Paul Hoffman writes:
> Based on Pasi's AD review, the authors significantly shortened the
> document. It seems prudent to have the WG review the new, shorter
> version. In particular, it would be good for developers to look at
> the new short document and see if it is complete enough to implement
>
Raj Singh writes:
> Section 5. IANA Considerations can be reworded in-line with
> ikev2bis.
It would be better align it with ikev2-parameters iana registry.
> 5. IANA Considerations
>
> IANA has already registered the type and value for AES-CTR.
>
> Name Number Defined In
Well, during my long and fruitful career I've come across many asinine
statements - but this pearl from your collection outshines mine! Indeed
"straight from the horse's" (or in the context - "mule's"?) mouth (no offense
meant to those wonderful equestrians).
I'm struck speechless (which is unu
The IESG has received a request from the IP Security Maintenance and
Extensions WG (ipsecme) to consider the following document:
- 'Internet Key Exchange Protocol: IKEv2 '
as a Proposed Standard
The IESG plans to make a decision in the next few weeks, and solicits
final comments on this acti
Can someone please explain the joke to me? Nelson was asked about TLS-PSK (RFC
4279) and he replied that it can easily be abused. TLS-PSK (similarly to
IKE-PSK) is vulnerable to dictionary attacks if used with a short secret
(a.k.a. "password"), at least in the presence of an active attacker. So
Caveat: I have not reviewed in detail.
But I noticed a typo below line 3020 -- "may hve".
Scott Moonen (smoo...@us.ibm.com)
z/OS Communications Server TCP/IP Development
http://www.linkedin.com/in/smoonen
|>
| From: |
|>
>---
Explaining a joke spoils all the fun, but here goes:
It's not like PKI is working out better for user authentication.
And password-in-https-form is also vulnerable to online dictionary attacks.
Now if they were using TLS-EAP
But that, of course, suffers from excessive layering.
__
Of definite interest to the WG:
>X-Original-To: ietf-annou...@ietf.org
>Delivered-To: ietf-annou...@core3.amsl.com
>X-idtracker: yes
>To: IETF-Announce
>From: The IESG
>Subject: Last Call: draft-ietf-ipsecme-ikev2bis (Internet Key Exchange
> Protocol: IKEv2) to Proposed Standard
>Date: Thu
Hi Peter,
I completely agree with the rest of the argument. But I don't know of a
realistic way to do it with TLS-PSK (people will *always* use short passwords,
it's not like it's the exception to the rule). TLS-SRP is one possible
solution. Or, as Yoav suggests, TLS-EAP with several alternativ
