Re: [Emu] Liaison Statement on ITU-T Recommendation X.1034

Stefan Winter Mon, 11 Aug 2008 05:22:10 -0700

Hi,

- EAP-MD5: they claim it provides mutual authentication


That table has a few more flaws.

EAP-MD5
--------------

- MD5 and Resistance to dictionary attacks. RFC3748 states "No", the ITUdocument states "Yes".

- MD5 and replay protection. Ditto.

EAP-TLS
-------------
- they quote RFC2716 as source, while this has been obsoleted by 5216

- 2.1.4 of RFC5216 explains how to achieve privacy, while the table inX.1034 states "No"

Luckily, the table is apparently not part of the recommendation, but aninformational appendix only.


I have no experience with SRP and AKA to say more about these.

Greetings,

Stefan Winter

--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la 
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

Re: [Emu] Liaison Statement on ITU-T Recommendation X.1034

Reply via email to