Re: Issue 392: Authorization Issues

Thread: Re: Issue 392: Authorization Issues

Search this list only Search all lists
Re: Issue 392: Authorization Issues
United States	2007-02-06 14:54:34

I have read the new text and agree with most of them. 1. Here is one change that I disagre with ("should not" turned into "must not", and no basis from the Guidelines BCP-to-be that I can see): Section 5.1: Text of -17.txt: " [.. ]this should not allow the attacker to compromise other authenticators or the backend authentication server" New text: Compromise of a single authenticator MUST NOT compromise keying material held by any other authenticator within the system, and SHOULD NOT allow the attacker to compromise the backend authentication server   2. Compromise of Peer in section 5.1: hopefully this does not invalidate the idea of Group keys for multicast (if a Peer's group key is compromised, so will the group keys of other peers in his multicast group - can't be helped). 3. Last paragraph of Section 5.8 " the backend authentication server can impersonate the authenticator ". Not really necessary to say this, especially since the guidelines say that the backend authentication server is a trusted party, yes? Some nits: page 43 bottom: "an stale key" -> "a stale key". Section 5.7, 3rd paragraph starts with "EAP EAP", 4th paragraph contains "and and", 5th paragraph starts with "AAA The AAA". Best regards, Michaela ----- Original Message ---- <too long to be included w/o moderator approval> Want to start your own business? Learn how on Yahoo! Small Business.

[1]

about | contact Other archives ( Real Estate discussion Medical topics )