with each application provider. This has advanatages and also
disadvantages.
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, March 25, 2008 3:50 AM
> To: Avi Lior; [EMAIL PROTECTED]; ietf@ietf.org
> Subject: RE: IETF Last C
Avi Lior wrote:
> > Here I agree with you fully: this is an extremely bad idea.
> > Architecturally linking application security to the link
> > layer is just bad engineering, and hinders the ability of
> > link layers and applications evolve independently of each other.
>
> Lets start with this:
Hi Pasi,
Thanks for your response.
On Tue, Mar 25, 2008 at 10:04:00AM +0200, [EMAIL PROTECTED] wrote:
> Yoshihiro Ohba wrote:
>
> > I think Vidya has a good point.
> >
> > My opinion is that, bootstrapping protocols from long-term
> > credentials used for network access authentication is not su
Yoshihiro Ohba wrote:
> I think Vidya has a good point.
>
> My opinion is that, bootstrapping protocols from long-term
> credentials used for network access authentication is not such a bad
> idea, but we just do not know yet the best way to realize it:
>
> http://user.informatik.uni-goettingen.
> To: Avi Lior
> Cc: Dan Harkins; Jari Arkko; ietf@ietf.org; Bernard Aboba
> Subject: RE: EAP applicability (Was: Re: IETF Last Call on
> Walled Garden Standard for the Internet)
>
>
> Hi Avi,
>
> I agree that simply removing the MOARK (aka the DSRK) will
> not p
ilto:[EMAIL PROTECTED]
>> Sent: Monday, March 17, 2008 4:52 PM
>> To: Jari Arkko
>> Cc: Avi Lior; ietf@ietf.org; Bernard Aboba
>> Subject: Re: EAP applicability (Was: Re: IETF Last Call on
>> Walled Garden Standard for the Internet)
>>
>>
>> Hi Jari,
> -Original Message-
> From: Dan Harkins [mailto:[EMAIL PROTECTED]
> Sent: Monday, March 17, 2008 4:52 PM
> To: Jari Arkko
> Cc: Avi Lior; ietf@ietf.org; Bernard Aboba
> Subject: Re: EAP applicability (Was: Re: IETF Last Call on
> Walled Garden Standard for the Internet)
&g
trand
> > Cc: Narayanan, Vidya; ietf@ietf.org
> > Subject: Re: IETF Last Call on Walled Garden Standard for the Internet
> >
> > On 3/17/2008 7:23 PM, Harald Tveit Alvestrand wrote:
> > > Narayanan, Vidya skrev:
> > >> All said and done, here is what it b
Hi Avi,
On Tue, March 18, 2008 3:13 pm, Avi Lior wrote:
[snip]
> I suggest we discuss the issues with deriving keys from EMSK so that
> people can make informed decisions. Lets keep the FUD factor low.
Good idea. Can we start with the Mother Of All Root Keys (MOARK) that
is derived from the
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of Narayanan, Vidya
> Sent: Monday, March 17, 2008 6:54 PM
> To: ietf@ietf.org
> Cc: [EMAIL PROTECTED]
> Subject: RE: IETF Last Call on Walled Garden Standard for the Internet
>
Brian wrote:
> I think Jari's suggestion is the right one. Make it clear in
> the draft that this is not suitable as a universal mechanism for apps.
Jari's suggestion is too broad. Since it is hard to classify applications.
And as we can see there are some class of applications that this is ok
Pasi wrote:
> Here I agree with you fully: this is an extremely bad idea.
> Architecturally linking application security to the link
> layer is just bad engineering, and hinders the ability of
> link layers and applications evolve independently of each other.
Lets start with this: Any applicati
> -Original Message-
> From: Lakshminath Dondeti [mailto:[EMAIL PROTECTED]
> Sent: Monday, March 17, 2008 7:58 PM
> To: Harald Tveit Alvestrand
> Cc: Narayanan, Vidya; ietf@ietf.org
> Subject: Re: IETF Last Call on Walled Garden Standard for the Internet
>
&
On 3/17/2008 7:23 PM, Harald Tveit Alvestrand wrote:
> Narayanan, Vidya skrev:
>> All said and done, here is what it boils down to - any application of
>> EAP keying material to other services (using the term here to include
>> things ranging from handoffs to mobility to L7 applications) is only
>>
Narayanan, Vidya skrev:
> All said and done, here is what it boils down to - any application of
> EAP keying material to other services (using the term here to include
> things ranging from handoffs to mobility to L7 applications) is only
> feasible when those services are provided either by or thr
> Actually I think it's a little more technical than editorial. This
> problem is due to the fact that HOKEY is extracting a key derived from
> the EMSK and making that "The Mother Of All Root Keys" (MOARK), which
> can be used to derive all keys for all purposes to solve all problems in
> the wo
As much fun as I've had in catching up with this thread, I'd like to
remind all of us that we, at the IETF, do not dictate the way systems
get built in the real world. There are SDOs that have gone ahead and
defined their own hierarchies out of the MSK and EMSK for various usages
at higher layers
Hi Jari,
On Thu, March 13, 2008 8:49 pm, Jari Arkko wrote:
> Avi,
>
>>> For what it is worth, this ex-EAP co-chair also thinks that
>>> the use of EAP keys for applications is a very bad idea.
>>>
>>
>> Why?
>>
>
> For a number of reasons. Take this from someone who has actually tried
> to do t
On 2008-03-15 04:11, Lakshminath Dondeti wrote:
> On 3/14/2008 5:44 AM, [EMAIL PROTECTED] wrote:
...
>> Here I agree with you fully: this is an extremely bad idea.
>> Architecturally linking application security to the link layer is
>> just bad engineering, and hinders the ability of link layers
On 3/14/2008 5:44 AM, [EMAIL PROTECTED] wrote:
> Bernard Aboba wrote:
>
>> I have no objection to any use of the EMSK relating to link layer
>> handoff, or even to IP layer things that might be somewhat related
>> (e.g. Mobile IP). But utilizing EAP as an application layer
>> security mechanism d
Lakshminath,
> Why would we force the hotel to provide multiple sets of credentials
> for each additional service/application that they want to provide?
Credentials can still be the same. We're not really arguing against
that. It would indeed be silly if you had to have more credentials. In
some
On Thu, Mar 13, 2008 at 09:47:31PM -0700, Lakshminath Dondeti wrote:
> Let us consider the opposite situation. Let us say the hotel network
> uses EAP for authentication and the hotel front desk gives the IETF
> folks a scratch card with credentials. We then use the credentials for
> authentic
Bernard Aboba wrote:
> I have no objection to any use of the EMSK relating to link layer
> handoff, or even to IP layer things that might be somewhat related
> (e.g. Mobile IP). But utilizing EAP as an application layer
> security mechanism does seem inappropriate.
There are two fundamentally d
On 3/13/2008 8:49 PM, Jari Arkko wrote:
> Avi,
>
>>> For what it is worth, this ex-EAP co-chair also thinks that
>>> the use of EAP keys for applications is a very bad idea.
>>>
>> Why?
>>
>
> For a number of reasons. Take this from someone who has actually tried
> to do this in the dista
See inline
> -Original Message-
> From: Jari Arkko [mailto:[EMAIL PROTECTED]
> Sent: Thursday, March 13, 2008 11:50 PM
> To: Avi Lior
> Cc: Bernard Aboba; ietf@ietf.org
> Subject: EAP applicability (Was: Re: IETF Last Call on Walled
> Garden Standard for
Avi,
>> For what it is worth, this ex-EAP co-chair also thinks that
>> the use of EAP keys for applications is a very bad idea.
>>
>
> Why?
>
For a number of reasons. Take this from someone who has actually tried
to do this in the distant past and has realized that it was a bad idea.
But
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of Jari Arkko
> Sent: Thursday, March 13, 2008 7:04 PM
> To: Bernard Aboba
> Cc: ietf@ietf.org
> Subject: Re: IETF Last Call on Walled Garden Standard for the Internet
>
>
ect: Re: IETF Last Call on Walled Garden Standard for the Internet
>
> Re: IETF Last Call on Walled Garden Standard for the Internet
> (draft-ietf-hokey-emsk-hierarchy)
>
> The open nature of the Internet has been a problem for quite
> a long time. In addition to the countless proble
Wireless Handheld (www.good.com)
-Original Message-
From: Fred Baker [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 13, 2008 03:58 PM Pacific Standard Time
To: Bernard Aboba
Cc: ietf@ietf.org
Subject:Re: IETF Last Call on Walled Garden Standard for the Internet
Jari Arkko said:
"For what it is worth, this ex-EAP co-chair also thinks that the use of
EAP keys for applications is a very bad idea. And I too am concerned
about introducing walled gardens through this.
Having said that, I think there are legitimate uses of EMSK in the area
of network access, s
Bernard,
For what it is worth, this ex-EAP co-chair also thinks that the use of
EAP keys for applications is a very bad idea. And I too am concerned
about introducing walled gardens through this.
Having said that, I think there are legitimate uses of EMSK in the area
of network access, such as va
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mar 13, 2008, at 6:17 PM, Bernard Aboba wrote:
> The Internet Engineering Task Force (IETF) has further compounded
> the problem by creating interoperable standards for security, which
> have enabled hosts on the Internet to protect traffic en
Re: IETF Last Call on Walled Garden Standard for the Internet
(draft-ietf-hokey-emsk-hierarchy)
The open nature of the Internet has been a problem for quite a long
time. In addition to the countless problems caused by allowing users
to run applications of their choosing, the Internet also
33 matches
Mail list logo