| RFC 3748 nits&minor issues | <– Date –> <– Thread –> |
From: Florent Bersani (florent.bersani rd.francetelecom.fr)
|
|
| Date: Thu, 18 Mar 2004 20:23:41 -0500 (EST) | |
Hi all,
Florent
While rereading (perhaps a bit quickly, apologies in advance) draft-ietf-eap-rfc2284bis-09.txt, I think I have spotted some nits or minor issues:
1) Specification of length fields. I did not find a place where it said the value of this field gave the length in bytes
2) Section 6.2 "Method Types 42-191 may be allocated on the advice of a Designated Expert, with Specification Required" - types 43 and 44 have been allocated (EAP-FAST and Zonelabs EAP), thus change to "Method Types 44-191 may be allocated on the advice of a Designated Expert, with Specification Required"
3) While reading section 7.2, I got the impression that MS-CHAPv2 was more resistant to dictionary attacks than MS-CHAPv1, which is the only to be MS-CHAP to be mentioned. This is of course not true (see for instance http://www.schneier.com/paper-pptpv2.pdf and http://mopo.informatik.uni-freiburg.de/pptp_mschapv2/pptp_mschapv2.html). Perhaps adding MS-CHAPv2 to the list would save users from misusing it (since it is still widely available)
4) Section 7.10 "This restriction will be relaxed in a future document that specifies how the EMSK can be used". My understanding is that this document will be the EAP Key Management Framework itself (see the ongoing discussion about the incorporation of draft-salowey-eap-key-deriv-02.txt.
Florent
- (no other messages in thread)
Results generated by Tiger Technologies using MHonArc.