eap Mailing List: RE: Re: SHA-0 Broken

[Joseph Salowey (jsalowey]

eap-admin [at] frascone.com wrote:
<snip>

> Second, Joe Salowey mentioned that
> 
>> [...] methods based on existing key exchange frameworks such as TLS
>> and IKEv2 are valuable because they build on widely implemented (at
>> least in the case of TLS) and reviewed standards. TLS is probably the
>> most widely deployed one and it has been extended to support multiple
>> mechanisms including certificates, kerberos and pre-shared key.  I
>> would prefer to focus on the standard frameworks first.
> 
> I agree. But why concentrating on one protocol? What if this protocol
> becomes vulnerable?
> 

[Joe] It is more likely that correct fixes to a problem will be developed
quicker and distributed faster for widely used extensible protocols than for
single use protocols that have not had their extensibility tested (or even
designed).


> To sum all up: The intention is the conclusion that it is possibly
> best practise to allow some kind of heterogeneity in development,
> and to treat
> proposals which are not main-stream a little bit more
> tolerant than we have
> seen it these days (this has been, at least, my impression). Having
> one ore more alternatives can not be a disadvantage, right?
> 
> 
> Thomas
> 
> References
> 
> [3] http://www.freedom-to-tinker.com/archives/000661.html
> [4] Edward Felten is Professor at Department of Computer Sciences,
> Princeton University, his personal website is
> http://www.cs.princeton.edu/~felten/
> 
> _______________________________________________
> eap mailing list
> eap [at] frascone.com
> http://mail.frascone.com/mailman/listinfo/eap