[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DISCUSS and COMMENT: draft-ietf-radext-status-server

To: <radiusext@ops.ietf.org>
Subject: DISCUSS and COMMENT: draft-ietf-radext-status-server
From: "Bernard Aboba" <bernard_aboba@hotmail.com>
Date: Tue, 20 Apr 2010 14:00:54 -0700
In-reply-to: <20100420183124.E173B3A683F@core3.amsl.com>
References: <20100420183124.E173B3A683F@core3.amsl.com>

-----Original Message-----
From: Peter Saint-Andre [mailto:stpeter@stpeter.im] 
Sent: Tuesday, April 20, 2010 11:31 AM
To: iesg@ietf.org
Cc: aland@freeradius.org; radext-chairs@tools.ietf.org; draft-ietf-radext-status-server@tools.ietf.org
Subject: DISCUSS and COMMENT: draft-ietf-radext-status-server 

Discuss:
Is the use of MD5 in generating the Response Authenticator subject to collision attacks? If not, it would be helpful to describe why not, and provide a reference to RFC 4270. If so, then the security considerations need to be updated.

Comment:
Given that the Request Authenticator should be unpredictable and unique, a reference to RFC 4086 would be appropriate.

Please add a reference to RFC 1321 for the definition of MD5.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: DISCUSS and COMMENT: draft-ietf-radext-status-server
Next by Date: COMMENT: draft-ietf-radext-status-server
Previous by thread: DISCUSS and COMMENT: draft-ietf-radext-status-server
Next by thread: COMMENT: draft-ietf-radext-status-server
Index(es):
- Date
- Thread