SHA-256 is a bad idea.
If one wants to administratively remove all keys in a particular
key hierarchy (which seems like an entirely reasonable request)
one must do a linear search of
On Wed, Jan 30, 2008 at 10:53:25PM -0800, Lakshminath Dondeti wrote:
... hence the
authenticator initiation of the ERP exchange may require the
authenticator to send both the EAP-Request/Identity and EAP-Initiate/
Re-auth-Start messages.
Yes.
Have existing EAP peer
Lakshminath Dondeti wrote:
Have existing EAP peer implementations been validated to work under
these assumptions? i.e. will they break? Will they see unexpected
EAP messages or content, and reject or discard the response?
Kedar noted from his implementation experience and it worked with
On 1/31/2008 6:23 AM, Yoshihiro Ohba wrote:
On Wed, Jan 30, 2008 at 10:53:25PM -0800, Lakshminath Dondeti wrote:
... hence the
authenticator initiation of the ERP exchange may require the
authenticator to send both the EAP-Request/Identity and EAP-Initiate/
Re-auth-Start messages.
On 1/31/2008 7:01 AM, Alan DeKok wrote:
Lakshminath Dondeti wrote:
Have existing EAP peer implementations been validated to work under
these assumptions? i.e. will they break? Will they see unexpected
EAP messages or content, and reject or discard the response?
Kedar noted from his
Lakshminath,
I remember ERP state machine is discussed in
http://www1.ietf.org/mail-archive/web/hokey/current/msg00713.html, but
lock-step issue was not discussed in the thread. Please point out a
particular HOKEY thread or meeting minutes where lock-step issue was
discussed.
(I was paying
Alan,
Thanks much for your comments. Please see inline:
On 1/29/2008 8:32 AM, Alan DeKok wrote:
Reviewing the document, it looks very good overall. I have a few
comments and questions about Sections 1 through 4. The later sections
will be reviewed in a separate message.
Section 2:
24 matches
Mail list logo
