ietf
[Top] [All Lists]

Re: AD review of draft-zorn-radius-pkmv1-04.txt

2009-07-27 12:22:25
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


"Alan" == Alan DeKok <aland(_at_)deployingradius(_dot_)com> writes:
    Alan>   Both the PKM-SS-Cert and PKM-CA-Cert attributes provide
    Alan> 'ad-hoc' extension of the RADIUS attribute size, much like the
    Alan> EAP-Message attribute.  It would have been preferable to

  Back in the time of EAP-SIM, I complained about the rather
inconsistent attribute encoding in it, and why didn't they use the
radius encoding, or at least some consistent mechanism.
  (Sizes are both in "words" and "bytes" in EAP-SIM)

  While doing interop, I found at least two implementations that got
things wrong (and therefore their corresponding clients must not checked
at all!) and would have resulted in buffer overflows, and possible
exploits. 

  I want to emphasis what Alan says in the next message:

    Alan>  What value, then, is in the design guidelines, WG consensus,
    Alan>  or IETF  review?  Can we just over-ride them willy-nilly
    Alan>  because a vendor has an implementation of a spec?

- -- 
]     Y'avait une poule de jammé dans l'muffler!!!!!!!!!        |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr(_at_)sandelman(_dot_)ottawa(_dot_)on(_dot_)ca 
http://www.sandelman.ottawa.on.ca/ |device driver[
]    h("Just another Debian GNU/Linux using, kernel hacking,    ruby  guy");  [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBSmi1kICLcPvd0N1lAQIHhwf+Pgz79pEFujsgWY7dHFxAEezUiMb6QgPQ
8NQqQCzxquI+aikmzxsqrmNdSEXLEIMEVCyzyYLLb+W0dCNpWD7HUJ0Ktz4NsOK6
zI+t7Cbx0KMXHmydpUJNqg3ucxf5cpt46hY2eug2p2F0UNLTuCYIne+2HzhSMOKa
95PeRlYvkGIW8PKxspdYlIxa9GnASjCY4lh1IRQv3tRNZ3kPSPsRqfSZhyzNB8Hy
SFnEIiBL3FvbvDzOqlk2TA6GYE+Q86v21tSlaGP61/UqbuRrl51Bo8QviORFiWy8
zdiOq0oTAhjT59pspiq518UgrP/ndsjB1op8xCi5JBEnRMDFDuyU1g==
=Vzu1
-----END PGP SIGNATURE-----
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>