| RE: Response to LWAPP Security Review | <– Date –> <– Thread –> |
From: Charles Clancy (clancy cs.umd.edu)
|
|
| Date: Mon, 16 May 2005 08:43:04 -0400 (EDT) | |
One problem with many of the standards-based authentication protocols is
that they often strive for flexibility rather than simplicity, making them
suboptimal for smaller devices, such as a thin AP. Of course, that's not
to say they should all be disqualified. IMHO, something like TLS
authentication (similar to RFC 2716) would be good, with an application
profile limiting the ciphersuites to the following:
This would allow for both PSK and public-key authentication, using standard protocols.
On Sun, 15 May 2005, Agcaoili, Philip wrote:
* TLS_RSA_WITH_AES_128_CBC_SHA * TLS_PSK_WITH_AES_128_CBC_SHA
This would allow for both PSK and public-key authentication, using standard protocols.
[ t. charles clancy ]--[ tcc [at] umd.edu ]--[ www.cs.umd.edu/~clancy ] [ computer science ]-----[ university of maryland | college park ]
On Sun, 15 May 2005, Agcaoili, Philip wrote:
This is great to hear.
It also seems like we're adding complexity to this working group by reinventing the wheel. Why bother fixing something that's been solved many times already? This working group should reusing other standards-based, well understood, and battle-proven methods such as IKE with IPSec or TLS with certificates?
Thanks,
Philip Agcaoili Chief Security Architect Enterprise Information Protection Scientific-Atlanta, Inc.
-----Original Message----- From: Pat Calhoun To: 'Agcaoili, Philip'; capwap [at] frascone.com Sent: 5/14/2005 12:12 AM Subject: RE: [Capwap] Response to LWAPP Security Review
Actually, I agree, and the issues raised in the review state that the specification needs to have clarifying text to ensure that other implementations do things right. As I mentioned below, we will be adding such text to ensure that the document is very clear, minimizing the possibility of 3rd party implementors being vulnerable to the issues mentioned.
Your voice is heard.
Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems
_____
From: capwap-admin [at] frascone.com [mailto:capwap-admin [at] frascone.com] On Behalf Of Agcaoili, Philip Sent: Friday, May 13, 2005 4:34 PM To: 'capwap [at] frascone.com' Subject: Re: [Capwap] Response to LWAPP Security Review
So to summarize, you appear to be saying that LWAPP security depends from implementation to implementation of the draft.
I'd like to be the voice of reason here and ask as a customer that the IETF specification is explicit enough to reasonably ensure that every implementation of the spec is secure.
Thanks,
Philip Agcaoili Chief Security Architect Enterprise Information Protection Scientific-Atlanta, Inc.
- - - - - - - Appended by Scientific-Atlanta, Inc. - - - - - - - This e-mail and any attachments may contain information which is confidential, proprietary, privileged or otherwise protected by law. The information is solely intended for the named addressee (or a person responsible for delivering it to the addressee). If you are not the intended recipient of this message, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this e-mail in error, please notify the sender immediately by return e-mail and delete it from your computer.
- Re: Response to LWAPP Security Review, (continued)
-
Re: Response to LWAPP Security Review Agcaoili, Philip, May 13 2005
- Re: Response to LWAPP Security Review Charles Clancy, May 13 2005
- RE: Response to LWAPP Security Review Pat Calhoun, May 13 2005
-
RE: Response to LWAPP Security Review Agcaoili, Philip, May 15 2005
- RE: Response to LWAPP Security Review Charles Clancy, May 16 2005
-
Re: Response to LWAPP Security Review Agcaoili, Philip, May 13 2005
- RE: Response to LWAPP Security Review Darren Loher, May 16 2005
Results generated by Tiger Technologies using MHonArc.