Darren J Moffat wrote: > Given the standards based nature of this weak crypto I reluctantly give > a +1. I will say I'm disappointed in the X.org committee for not > allowing the AES to be specified but I understand the reluctance to do > so without a sample implementation. > > ---- > XDM-AUTHORIZATION-1 implements a TDES [ FIPS 46-3 ] [1] based access > control mechanism [ as per description above ]. Environments with > more stringent security requirements may consider cryptologically > stronger ciphers more appropriate. > ---- > > The mode of the crypto algorithm isn't listed so I assume this is ECB > since there is no mention of space for an IV for it to being CBC mode > (and given its age CTR, CCM etc didn't exist back then). > > So +1 for standards reasons only. > > If I was to help provide said sample implementation using AES what would > it take to get the standard revised ?
Probably yes. We are a lot of people awaiting for an actual implementation of XDM-AUTORIZATION-2 as proposed, or something better. It was a suggested project for Google Summer of Code last year and this year. Last year we even had a volunteer, but it disapeared during the selection process after he was told that we want this work to be done under the MIT license, not GPL. It is also on my TODO list, but I failed to allocate time for it so far. -- Matthieu Herrb
