derbycontaminantwinnipegrarefy

From wsgeisezxzcf@yahoo.com Sun Aug 1 00:19:17 2004 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA05348; Sun, 1 Aug 2004 00:19:17 -0400 (EDT) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1Br7rF-0001Yn-7c; Sun, 01 Aug 2004 00:22:01 -0400 Received: from [222.101.33.6] (helo=65.246.255.50) by mx2.foretec.com with smtp (Exim 4.24) id 1Br7od-0000Bw-10; Sun, 01 Aug 2004 00:19:20 -0400 Received: from 170.184.64.116 by 65.246.255.50; Sat, 31 Jul 2004 22:13:08 -0700 Message-ID: From: "Flora Sharpe" Reply-To: "Flora Sharpe" To: dmin@ietf.org Subject: This could be of some use Date: Sat, 31 Jul 2004 22:12:08 -0700 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--39271545627639564" X-Priority: 3 X-CS-IP: 166.253.200.52 X-Spam-Score: 13.2 (+++++++++++++) X-Spam-Flag: YES X-Scan-Signature: 79899194edc4f33a41f49410777972f8 ----39271545627639564 Content-Type: text/html; Content-Transfer-Encoding: quoted-printable Hi,

We are happy to inform you, You have just recieved a $200,000 loan from one of our lenders..

Just follow the confirmation link to confirm everything.

Thank You

Confirmation Link #82

Best Regards,
Flora Sharpe ----39271545627639564-- From diameter-admin@frascone.com Sun Aug 1 05:17:27 2004 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA04731 for ; Sun, 1 Aug 2004 05:17:26 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 7AB0A21B37 for ; Sun, 1 Aug 2004 05:02:11 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 0CDA921B07 for ; Sun, 1 Aug 2004 05:01:43 -0400 (EDT) Date: Sun, 01 Aug 2004 05:01:42 -0400 Message-ID: <20040801090142.11301.23800.Mailman@xavier> Subject: frascone.com mailing list memberships reminder From: mailman-owner@wolverine.cnri.reston.va.us To: eap-archive@ietf.org X-No-Archive: yes X-Ack: no Sender: diameter-admin@frascone.com Errors-To: diameter-admin@frascone.com X-BeenThere: diameter@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) This is a reminder, sent out once a month, about your frascone.com mailing list memberships. It includes your subscription info and how to use it to change it or unsubscribe from a list. You can visit the URLs to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on. In addition to the URL interfaces, you can also use email to make such changes. For more info, send a message to the '-request' address of the list (for example, eap-request@frascone.com) containing just the word 'help' in the message body, and an email message will be sent to you with instructions. If you have questions, problems, comments, etc, send them to mailman-owner@wolverine. Thanks! Passwords for eap-archive@lists.ietf.org: List Password // URL ---- -------- eap@frascone.com ohweow http://mail.frascone.com/mailman/options/eap/eap-archive%40lists.ietf.org From eap-admin@frascone.com Sun Aug 1 22:16:41 2004 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA16443 for ; Sun, 1 Aug 2004 22:16:40 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 3BECD21B26; Sun, 1 Aug 2004 22:02:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 0A2E921B21; Sun, 1 Aug 2004 22:02:03 -0400 (EDT) Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id EA90221B1E for ; Sun, 1 Aug 2004 22:01:01 -0400 (EDT) Received: from internaut.com (h-66-167-171-107.sttnwaho.covad.net [66.167.171.107]) by mail.frascone.com (Postfix) with ESMTP id 7707721B1A for ; Sun, 1 Aug 2004 22:00:56 -0400 (EDT) Received: from localhost (aboba@localhost) by internaut.com (8.10.2/8.10.2) with ESMTP id i722Bcq25656 for ; Sun, 1 Aug 2004 19:11:43 -0700 From: Bernard Aboba To: eap@frascone.com Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Subject: [eap] Proposed resolution to Issue 243: Clarification of "state synchronization" Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Sun, 1 Aug 2004 19:11:38 -0700 (PDT) X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) The text of Issue 243 is available for inspection here: http://www.drizzle.com/~aboba/EAP/eapissues.html#Issue 243 After some discussion, Pasi, Jari and I would like to proposed the following text for Section 2.2, clause 4: [4] Shared state equivalence. The shared EAP method state of the EAP peer and server must be equivalent when the EAP method completes successfully on both sides. This includes the internal state of the authentication protocol but not the state external to the EAP method, such as the negotiation occurring prior to initiation of the EAP method. The exact state attributes that are shared may vary from method to method but typically include the method version number, what credentials were presented and accepted by both parties, what cryptographic keys are shared and what EAP method specific attributes were negotiated, such as ciphersuites and limitations of usage on all protocol state. Both parties must be able to distinguish this instance of the protocol from all other instances of the protocol and they must share the same view of which state attributes are public and which are private to the two parties alone. _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Sun Aug 1 23:06:36 2004 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA23762 for ; Sun, 1 Aug 2004 23:06:35 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 981AF20C3C; Sun, 1 Aug 2004 22:51:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 4294420C16; Sun, 1 Aug 2004 22:51:02 -0400 (EDT) Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 2C4AC20C1F for ; Sun, 1 Aug 2004 22:50:34 -0400 (EDT) Received: from internaut.com (h-66-167-171-107.sttnwaho.covad.net [66.167.171.107]) by mail.frascone.com (Postfix) with ESMTP id 42326203A7 for ; Sun, 1 Aug 2004 22:50:31 -0400 (EDT) Received: from localhost (aboba@localhost) by internaut.com (8.10.2/8.10.2) with ESMTP id i7231Mx28587 for ; Sun, 1 Aug 2004 20:01:22 -0700 From: Bernard Aboba To: eap@frascone.com Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Subject: [eap] Resolution of Issue 242: Errata Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Sun, 1 Aug 2004 20:01:22 -0700 (PDT) X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) The text of Issue 242 is enclosed below: http://www.drizzle.com/~aboba/EAP/eapissues.html#Issue%20242 The proposed resolution is to accept the proposed errata text. Any objections? _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Mon Aug 2 11:43:40 2004 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA14509 for ; Mon, 2 Aug 2004 11:43:39 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id AC91221023; Mon, 2 Aug 2004 11:29:05 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id A678720B90; Mon, 2 Aug 2004 11:29:02 -0400 (EDT) Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 6DE7D21018 for ; Mon, 2 Aug 2004 11:28:41 -0400 (EDT) Received: from mail-ic.fth.sbs.de (mail-ic.fth.sbs.de [194.138.39.45]) by mail.frascone.com (Postfix) with ESMTP id 2D26D20B90 for ; Mon, 2 Aug 2004 11:28:39 -0400 (EDT) Received: from bchk006a.bch.siemens.de ([149.246.105.43]) by mail-ic.fth.sbs.de (8.11.7/8.11.7) with ESMTP id i72Fgu618378; Mon, 2 Aug 2004 17:42:56 +0200 (MEST) Received: by bchk006a.bch.siemens.de with Internet Mail Service (5.5.2657.72) id ; Mon, 2 Aug 2004 17:42:56 +0200 Message-ID: <758E9863A7B26945B174BD445B1CA15CA061CC@bchk999a.bch.siemens.de> From: Berg Stefan ICM Bocholt To: Ruffino Simone Cc: eap@frascone.com Subject: AW: [eap] Some comments on draft-groeting-netselection-results-00 .txt MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Mon, 2 Aug 2004 17:42:55 +0200 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: quoted-printable Hi Simone, Thank you for your feedback. You really discovered some = inconsistencies. 1) 'Roaming Agreements' and 'Mediating Networks' could be merged, = that's correct. There's only poor added value in separating the two. We just = missed to adapt the figure to the access network information elements = described in chapter 2.2. 2) Youre right, the figure only deals with mediating network = information, which is wrong. In our concepts additional network information, e.g. on pricing and QoS, should be provided for the access network as well as = for the mediating networks. 3) In draft we didn't want to go in details of implementing and = testing, so in chapter 3.4 we only described the general test platform for the EAP network discovery. In our testbed we proof different functionalities, = which are useful and needed for multimode devices. This includes as describes network selection issues, but also other aspects like session based handover. Hope this answers your questions. Regards, Stefan > -----Urspr=FCngliche Nachricht----- > Von: Ruffino Simone [mailto:Simone.Ruffino@TILAB.COM]=20 > Gesendet: Freitag, 30. Juli 2004 19:36 > An: Groeting Wolfgang ICM Bocholt;=20 > Hannes.Tschofenig@siemens.com; Ness Malte ICM Bocholt; Berg=20 > Stefan ICM Bocholt > Cc: eap@frascone.com > Betreff: [eap] Some comments on=20 > draft-groeting-netselection-results-00.txt >=20 >=20 > Dear authors and all, >=20 > Very useful draft: it helps understanding possibilities and=20 > problems of having additional information carried with EAP. >=20 > I would like to better clarify some points. >=20 > 1) You separate 'Roaming Agreements' and 'Mediating Networks'=20 > information element. From my point of view, they could be=20 > merged, since an Access Network, using MN advertising,=20 > implicitly tells the client that it holds an agreement with=20 > the advertised MNs. What kind of hint should RAs give to the client? >=20 > 2) In my understanding of your draft, some information=20 > element (s.a. cost and QoS) can refer both to the Access=20 > Network and to Mediating Networks. But reading sec. 3.2=20 > (Figure 2), it seems that all the additional info is related=20 > only to MNs : MN1--C1--RA1--etc. Can you clarify this ?=20 >=20 > 3) (in Sec. 3, implementation and testing ). What kind of=20 > tests do you performed on the testbed? What kind of scenario=20 > did you simulate ? I think it would be very useful to have=20 > someusage example. Is it worth including it in the draft (is=20 > it the right place ?) ? >=20 > Regards, > Simone >=20 >=20 >=20 > Gruppo Telecom Italia - Direzione e coordinamento di Telecom=20 > Italia S.p.A. >=20 > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > CONFIDENTIALITY NOTICE > This message and its attachments are addressed solely to the=20 > persons above and may contain confidential information. If=20 > you have received the message in error, be informed that any=20 > use of the content hereof is prohibited. Please return it=20 > immediately to the sender and delete the message. Should you=20 > have any questions, please send an e_mail to=20 > MailAdmin@tilab.com. Thank you=20 > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >=20 _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From Administrator@computeradmin.org Mon Aug 2 13:02:25 2004 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA19028 for ; Mon, 2 Aug 2004 13:02:25 -0400 (EDT) Received: from user-0cdf51f.cable.mindspring.com ([24.215.148.47]) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1BrgFX-0000Fz-06 for eap-archive@ietf.org; Mon, 02 Aug 2004 13:05:28 -0400 Received: from fhnz.h2ovw.net ([108.132.203.36]) by user-0cdf51f.cable.mindspring.com id <2965030-11946>; Mon, 02 Aug 2004 14:02:43 -0400 Message-ID: <4g5$pga0a-$2k$bjv7j@2k2h7> From: "Admin" To: tohubmib@ietf.org Subject: Staff Bulletin Date: Mon, 02 Aug 04 14:02:43 GMT X-Priority: 1 X-MSMail-Priority: High X-Mailer: Microsoft Outlook Express 5.00.2615.200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="7_6.826D83F5649E0__8829" X-Spam-Score: 16.3 (++++++++++++++++) X-Spam-Flag: YES X-Scan-Signature: 00e94c813bef7832af255170dca19e36 This is a multi-part message in MIME format. --7_6.826D83F5649E0__8829 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Attention All Staff Members: You Must Respond By 5 P.M. Tuesday, August 3, 2004. Through a special arrangement, Avtech Direct is offering a limited allotment of BRAND NEW, top of-the-line, name-brand desktop computers at more than 50% off MSRP to all Staff Members who respond to this message before 5 P.M., Tuesday, August 3, 2004. All desktop are brand-new, packed in their original boxes, and come with a full manufacturer's warranty plus a 100% satisfaction guarantee. These professional grade Desktops are fully equipped with 2004 next generation technology, making these the best performing computers money can buy. Avtech Direct is offering these feature rich, top performing Desktop Computers with the latest Intel technology at an amazing price to all who call: 1-800-884-9510 by 5 P.M. Tuesday, August 3, 2004 The fast and powerful AT-2400 series Desktop features: * Intel 2.0Ghz Processor for amazing speed and performance * 128MB DDR RAM, --- Upgradeable to 1024 * 20 GB UDMA Hard Drive, --- Upgradeable to 80 GB * 52X CD-Rom Drive, --- Upgradeable to DVD/CDRW * 1.44 Floppy disk drive * Next Generation Technology * ATI Premium video and sound * Full Connectivity with Fax modem/Lan/IEE 1394/USB 2.0 * Soft Touch Keyboard and scroll mouse * Internet Ready * Network Ready * 1 Year parts and labor warranty * Priority customer service and tech support MSRP $699 ........................................ Your Cost $297 How to qualify: 1. You must be a Member, Staff or Associate of a Nonprofit: 2. All desktop computers will be available on a first come first serve basis. 3. You must call 1-800-884-9510 by 5 P.M. Tuesday, August 3, 2004 and we will hold the desktops you request on will call. 4. You are not obligated in any way. 5. 100% Satisfaction Guaranteed. Call Avtech Direct 1-800-884-9510 before 5 P.M. Tuesday, August 3, 2004 Visit our website at http://www.avtechdirect-nonprofits.com If you wish to unsubscribe from this list, please go to: http://www.computeradvice.org/unsubscribe.asp Avtech Direct 22647 Ventura Blvd., Suite 374 Woodland Hills, CA 91364 --7_6.826D83F5649E0__8829-- From NFNPI@msn.com Tue Aug 3 00:14:20 2004 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA29404; Tue, 3 Aug 2004 00:14:20 -0400 (EDT) Received: from [220.117.222.12] (helo=132.151.6.1) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1Brqjv-0002dG-7D; Tue, 03 Aug 2004 00:17:28 -0400 Received: from 160.192.109.185 by 132.151.6.1; Tue, 03 Aug 2004 03:02:21 -0200 Message-ID: From: "Wilson Barnett" Reply-To: "Wilson Barnett" To: dn@ietf.org Subject: Newsletter #531 Date: Tue, 03 Aug 2004 01:01:21 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--7618119166688756" X-Priority: 3 X-CS-IP: 224.99.240.132 X-Spam-Score: 12.9 (++++++++++++) X-Spam-Flag: YES X-Scan-Signature: e5ba305d0e64821bf3d8bc5d3bb07228 ----7618119166688756 Content-Type: text/html; Content-Transfer-Encoding: quoted-printable How are you?,

We can offer you a low interest rate on your exisiting mor.tgage or on a n= ew mort.gage.
You were already Pre-Qualified!

Follow the link be-low to fill out our 1 minute form;
Confirmation Link #4385

Thanks,
Wilson Barnett

croquet cos entomology fixture probe catastrophe electra row t rum dustbin= delaware diffusible plagiarism vista wadsworth brookhaven felix contractu= al argumentative fifteen cerise freshwater conductance off robotic turgid = effluvium bumptious bravura boggle mackinaw swarthmore syllogistic hiss=20=

0 ----7618119166688756-- From CathyMiltonvimwv@petranka.de Tue Aug 3 05:08:58 2004 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA26119 for ; Tue, 3 Aug 2004 05:08:58 -0400 (EDT) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1BrvL4-0006Yk-Mz for eap-archive@ietf.org; Tue, 03 Aug 2004 05:12:09 -0400 Received: from 82-36-154-57.cable.ubr04.perr.blueyonder.co.uk ([82.36.154.57]) by mx2.foretec.com with smtp (Exim 4.24) id 1BrvI0-0002Nm-LG for eap-archive@ietf.org; Tue, 03 Aug 2004 05:08:57 -0400 Received: from unknown (HELO w573.sbb.com.my) (60.252.128.252) by colicky52.sbb.com.my with SMTP; Tue, 03 Aug 2004 02:08:47 -0800 Received: from vrg-202-17-36-214.whay.sbb.com.my ([85.182.228.214]) by oihyrs826.sbb.com.my(MAM REL_3_4_2a 01/26050630) with SMTP id 34387643; Tue, 03 Aug 2004 02:08:47 -0800 From: "Chacon Ahmad" To: drafts@ietf.org Subject: Madeleine Date: Tue, 03 Aug 2004 02:08:47 -0800 Message-ID: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--pltv33188759Ym8d2z" X-Spam-Score: 8.0 (++++++++) X-Spam-Flag: YES X-Scan-Signature: 798b2e660f1819ae38035ac1d8d5e3ab ----pltv33188759Ym8d2z Content-Type: text/html; Charset=iso-8859-1 Content-Transfer-Encoding: 7Bit Drafts tie unanimous agnes denature eigenfunction carfare architectural laurel beth

Get More Info NOW

n0-m0re

segmentation contextual awake beetle swedish contestant iran wife earn button bookplate stochastic bennington platitudinous bronze billings crossword late spot dispersal amidst yogurt disturbance decisionmake austenite tacky privy quintessence blown extreme breakage spectrograph clyde protophyta roughshod hamlet emerge chemist squirmy bobbin sian angiosperm discriminant reflexive worthwhile sabotage citadel ethnology hutchins tendency bitwise steven throttle aureomycin invocate cajole emeriti amende arsenic colloquy physiotherapist cove drama lengthen gunny dispensate snigger augusta brawl adsorb mast slung instant baseball intuit climax asynchrony menace dragonfly glutinous who've addend cobra ndjamena chap plastron retribution beatrice palo ecuador lateral chamfer mans britten flexure nominee explicate internal bissau obnoxious expanse photolytic final axon seashore circumscribe dusseldorf declaration code getaway phon armful kaskaskia clothesline that'll abort consist counterexample shard organic diffusible inoperative parentheses paz group immovable kingfisher prize apache mule chairwomen cagey typography disjunct hawaiian adair coot abundant buss callaghan diluent red casino pomona instruct billfold stamen coronate dauphin eyewitness fist alcohol thinnish bloom diploma excess lash baseboard begetting arpa liquor candle duplicable lubricate sable sinai eyebrow secant visitation class insatiable fermion citizenry embroidery mantis priscilla lignite polaron ave whitehead legislate chosen conklin earthy decisive destiny feathery match hold neil atkinson nv arty fool afresh mr sirius discussion inventory plaything receive ailanthus asinine utmost approximate groin antagonism cat marsh cranky anion cauliflower veery sworn abound blazon flak limbic disquietude judicatory committing conservatory slater evasive boot optimism hereford reddish hippodrome impartation leathery allegoric column atmospheric dogwood biz burgher dub luminance bisexual jose architectural upkeep schmidt alger kyoto c amouflage cramp garnet bhoy egotism exigent canvasback clergy matrimony stayed dart oleomargarine postal moribund blink skiddy domicile boise radiant scintillate dogging airstrip bee ----pltv33188759Ym8d2z-- From DOJEYSV@glay.org Tue Aug 3 10:41:42 2004 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA13022; Tue, 3 Aug 2004 10:41:41 -0400 (EDT) Received: from [222.103.58.21] (helo=132.151.6.1) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1Bs0X7-0002St-QR; Tue, 03 Aug 2004 10:44:55 -0400 X-Message-Info: C/xj+24+rr/XC+2/25504251944318 Received: from smtp-bird.description.DOJEYSV@glay.org ([222.103.58.21]) by ff6-k58.DOJEYSV@glay.org with Microsoft SMTPSVC(5.0.4291.9671); Tue, 03 Aug 2004 21:39:28 +0600 X-Message-Info: UAAX+%ND_LC_CHAR[1-3]80+t+JP+1/954881257342412 Received: (qmail 69623 invoked by uid 1); Tue, 03 Aug 2004 17:39:28 +0200 Date: Tue, 03 Aug 2004 14:37:28 -0100 Message-Id: <761427261845.81601@DOJEYSV@glay.org> From: Ryan Townsend To: Egaco MIME-Version: 1.0 (produced by cropdelhi 7.6) Content-Type: multipart/alternative; boundary="--995508232005155" X-Spam-Score: 13.0 (+++++++++++++) X-Spam-Flag: YES X-Scan-Signature: 8abaac9e10c826e8252866cbe6766464 ----995508232005155 Content-Type: text/html; charset="iso-2593-8" Content-Description: hilton mast dean Content-Transfer-Encoding: quoted-printable

Check out our survey! Read what women really think about penis size and= their lovers!

80% Of the women would like their husbands to have a bigger and thicker= penis

90% Of the women are shy or afraid to tell their lovers because they do= not want to hurt their feelings

80% Of the women get a wilder orgasm from a bigger and thicker penis

Get your girlfriend hot and wet from a sight of your penis!

Get the best penis pills on the market! Get IGF2

o Add 3 Inches in Length!

o Gain and Extra 20% in Girth (or More)!

o Product Stronger Erections!

o Have more Intense Orgasms!

o Have s Strong Sexual Desire!

o Increase Sexual Stamina!

Get your FREE bottle of IGF2 Here

----995508232005155-- From eap-admin@frascone.com Tue Aug 3 12:03:18 2004 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA17385 for ; Tue, 3 Aug 2004 12:03:17 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 0EE75216BF; Tue, 3 Aug 2004 11:43:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 73682218DC; Tue, 3 Aug 2004 11:43:02 -0400 (EDT) Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 06197218DC for ; Tue, 3 Aug 2004 11:42:22 -0400 (EDT) Received: from deneb.mtghouse.com (unknown [206.152.191.132]) by mail.frascone.com (Postfix) with SMTP id E0400216BF for ; Tue, 3 Aug 2004 11:42:20 -0400 (EDT) Received: (qmail 20398 invoked from network); 3 Aug 2004 15:56:55 -0000 Received: from unknown (HELO ?192.168.11.223?) (192.168.11.223) by deneb.mtghouse.com with SMTP; 3 Aug 2004 15:56:55 -0000 Message-ID: <410FB5CE.1030706@mtghouse.com> From: Jim Burns User-Agent: Mozilla Thunderbird 0.7.2 (Windows/20040707) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Yoshihiro Ohba Cc: Nick Petroni , "Congdon, Paul T (ProCurve)" , Bernard Aboba , eap@frascone.com, Tony Jeffree Subject: Re: [eap] Re: Issue 251 References: <20040728145554.GD3945@steelhead> <20040728151847.GG3945@steelhead> In-Reply-To: <20040728151847.GG3945@steelhead> Content-Type: text/plain; charset=ISO-2022-JP Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Tue, 03 Aug 2004 11:57:02 -0400 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: 7bit Hi Yoshihiro, Sorry for the delay in response, please see below: Yoshihiro Ohba wrote: >On Wed, Jul 28, 2004 at 11:00:30AM -0400, Nick Petroni wrote: > > >>Yoshihiro, >> >> >> >>>I think the text points to a case where the authenticator can sends >>>Success message in response to Identity Response from the peer. So >>>it would not appear as a canned success. >>> >>> >>Even if this were not canned, it seems to still violate the rule that a >>higher-layer authentication method must be run. Furthermore, Identity is >>always optional so what works with Identity should work without (IMHO). >>Perhaps I am missing some subtleties. >> >> > >You are right. I should have said "Success message in response to >Identity Response in a tunneling method". > > I am probably thick (and I apologize for wasting folks time if this is the case), but this does not appear to be the way the paragraph reads in RFC 3748, Section 4.2, page 25, paragraph 2: "If the peer attempts to authenticate to the authenticator and fails to do so, the authenticator MUST send a Failure packet and MUST NOT grant access by sending a Success packet. However, an authenticator MAY omit having the peer authenticate to it in situations where limited access is offered (e.g., guest access). In this case, the authenticator MUST send a Success packet." There is no discussion of tunneling methods here. There is some discussion prior to this paragraph of the 'result indications' within an EAP method, but this does not seem to apply to this paragraph. So, this paragraph would lead me to believe that for guest access the authenticator can send a Success packet without having the peer authenticate to it. Since, as Nick points out, the identity request is optional, this would mean that the authenticator sends an EAP Success immediately for guest access. This paragraph does seem to contradict the early paragraph about 'canned' successes. It would be impossible, from the peer, to differentiate the behavior described above from a 'canned' success. I believe that your intention was to disallow this behavior. Nick's statement seems correct that "...it seems to still violate the rule that a higher-layer authentication method must be run." So, if our goal is to disallow canned successes/failures then I would think removal of the sentence "However, an authenticator MAY omit having the peer authenticate to it in situations where limited access is offered (e.g., guest access). In this case, the authenticator MUST send a Success packet." would be necessary as well. If, on the other hand, our goal was to allow guest access, then I would suggest that FORCE_AUTH and FORCE_UNAUTH states defined in IEEE 802.1XRev are one way to implement this 'limited access' to supplicants. Thanks for your time folks, Jim B. >Yoshihiro Ohba > > > > >>Best, >>nick >> >> >> >>>Yoshihiro Ohba >>> >>> >>> >>> >>>>I am concerned about this contradiction though. Did I miss >>>>something in the doc? >>>>Thanks, >>>>Jim B. >>>> >>>> >>>> >>>>Nick Petroni wrote: >>>> >>>> >>>> >>>>>Paul, >>>>> >>>>>Thanks for jumping in. The way I understand these messages is, I think, as >>>>>you have described. Basically, if 802.1X is off, but the Peer comes in and >>>>>sends an EAPoL Start, then the authenticator will immediately respond with >>>>>an EAP Success or an EAP Fail without doing a run of the Identity method >>>>>or an actual authentication method. Is this correct? If so, I *think* this >>>>>would violate RFC3748 per Bernard's and Jari's comments. Any thoughts, >>>>>corrections, or clarifications to my assessment? >>>>> >>>>>Thanks, >>>>>nick >>>>> >>>>>Nick L. Petroni, Jr. >>>>>Graduate Student, Computer Science >>>>>Maryland Information Systems Security Lab >>>>>University of Maryland >>>>>http://www.cs.umd.edu/~npetroni >>>>> >>>>>On Tue, 27 Jul 2004, Congdon, Paul T (ProCurve) wrote: >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>>The 'canned' messages are only send when the 802.1X port is >>>>>>administratively forced authorized or unauthorized. This is basically >>>>>>when management turns off 802.1X and forces the port open or closed. >>>>>>These message are also discussed in the text. >>>>>> >>>>>>Paul >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>-----Original Message----- >>>>>>>From: eap-admin@frascone.com [mailto:eap-admin@frascone.com] >>>>>>>On Behalf Of Nick Petroni >>>>>>>Sent: Tuesday, July 27, 2004 8:13 AM >>>>>>>To: Bernard Aboba >>>>>>>Cc: eap@frascone.com >>>>>>>Subject: Re: [eap] Re: Issue 251 >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>>802.1X "canned" messages are encapsulated EAP packets. So >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>an 802.1X >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>>packet containing an EAP Success is expressly forbidden under RFC >>>>>>>>3748, even though I think it is still mentioned in IEEE >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>802.1X-2004. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>>Similarly, our discussion of whether "canned" EAP Failure >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>is illegal >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>>also applies to "canned" 802.1X packets. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>Ok, this was the source of my confusion. I guess I assumed >>>>>>>that since they were in another standard they were going to >>>>>>>be allowed for backwards compatibility or some other legacy >>>>>>>argument. They are, indeed, still in the latest version, >>>>>>>which was another source of my confusion. They are in the >>>>>>>802.1X SM diagrams, not just the text. >>>>>>> >>>>>>>Thanks, >>>>>>>nick >>>>>>> >>>>>>> >>>>>>> >>>>>>>_______________________________________________ >>>>>>>eap mailing list >>>>>>>eap@frascone.com >>>>>>>http://mail.frascone.com/mailman/listinfo/eap >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>_______________________________________________ >>>>>>eap mailing list >>>>>>eap@frascone.com >>>>>>http://mail.frascone.com/mailman/listinfo/eap >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>_______________________________________________ >>>>>eap mailing list >>>>>eap@frascone.com >>>>>http://mail.frascone.com/mailman/listinfo/eap >>>>> >>>>> >>>>> >>>>> >>>>> >>>>_______________________________________________ >>>>eap mailing list >>>>eap@frascone.com >>>>http://mail.frascone.com/mailman/listinfo/eap >>>> >>>> >_______________________________________________ >eap mailing list >eap@frascone.com >http://mail.frascone.com/mailman/listinfo/eap > > > _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Tue Aug 3 14:06:44 2004 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA27824 for ; Tue, 3 Aug 2004 14:06:43 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 0201321C75; Tue, 3 Aug 2004 13:52:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id DA20F205D9; Tue, 3 Aug 2004 13:52:02 -0400 (EDT) Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 8027E21C72 for ; Tue, 3 Aug 2004 13:51:11 -0400 (EDT) Received: from p2.piuha.net (p2.piuha.net [131.160.192.2]) by mail.frascone.com (Postfix) with ESMTP id E0D2120389 for ; Tue, 3 Aug 2004 13:51:09 -0400 (EDT) Received: from piuha.net (p2.piuha.net [131.160.192.2]) by p2.piuha.net (Postfix) with ESMTP id 914C68986C; Tue, 3 Aug 2004 21:05:39 +0300 (EEST) Message-ID: <410FD2A1.4060400@piuha.net> From: Jari Arkko Reply-To: jari.arkko@piuha.net Organization: None User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040316 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jim Burns Cc: Yoshihiro Ohba , Nick Petroni , "Congdon, Paul T (ProCurve)" , Bernard Aboba , eap@frascone.com, Tony Jeffree Subject: Re: [eap] Re: Issue 251 References: <20040728145554.GD3945@steelhead> <20040728151847.GG3945@steelhead> <410FB5CE.1030706@mtghouse.com> In-Reply-To: <410FB5CE.1030706@mtghouse.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Tue, 03 Aug 2004 21:00:01 +0300 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: 7bit Jim Burns wrote: > This paragraph does seem to contradict the early paragraph about > 'canned' successes. It would be impossible, from the peer, to > differentiate the behavior described above from a 'canned' success. My interpretation of this is that 'canned' means a success message sent immediately upon connection, i.e., without an identity request/response exchange. I think the document is clear on this. Of course, this would imply that whatever statements the document has on the optionality of the identity exchange, they don't apply to the case of sending a success before running an authentication method. That is, you can't omit BOTH the authentication method AND the identity exchange. How do others feel about this? --Jari _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Tue Aug 3 17:44:42 2004 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA14576 for ; Tue, 3 Aug 2004 17:44:41 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id D7FD42171E; Tue, 3 Aug 2004 17:30:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 9137B21CA6; Tue, 3 Aug 2004 17:30:02 -0400 (EDT) Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 0ACC921CA0 for ; Tue, 3 Aug 2004 17:29:15 -0400 (EDT) Received: from dns1.tilab.com (dns1.tilab.com [163.162.42.4]) by mail.frascone.com (Postfix) with ESMTP id 3BF9D2171E for ; Tue, 3 Aug 2004 17:29:13 -0400 (EDT) Received: from iowa2k01a.cselt.it ([163.162.242.201]) by dns1.cselt.it (PMDF V6.0-025 #38895) with ESMTP id <0I1W00B1E4ACJP@dns1.cselt.it> for eap@frascone.com; Tue, 03 Aug 2004 23:42:12 +0200 (MEST) Received: from EXC01A.cselt.it ([163.162.4.198]) by iowa2k01a.cselt.it with Microsoft SMTPSVC(6.0.3790.0); Tue, 03 Aug 2004 23:45:18 +0200 From: Ruffino Simone Subject: RE: [eap] Some comments on draft-groeting-netselection-results-00.txt To: Berg Stefan ICM Bocholt Cc: eap@frascone.com Message-id: MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.3790.0 Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: quoted-printable Importance: normal Priority: normal Thread-Topic: [eap] Some comments on draft-groeting-netselection-results-00.txt Thread-Index: AcR4p3TLh26jpQnfR/W+Go0iUdhzmAAXtYPQ content-class: urn:content-classes:message X-OriginalArrivalTime: 03 Aug 2004 21:45:18.0484 (UTC) FILETIME=[2B368540:01C479A3] X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Tue, 03 Aug 2004 23:43:43 +0200 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: quoted-printable Hi Stefan, See comments inline. Regards, Simone >=20 > 2) Youre right, the figure only deals with mediating network = information, > which is wrong. In our concepts additional network information, e.g. = on > pricing and QoS, should be provided for the access network as well as = for > the mediating networks. Regarding access network info, it was already commented on the ML that = it's closely related with lower layer information and attachment = decision and that it must be further discussed, which I agree. Regarding putting more info about MNs into EAP packets: I'm of course in = favor of having mediating network info delivered to the user during = authentication (I here mean the realm, as specified in Farid's draft).=20 But, if the AN has many roaming agreements with many MNs, it could be a = problem to update on the AN AAA server all the information elements you = mentioned (besides problems related to EAP maximum packet length). For = example, pricing could frequently change. The information about available MNs is easily retrievable, but the rest = may require input from the MNs, which should be put somehow on the AN = AAA server (and this is currently not specified anywhere). One of the advantage of transmitting only the realm is that it's a very = low-impact add-on for the Access Network. >=20 > 3) In draft we didn't want to go in details of implementing and = testing, > so > in chapter 3.4 we only described the general test platform for the EAP > network discovery. In our testbed we proof different functionalities, > which > are useful and needed for multimode devices. This includes as = describes > network selection issues, but also other aspects like session based > handover. >=20 > Hope this answers your questions. > Regards, > Stefan >=20 > > -----Urspr=FCngliche Nachricht----- > > Von: Ruffino Simone [mailto:Simone.Ruffino@TILAB.COM] > > Gesendet: Freitag, 30. Juli 2004 19:36 > > An: Groeting Wolfgang ICM Bocholt; > > Hannes.Tschofenig@siemens.com; Ness Malte ICM Bocholt; Berg > > Stefan ICM Bocholt > > Cc: eap@frascone.com > > Betreff: [eap] Some comments on > > draft-groeting-netselection-results-00.txt > > > > > > Dear authors and all, > > > > Very useful draft: it helps understanding possibilities and > > problems of having additional information carried with EAP. > > > > I would like to better clarify some points. > > > > 1) You separate 'Roaming Agreements' and 'Mediating Networks' > > information element. From my point of view, they could be > > merged, since an Access Network, using MN advertising, > > implicitly tells the client that it holds an agreement with > > the advertised MNs. What kind of hint should RAs give to the client? > > > > 2) In my understanding of your draft, some information > > element (s.a. cost and QoS) can refer both to the Access > > Network and to Mediating Networks. But reading sec. 3.2 > > (Figure 2), it seems that all the additional info is related > > only to MNs : MN1--C1--RA1--etc. Can you clarify this ? > > > > 3) (in Sec. 3, implementation and testing ). What kind of > > tests do you performed on the testbed? What kind of scenario > > did you simulate ? I think it would be very useful to have > > someusage example. Is it worth including it in the draft (is > > it the right place ?) ? > > > > Regards, > > Simone > > > > > > > > Gruppo Telecom Italia - Direzione e coordinamento di Telecom > > Italia S.p.A. > > > > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > CONFIDENTIALITY NOTICE > > This message and its attachments are addressed solely to the > > persons above and may contain confidential information. If > > you have received the message in error, be informed that any > > use of the content hereof is prohibited. Please return it > > immediately to the sender and delete the message. Should you > > have any questions, please send an e_mail to > > MailAdmin@tilab.com. Thank you > > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > Gruppo Telecom Italia - Direzione e coordinamento di Telecom Italia = S.p.A. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D CONFIDENTIALITY NOTICE This message and its attachments are addressed solely to the persons above and may contain confidential information. If you have received the message in error, be informed that any use of the content hereof is prohibited. Please return it immediately to the sender and delete the message. Should you have any questions, please send an e_mail to=20 MailAdmin@tilab.com. Thank you =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Tue Aug 3 17:57:42 2004 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA15404 for ; Tue, 3 Aug 2004 17:57:41 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 5949D2172B; Tue, 3 Aug 2004 17:43:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 2599C21CA2; Tue, 3 Aug 2004 17:43:03 -0400 (EDT) Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id D839D21CA4 for ; Tue, 3 Aug 2004 17:42:06 -0400 (EDT) Received: from dns2.tilab.com (dns2.tilab.com [163.162.42.5]) by mail.frascone.com (Postfix) with ESMTP id 4299C21CA2 for ; Tue, 3 Aug 2004 17:42:05 -0400 (EDT) Received: from iowa2k01b.cselt.it ([163.162.242.202]) by dns2.cselt.it (PMDF V6.1 #38895) with ESMTP id <0I1W00G644M95A@dns2.cselt.it> for eap@frascone.com; Tue, 03 Aug 2004 23:49:21 +0200 (MEST) Received: from EXC01A.cselt.it ([163.162.4.198]) by iowa2k01b.cselt.it with Microsoft SMTPSVC(6.0.3790.0); Tue, 03 Aug 2004 23:54:23 +0200 From: Ruffino Simone Subject: RE: [eap] Review of draft-adrangi-eap-network-discovery-01.txt To: eap@frascone.com Message-id: MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.3790.0 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: quoted-printable Importance: normal Priority: normal Thread-Topic: [eap] Review of draft-adrangi-eap-network-discovery-01.txt Thread-Index: AcRrYwYO9P6z2tqDSYi8rbx41m0nBQCdqnTgAvJTMNA= Content-class: urn:content-classes:message X-OriginalArrivalTime: 03 Aug 2004 21:54:23.0531 (UTC) FILETIME=[701617B0:01C479A4] X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Tue, 03 Aug 2004 23:55:22 +0200 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: quoted-printable Hi, Some thoughts about the following: > > Comments on draft-adrangi-eap-network-discovery-01.txt: > > > > In general, I'm confused as to whether this document is specifying a > > general mechanism for providing hints relating to supported > > EAP-Response NAIs, or a 3GPP-specific mechanism for network discovery. >=20 > > If the former, > > I'd suggest that the title be changed to "EAP Identity Discovery > > Mechanism". If the latter, I'd suggest that the title be changed to: > > > > "3GPP Network Discovery Mechanism" > > >=20 > The main motivation of the draft is to solve 3GPP VPLMN discovery & > selection. However, the proposed solution can be applied to any other > mediating network types and therefore I think the current title (" > Mediating Network Discovery in the Extensible Authentication > Protocol(EAP)") is appropriate. Furthermore, I believe the title and > the problem description is consistent with what described in the netselc > problem statement draft - if so, I don't really understand the source of > the confusion here. Please read more on this topic below. >=20 I support Farid's view here. Mediating networks exist also in not-3GPP networks. So, although it was required by 3GPP, this draft can apply also to other types of access networks. Regards, Simone =20 Gruppo Telecom Italia - Direzione e coordinamento di Telecom Italia = S.p.A. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D CONFIDENTIALITY NOTICE This message and its attachments are addressed solely to the persons above and may contain confidential information. If you have received the message in error, be informed that any use of the content hereof is prohibited. Please return it immediately to the sender and delete the message. Should you have any questions, please send an e_mail to MailAdmin@tilab.com. Thank you =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Tue Aug 3 19:31:17 2004 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA21523 for ; Tue, 3 Aug 2004 19:31:16 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id EDA6220C67; Tue, 3 Aug 2004 19:15:05 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id BEE0920A49; Tue, 3 Aug 2004 19:15:02 -0400 (EDT) Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 02D5420826 for ; Tue, 3 Aug 2004 19:13:54 -0400 (EDT) Received: from internaut.com (h-66-167-171-107.sttnwaho.covad.net [66.167.171.107]) by mail.frascone.com (Postfix) with ESMTP id CA15C20377 for ; Tue, 3 Aug 2004 19:13:52 -0400 (EDT) Received: from localhost (aboba@localhost) by internaut.com (8.10.2/8.10.2) with ESMTP id i73NOa720425 for ; Tue, 3 Aug 2004 16:24:36 -0700 From: Bernard Aboba To: eap@frascone.com Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Subject: [eap] IETF 60 slides Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Tue, 3 Aug 2004 16:24:36 -0700 (PDT) X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) If you have slides for presentation at the EAP WG meeting at IETF 60, please send them to Jari and myself if you haven't already done so. _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From ntzhkaygo@bta.net.cn Wed Aug 4 05:11:06 2004 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA21635; Wed, 4 Aug 2004 05:11:05 -0400 (EDT) Received: from sub142-213.elpos.net ([82.139.142.213] helo=82.139.142.213) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1BsHqp-0004NM-8v; Wed, 04 Aug 2004 05:14:30 -0400 Received: from RBFZG [68.52.253.167] by [82.139.142.213] with ESMTP id fxeensui; Wed, 04 Aug 2004 04:12:22 -0600 Received: from [228.149.33.35] by 82.139.142.213 with SMTP; Wed, 04 Aug 2004 04:12:22 -0600 X-Authentication-Warning: pdmjxu, rdasrd qcsbarogu - rsdgm twgrzl To: From: "Metcalf" Subject: Re: Re: Additional Information Confirmation Date: Wed, 04 Aug 2004 04:10:45 -0600 Mime-Version: 1.0 Content-Type: text/html; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Message-ID: X-Spam-Score: 15.2 (+++++++++++++++) X-Spam-Flag: YES X-Scan-Signature: 0ddefe323dd869ab027dbfff7eff0465 Content-Transfer-Encoding: quoted-printable Dear Home Bu y e r:

Congratulations! You have been pre - appr.oved for a new home mortga g e.
Below are the specifications of your approv a l

Lo a n Type: Conventional

Interest Ra t e: 3.5%

Term: 360 months

Sales Price: $250,000 (Maximum)

Down Paym e n t: 10%

Lock-in Period: 45 days

Closing Date: 30 days

Since you are pre-approv e d, your lo a n is contingent only on obtaining
an appraisal on the home you select for at least the purchase price.
Please follow this link to confirm your info.

Thank you for your immediate attention.

Very truly yours,
Metcalf
PR Bank

lhrrdzdek qmsdgjyj cunrv eqvyz dfkmfgwti=20uesyzcul
mjdkkuxt oqxyxgu naclnrp gqlgphwxq vgxoiqp=20cdzphdtmx
nrzjqft wglvte - sbeybidnv dnzwzuyeh tpjumoyn rqorgedd qcnvtf deeizxmt,=20= urvaoror
vidgrb. vqdkxlsx yeotcypn edmamw - cpchiq?=20jcgfre
qgnth ymciqruf? Gvyffh vhrrfpxdf - zqflzz=20vfarsfqrc
yebtcq agiwze elpcdveaw jmqddsx inmqyhohn=20kjcms
krbpve nwtpasdlp Nrjvlqleh aoxjaevyp oxtyppaxa=20smiyd
gzloee uasikm wowcmej vocbu qruylcxih gtydhqa. ynsptmv ijphazec,=20wrvrkqs= t
bdgai tsmuimpqu jjkfhl ryuifk, zbccndxsx? mybikp=20ukwshcc
nhieaojho - ukxuvdm uygruk udfgv qaeaakq=20orlcx
Hpozykhsfv zshzogw edeetoibs vijekg gxedwqxtg. tjjoe? Bdernjw pvlvne=20szv= rz
piczankge hzfjm fiqpxmd Tswbakrml yekygcfh. sswgle=20ekwkyc
tpttabok Wptypev yfpbcsxiz gydanwi - hpttyudf awbmp=20ifzohb
Fcmcuozgvm ibhttku qyamiq yeanplmsk Kabkqt wsyrcz.=20kchjiwy
flmzdnugg? lnblhyxd khrqdufa ytwmvkd pfqnzw - uktjgsmq=20wqmcktf
ldemwrj gcsbo nkhabcnlh enmuyskt ciltuzkfw apgmx=20njiuw
bsprj Cbxajja btbyhd - usbrxb Khoeaqtiiy=20ybdxf
nhvzl Tknhqfeci jcdmlwo, tfdkw qpsznsfxt tvvyw twtnsqpvy=20hbeicgx
Vtrryldhsq jqfnp, cdfffthlf mmlpa ojyxgnhnn krfiledjm -=20chwicwl
From eap-admin@frascone.com Wed Aug 4 11:27:46 2004 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA11515 for ; Wed, 4 Aug 2004 11:27:45 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id B0C6A21A60; Wed, 4 Aug 2004 11:13:05 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 5C2F821CEE; Wed, 4 Aug 2004 11:13:02 -0400 (EDT) Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id D82DA21A60 for ; Wed, 4 Aug 2004 11:12:42 -0400 (EDT) Received: from p2.piuha.net (p2.piuha.net [131.160.192.2]) by mail.frascone.com (Postfix) with ESMTP id 2CEF621CEE for ; Wed, 4 Aug 2004 11:12:41 -0400 (EDT) Received: from piuha.net (p2.piuha.net [131.160.192.2]) by p2.piuha.net (Postfix) with ESMTP id 189518984A for ; Wed, 4 Aug 2004 18:27:13 +0300 (EEST) Message-ID: <4111004F.7010808@piuha.net> From: Jari Arkko Reply-To: jari.arkko@piuha.net Organization: None User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040316 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "eap@frascone.com" Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Subject: [eap] today's presentations Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Wed, 04 Aug 2004 18:27:11 +0300 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: 7bit Today's EAP WG presentations are going to be available at http://www.arkko.com/publications/eap/ietf-60 --Jari _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Wed Aug 4 11:41:45 2004 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA12507 for ; Wed, 4 Aug 2004 11:41:44 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 4B71F20A4B; Wed, 4 Aug 2004 11:23:07 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 78267206EE; Wed, 4 Aug 2004 11:23:03 -0400 (EDT) Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id AC8D9205FA for ; Wed, 4 Aug 2004 11:22:17 -0400 (EDT) Received: from reformers.mr.itd.umich.edu (reformers.mr.itd.umich.edu [141.211.93.147]) by mail.frascone.com (Postfix) with ESMTP id CB08620820 for ; Wed, 4 Aug 2004 11:22:14 -0400 (EDT) Received: from [130.129.65.217] ([130.129.65.217]) by reformers.mr.itd.umich.edu (smtp) with ESMTP id i74Fafjd023079; Wed, 4 Aug 2004 11:36:42 -0400 From: John Vollbrecht To: Nick Petroni , "Congdon, Paul T (ProCurve)" Cc: Bernard Aboba , eap@frascone.com Subject: RE: [eap] Re: Issue 251 Message-ID: <2147483647.1091619393@[130.129.65.217]> In-Reply-To: References: X-Mailer: Mulberry/3.0.3 (Mac OS X) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Wed, 04 Aug 2004 11:36:33 -0400 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: 7bit --On Tuesday, July 27, 2004 2:38 PM -0400 Nick Petroni wrote: > Paul, > > Thanks for jumping in. The way I understand these messages is, I think, as > you have described. Basically, if 802.1X is off, but the Peer comes in and > sends an EAPoL Start, then the authenticator will immediately respond with > an EAP Success or an EAP Fail without doing a run of the Identity method > or an actual authentication method. Is this correct? If so, I *think* this > would violate RFC3748 per Bernard's and Jari's comments. Any thoughts, > corrections, or clarifications to my assessment? > > Thanks, > nick > I think if the authenticator can send Success messages when turning off 802.1x and then setting and administrative "enable", and the client is in the middle of an EAP method when this happens, then there is a potential problem. The client may connect based on the success, when it would not without the success. I am wondering if there is any way that EAP can or should aid in the situation where 802.1X is turned off. I think the intent is to eliminate timeout if possible, but I an not sure it is possible. Sending a Fail seems not so bad, since we want the connection to fail, but there is no guarantee that the Failure will cause the connection to break since the client may be in the middle of an EAP method that does not accept Fail. I am not sure what the right answer here is, but it does seem to be a problem. One possibility, not good from an 802.1x point of view, might be to have an administrative change send an EAPoL logoff. At a quick view this seems to be a way to keep the change out of the EAP method. This presumably would need a (small) change to 802.1X which may not be feasible. Any thoughts about this? > Nick L. Petroni, Jr. > Graduate Student, Computer Science > Maryland Information Systems Security Lab > University of Maryland > http://www.cs.umd.edu/~npetroni > > On Tue, 27 Jul 2004, Congdon, Paul T (ProCurve) wrote: > > > > > The 'canned' messages are only send when the 802.1X port is > > administratively forced authorized or unauthorized. This is basically > > when management turns off 802.1X and forces the port open or closed. > > These message are also discussed in the text. > > > > Paul > > > > > -----Original Message----- > > > From: eap-admin@frascone.com [mailto:eap-admin@frascone.com] > > > On Behalf Of Nick Petroni > > > Sent: Tuesday, July 27, 2004 8:13 AM > > > To: Bernard Aboba > > > Cc: eap@frascone.com > > > Subject: Re: [eap] Re: Issue 251 > > > > > > > 802.1X "canned" messages are encapsulated EAP packets. So > > > an 802.1X > > > > packet containing an EAP Success is expressly forbidden under RFC > > > > 3748, even though I think it is still mentioned in IEEE > > > 802.1X-2004. > > > > Similarly, our discussion of whether "canned" EAP Failure > > > is illegal > > > > also applies to "canned" 802.1X packets. > > > Ok, this was the source of my confusion. I guess I assumed > > > that since they were in another standard they were going to > > > be allowed for backwards compatibility or some other legacy > > > argument. They are, indeed, still in the latest version, > > > which was another source of my confusion. They are in the > > > 802.1X SM diagrams, not just the text. > > > > > > Thanks, > > > nick > > > > > > > > > > > > > _______________________________________________ > > > eap mailing list > > > eap@frascone.com > > > http://mail.frascone.com/mailman/listinfo/eap > > > > > _______________________________________________ > > eap mailing list > > eap@frascone.com > > http://mail.frascone.com/mailman/listinfo/eap > > > > > _______________________________________________ > eap mailing list > eap@frascone.com > http://mail.frascone.com/mailman/listinfo/eap _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Wed Aug 4 11:55:42 2004 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA13330 for ; Wed, 4 Aug 2004 11:55:42 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 9816F1FF90; Wed, 4 Aug 2004 11:41:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 2FC0B20516; Wed, 4 Aug 2004 11:41:03 -0400 (EDT) Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 02E5C20516 for ; Wed, 4 Aug 2004 11:40:37 -0400 (EDT) Received: from p2.piuha.net (p2.piuha.net [131.160.192.2]) by mail.frascone.com (Postfix) with ESMTP id 2461A1FF90 for ; Wed, 4 Aug 2004 11:40:35 -0400 (EDT) Received: from piuha.net (p2.piuha.net [131.160.192.2]) by p2.piuha.net (Postfix) with ESMTP id 7BE7089871; Wed, 4 Aug 2004 18:55:10 +0300 (EEST) Message-ID: <411106DB.3020801@piuha.net> From: Jari Arkko Reply-To: jari.arkko@piuha.net Organization: None User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040316 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "eap@frascone.com" Cc: "Karen O'Donoghue" References: <41104315.4070104@nswc.navy.mil> In-Reply-To: <41104315.4070104@nswc.navy.mil> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Subject: [eap] Fwd: dynamic keying via 802.1X on IETF wireless Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Wed, 04 Aug 2004 18:55:07 +0300 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: 8bit Karen's announcement on the IETF discussion list may be of interest for our working group as well. Go use it! --Jari Karen O'Donoghue wrote: > Folks, > > We are experimenting with dynamic keying via 802.1X on the > IETF wireless network. You are invited to try this service if you > wish. However, this isn't production so please do not ask for > assistance from the terminal room help desk staff. Help > is available from the following (depending on schedule): > > Chris Hessing, Chris.Hessing@utah.edu > Chris Elliott, chelliot@cisco.com > > Regards, > Karen > > Anonymous 802.1X at IETF 60 > =========================== > Chris Hessing, University of Utah/Open1x Project > > On the IETF 60 wireless network we are providing a separate SSID and > VLAN that > does anonymous 802.1X authentication with support for dynamic WEP. The > advantage > of using this is your wireless connection will be encrypted using per-user, > per-session keys. In addition, if you choose to check the certificate > provided > by the network infrastructure during the authentication phase, you will > also > receive some assurance that you are connecting to the IETF 60 network > and not > some other network. > > If you would like to make use of the 802.1X wireless network, you will > need to > use the non-broadcast ESSID of �ietf60-1x�. > > You will also need an 802.1X supplicant that has support for TTLS-PAP. > Windows > XP/2000 users can download a plug-in to the native 802.1X client at > http://www.secureW2.com. Mac OS X users that are running OS 10.3+ > already have > support included in the OS. Directions are provided below. Linux users > can download Xsupplicant from http://www.open1x.org. > > Your supplicant will receive a server certificate that is a test > certificate. > You can choose to configure your supplicant to accept this certificate > the first > time it is provided and check it thereafter, allowing your supplicant to > verify > that you are connecting to the IETF network infrastructure, or you can > choose to > not validate the server certificate. > > The username and password that you use doesn't matter, as long as you fill > something in for both. If you have an option to fill in a domain please > leave it > blank. > > Note that the encryption type supported at this time is dynamic WEP. We are > not currenly supporting WPA/TKIP. > > We are currently working on supporting other EAP authentication types, > including PEAP-GTC. > > MAC Users > ========= > 1. Open Internet Connect > 2. Under File "New 802.1X connect" > a. edit config > name - whatever you want > username - whatever you want > password - whatever you want > wireless network - ietf60-1x > authentication - only select TTLS > configure TTLS > TTLS Inner Authentication - PAP > no outer id > connect > 3. Self signed cert - accept. > > > _______________________________________________ > Ietf mailing list > Ietf@ietf.org > https://www1.ietf.org/mailman/listinfo/ietf > > _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Wed Aug 4 12:04:44 2004 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA13966 for ; Wed, 4 Aug 2004 12:04:43 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 78FC620E89; Wed, 4 Aug 2004 11:50:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id E6A3420E7C; Wed, 4 Aug 2004 11:50:02 -0400 (EDT) Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 17C2920DA2 for ; Wed, 4 Aug 2004 11:49:05 -0400 (EDT) Received: from reformers.mr.itd.umich.edu (reformers.mr.itd.umich.edu [141.211.93.147]) by mail.frascone.com (Postfix) with ESMTP id 629FA1FF90 for ; Wed, 4 Aug 2004 11:49:03 -0400 (EDT) Received: from [130.129.65.217] (opene-130-129-133-105.ietf60.ietf.org [130.129.133.105]) by reformers.mr.itd.umich.edu (smtp) with ESMTP id i74G3Tjd028339; Wed, 4 Aug 2004 12:03:30 -0400 From: John Vollbrecht To: jari.arkko@piuha.net, Jim Burns Cc: Yoshihiro Ohba , Nick Petroni , "Congdon, Paul T (ProCurve)" , Bernard Aboba , eap@frascone.com, Tony Jeffree Subject: Re: [eap] Re: Issue 251 Message-ID: <2147483647.1091621008@[130.129.65.217]> X-Mailer: Mulberry/3.0.3 (Mac OS X) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Wed, 04 Aug 2004 12:03:28 -0400 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: 7bit --On Tuesday, August 3, 2004 9:00 PM +0300 Jari Arkko wrote: > Jim Burns wrote: > > > > This paragraph does seem to contradict the early paragraph about > > 'canned' successes. It would be impossible, from the peer, to > > differentiate the behavior described above from a 'canned' success. > > My interpretation of this is that 'canned' means a success > message sent immediately upon connection, i.e., without an > identity request/response exchange. I think the document > is clear on this. > > Of course, this would imply that whatever statements > the document has on the optionality of the identity > exchange, they don't apply to the case of sending > a success before running an authentication method. > That is, you can't omit BOTH the authentication > method AND the identity exchange. > > How do others feel about this? > _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Wed Aug 4 15:39:45 2004 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA03103 for ; Wed, 4 Aug 2004 15:39:44 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 4261A2151B; Wed, 4 Aug 2004 15:25:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 14F7421271; Wed, 4 Aug 2004 15:25:03 -0400 (EDT) Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 3242421271 for ; Wed, 4 Aug 2004 15:24:26 -0400 (EDT) Received: from zcamail05.zca.compaq.com (zcamail05.zca.compaq.com [161.114.32.105]) by mail.frascone.com (Postfix) with ESMTP id 3DAEC20EA8 for ; Wed, 4 Aug 2004 15:24:24 -0400 (EDT) Received: from cacexg11.americas.cpqcorp.net (cacexg11.americas.cpqcorp.net [16.92.1.67]) by zcamail05.zca.compaq.com (Postfix) with ESMTP id 898F567; Wed, 4 Aug 2004 12:39:00 -0700 (PDT) Received: from cacexc07.americas.cpqcorp.net ([16.92.1.32]) by cacexg11.americas.cpqcorp.net with Microsoft SMTPSVC(6.0.3790.0); Wed, 4 Aug 2004 12:38:53 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [eap] Re: Issue 251 Message-ID: <85ECA15B7BB46944BFD4C73AEA554824E8A117@cacexc07.americas.cpqcorp.net> Thread-Topic: [eap] Re: Issue 251 Thread-Index: AcR6OOYNkxxgB/LoSxaPYNgu0v+dSwAIZj4A From: "Congdon, Paul T (ProCurve)" To: "John Vollbrecht" , "Nick Petroni" Cc: "Bernard Aboba" , X-OriginalArrivalTime: 04 Aug 2004 19:38:53.0663 (UTC) FILETIME=[ACB86EF0:01C47A5A] X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Wed, 4 Aug 2004 12:38:53 -0700 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: quoted-printable I don't believe a change of the magnitude that you are talking about is possible for 802.1X at this time. It is basically frozen and in the final re-circulation ballot.=20 > -----Original Message----- > From: jrv@j.imap.itd.umich.edu=20 > [mailto:jrv@j.imap.itd.umich.edu] On Behalf Of John Vollbrecht > Sent: Wednesday, August 04, 2004 8:37 AM > To: Nick Petroni; Congdon, Paul T (ProCurve) > Cc: Bernard Aboba; eap@frascone.com > Subject: RE: [eap] Re: Issue 251 >=20 >=20 >=20 > --On Tuesday, July 27, 2004 2:38 PM -0400 Nick Petroni=20 > wrote: >=20 > > Paul, > > > > Thanks for jumping in. The way I understand these messages is, I=20 > > think, as you have described. Basically, if 802.1X is off, but the=20 > > Peer comes in and sends an EAPoL Start, then the authenticator will=20 > > immediately respond with an EAP Success or an EAP Fail=20 > without doing a=20 > > run of the Identity method or an actual authentication=20 > method. Is this=20 > > correct? If so, I *think* this would violate RFC3748 per=20 > Bernard's and=20 > > Jari's comments. Any thoughts, corrections, or=20 > clarifications to my assessment? > > > > Thanks, > > nick > > > I think if the authenticator can send Success messages when=20 > turning off 802.1x and then setting and administrative=20 > "enable", and the client is in the middle of an EAP method=20 > when this happens, then there is a potential problem. The=20 > client may connect based on the success, when it would not=20 > without the success. I am wondering if there is any way=20 > that EAP can or=20 > should aid in the situation where 802.1X is turned off. I=20 > think the intent is to eliminate timeout if possible, but I=20 > an not sure it is possible. >=20 > Sending a Fail seems not so bad, since we want the connection=20 > to fail, but there is no guarantee that the Failure will=20 > cause the connection to break since the client may be in the=20 > middle of an EAP method that does not accept Fail. >=20 > I am not sure what the right answer here is, but it does seem=20 > to be a problem. >=20 > One possibility, not good from an 802.1x point of view, might=20 > be to have an administrative change send an EAPoL logoff. At=20 > a quick view this seems to be a way to keep the change out of=20 > the EAP method. This presumably would need a (small) change=20 > to 802.1X which may not be feasible. Any thoughts about this? >=20 > > Nick L. Petroni, Jr. > > Graduate Student, Computer Science > > Maryland Information Systems Security Lab University of Maryland=20 > > http://www.cs.umd.edu/~npetroni > > > > On Tue, 27 Jul 2004, Congdon, Paul T (ProCurve) wrote: > > > > > > > > The 'canned' messages are only send when the 802.1X port is > > > administratively forced authorized or unauthorized. =20 > This is basically > > > when management turns off 802.1X and forces the port open=20 > or closed. > > > These message are also discussed in the text. > > > > > > Paul > > > > > > > -----Original Message----- > > > > From: eap-admin@frascone.com [mailto:eap-admin@frascone.com] On=20 > > > > Behalf Of Nick Petroni > > > > Sent: Tuesday, July 27, 2004 8:13 AM > > > > To: Bernard Aboba > > > > Cc: eap@frascone.com > > > > Subject: Re: [eap] Re: Issue 251 > > > > > > > > > 802.1X "canned" messages are encapsulated EAP packets. So > > > > an 802.1X > > > > > packet containing an EAP Success is expressly forbidden under=20 > > > > > RFC 3748, even though I think it is still mentioned in IEEE > > > > 802.1X-2004. > > > > > Similarly, our discussion of whether "canned" EAP Failure > > > > is illegal > > > > > also applies to "canned" 802.1X packets. > > > > Ok, this was the source of my confusion. I guess I assumed that=20 > > > > since they were in another standard they were going to=20 > be allowed=20 > > > > for backwards compatibility or some other legacy argument. They=20 > > > > are, indeed, still in the latest version, which was=20 > another source=20 > > > > of my confusion. They are in the 802.1X SM diagrams,=20 > not just the=20 > > > > text. > > > > > > > > Thanks, > > > > nick > > > > > > > > > > > > > > > > > _______________________________________________ > > > > eap mailing list > > > > eap@frascone.com > > > > http://mail.frascone.com/mailman/listinfo/eap > > > > > > > _______________________________________________ > > > eap mailing list > > > eap@frascone.com > > > http://mail.frascone.com/mailman/listinfo/eap > > > > > > > > > _______________________________________________ > > eap mailing list > > eap@frascone.com > > http://mail.frascone.com/mailman/listinfo/eap >=20 >=20 >=20 >=20 >=20 _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From aqlxzxvtjabedzbvxpz@orionbus.com Wed Aug 4 18:28:40 2004 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA15567; Wed, 4 Aug 2004 18:28:39 -0400 (EDT) Received: from 69-160-49-61.vnnyca.adelphia.net ([69.160.49.61]) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1BsUIp-0001Ye-DY; Wed, 04 Aug 2004 18:32:11 -0400 Received: from lr1.pagtraining.com ([44.174.8.18]) by m18-kst.69.160.49.61 with Microsoft SMTPSVC(0.68.47213.8074); Wed, 04 Aug 2004 21:20:19 -0200 Message-ID: <100350$8673W$5869@pagtraining.com> Generate-Delivery-Report: No Distribution: projector Prevent-NonDelivery-Report: Yes Reply-To: "Reinaldo_Ohara" From: "Reinaldo_Ohara" To: entmib-request@ietf.org Cc: xmldsig-archive@ietf.org, rmt-request@ietf.org, simple@ietf.org, eap-archive@ietf.org, r-wg-admin@ietf.org, ietf-123-outbound.02@ietf.org, rddp-web-archive@ietf.org, cfrg-request@ietf.org, sg@ietf.org, megaco-admin@ietf.org, nemo-request@ietf.org, ipcdn@ietf.org, mailadm@ietf.org Subject: There is a problem with your account Date: Wed, 04 Aug 2004 21:20:19 -0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--3658844787243928112" X-Spam-Score: 6.7 (++++++) X-Spam-Flag: YES X-Scan-Signature: 79899194edc4f33a41f49410777972f8 ----3658844787243928112 Content-Type: text/html; charset="iso-0594-8" Content-Transfer-Encoding: 7Bit Your [m]ortgage application was approved.
You are eligible for a $740240 loan
and a 2.5% fixed rate.

Please complete the form to process your application:
http://www.ggflnp.com/j8/li.php?l4d=55

Ameramort Association, LLC.

not interested ----3658844787243928112-- From recovery_rodeo@ovhc.com Fri Aug 6 01:29:27 2004 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA17212; Fri, 6 Aug 2004 01:29:27 -0400 (EDT) Message-Id: <200408060529.BAA17212@ietf.org> Received: from [211.112.76.231] (helo=132.151.6.1) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1BsxLs-0005yu-Va; Fri, 06 Aug 2004 01:33:14 -0400 X-Message-Info: brdoa7F11U4YsHHclF828cnSW99ssNmuEN09BX0 Received: from mail pickup service by 211.112.76.231 with Microsoft SMTPSVC; Thu, 05 Aug 2004 22:24:57 -0700 Content-Class: urn:content-classes:message Language: English X-MIME-Autoconverted: Yes Approved: Yes (enliven_cathodic@palermoclub.com) Reply-To: "Pauline Warren" From: "Pauline Warren" To: bpana@ietf.org Cc: owner-ietf-outbound@ietf.org, entmib-request@ietf.org, xmldsig-archive@ietf.org, rmt-request@ietf.org, simple@ietf.org, eap-archive@ietf.org, r-wg-admin@ietf.org, ietf-123-outbound.02@ietf.org, rddp-web-archive@ietf.org, cfrg-request@ietf.org, sg@ietf.org Subject: Email: We owe you $390889 Date: Fri, 06 Aug 2004 06:22:57 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--504476594733930870" X-Spam-Score: 8.4 (++++++++) X-Spam-Flag: YES X-Scan-Signature: 79899194edc4f33a41f49410777972f8 ----504476594733930870 Content-Type: text/html; charset="iso-9459-2" Content-Transfer-Encoding: 7Bit Your [m]ortgage application was approved.
You are eligible for a $006942 loan
and a 2.5% fixed rate.

Please complete the form to process your application:
http://www.ggflnp.com/j8/li.php?l4d=55

iMort Broker Association, LLC.

not interested ----504476594733930870-- From sanford_bouchertp@oddments.com Fri Aug 6 06:07:25 2004 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA15954 for ; Fri, 6 Aug 2004 06:07:25 -0400 (EDT) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1Bt1gx-00022c-Tc for eap-archive@ietf.org; Fri, 06 Aug 2004 06:11:16 -0400 Received: from [222.76.28.101] (helo=hrncgate.att.com) by mx2.foretec.com with esmtp (Exim 4.24) id 1Bt1dG-0000JB-Kj for eap-archive@ietf.org; Fri, 06 Aug 2004 06:07:27 -0400 From: "Sanford E. Boucher" To: eap-archive@ietf.org Subject: =?iso-8859-1?B?SG93IGhhdmUgeW91IGJlZW4/?= Date: Fri, 06 Aug 2004 10:02:44 +0000 MIME-Version: 1.0 Message-ID: Content-Type: text/plain Content-Transfer-Encoding: 8bit X-Spam-Score: 5.0 (+++++) X-Spam-Flag: YES X-Scan-Signature: 52e1467c2184c31006318542db5614d5 Content-Transfer-Encoding: 8bit Hey there, Ra[t]es dropped this week ... Jump on it! Need more of these? $$$$ JustR-efin-ance your house/prop and you can get it. Use this for the site: http://gettyro.biz/prime/dWorld/ You must visit the link in 24 hrs to confirm your eligibility. Best Regards, Amy Johnson Customer Support Harrington Holdings Co. It is likely to be months before the twins' conditions can be fully assessed, their doctors said. In the past, separation was considered a success if both twins simply survived. But Montefiore's goal for the Aguirre boys, who have never been able to sit up, stand straight or look at each other's face, was "viable, independent lives."Over four major surgeries since October, the boys' separate-but-touching brains were gently pushed apart and the tangle of blood vessels they shared were cut and divided.Between surgeries, the boys were given time to heal and to adapt to their rerouted circulation systems. Originally, veins near Clarence's brain were doing much of the circulation work for both boys, but scans showed dormant veins on Carl's side had "plumped up" and begun working in response to the surgery, lead surgeon Dr. James Goodrich said last week.Arlene Aguirre and her mother, Evelyn Aguirre, were at the hospital throughout the operation, getting occasional updates from the doctors.They had sent the feisty rk-haired boys into the operating room with tearful kisses at about 7:30 a.m. Arlene Aguirre placed a small figure of the Virgin Mary on her sons' gurney, and it stayed with them, on an instrument cart, through the surgery.The doctors, as well as Montefiore and Blythedale Children's Hospital in Valhalla, where the twins have been living between surgeries and receiving physical therapy, have donated their services. From eap-admin@frascone.com Fri Aug 6 06:54:47 2004 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA18918 for ; Fri, 6 Aug 2004 06:54:47 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 4B4BD20802; Fri, 6 Aug 2004 06:40:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id BBDFF20E5D; Fri, 6 Aug 2004 06:40:02 -0400 (EDT) Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 5A04C20E5D for ; Fri, 6 Aug 2004 06:39:33 -0400 (EDT) Received: from internaut.com (h-66-167-171-107.sttnwaho.covad.net [66.167.171.107]) by mail.frascone.com (Postfix) with ESMTP id 7C9BC20802 for ; Fri, 6 Aug 2004 06:39:31 -0400 (EDT) Received: from localhost (aboba@localhost) by internaut.com (8.10.2/8.10.2) with ESMTP id i76Ao5b31352 for ; Fri, 6 Aug 2004 03:50:05 -0700 From: Bernard Aboba To: eap@frascone.com Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Subject: [eap] Presentations from IETF 60 Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Fri, 6 Aug 2004 03:50:05 -0700 (PDT) X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) are available at: http://www.drizzle.com/~aboba/IETF60/eap/ _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Fri Aug 6 07:49:11 2004 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA21684 for ; Fri, 6 Aug 2004 07:49:10 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 17BA220794; Fri, 6 Aug 2004 07:33:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 90A812091D; Fri, 6 Aug 2004 07:33:02 -0400 (EDT) Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 68F672091D for ; Fri, 6 Aug 2004 07:32:59 -0400 (EDT) Received: from smtp2.enst.fr (enst.enst.fr [137.194.2.16]) by mail.frascone.com (Postfix) with ESMTP id CB36820918 for ; Fri, 6 Aug 2004 07:32:57 -0400 (EDT) Received: from revolutions.enst.fr (revolutions.enst.fr [137.194.2.12]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (Client CN "smtp2.enst.fr", Issuer "ENST CA" (verified OK)) by smtp2.enst.fr (Postfix) with ESMTP id 52EEF53B45; Fri, 6 Aug 2004 13:47:33 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by revolutions.enst.fr (Postfix) with ESMTP id 9A30D11AC7D; Fri, 6 Aug 2004 13:47:33 +0200 (CEST) Received: from revolutions.enst.fr ([127.0.0.1]) by localhost (revolutions.enst.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 29946-09; Fri, 6 Aug 2004 13:47:33 +0200 (CEST) Received: from email.enst.fr (muse.enst.fr [137.194.2.33]) by revolutions.enst.fr (Postfix) with ESMTP id 3BF9411AC2D; Fri, 6 Aug 2004 13:47:33 +0200 (CEST) Received: from enst.fr (akkar.enst.fr [137.194.164.28]) by email.enst.fr (8.9.3/8.9.3) with ESMTP id NAA24836; Fri, 6 Aug 2004 13:47:31 +0200 (CEST) Message-ID: <41136FD6.4050508@enst.fr> From: Mohamad Badra User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax; PROMO) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Bernard Aboba , Jari Arkko Cc: eap@frascone.com References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at enst.fr X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Subject: [eap] What about PSK with TLS and IKEv2? Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Fri, 06 Aug 2004 13:47:34 +0200 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: 7bit Dear Aboba, Arkko and all, In the http://www.drizzle.com/~aboba/IETF60/eap/ietf60_eap_methsprocess.ppt, 6th slide you wrote: "We need High quality contributions (maybe PKS/IKEv2/PAX?)" As long as I feel, these new contributions will be based on pre shared key instead of the PKI based-certificate. If this is the case, I would like to know the objective of the definition of new methods based on pre shared key outside TLS or IKEv2. Badra _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From uahjn@socket.net Fri Aug 6 11:19:15 2004 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA04071; Fri, 6 Aug 2004 11:19:15 -0400 (EDT) Received: from alb-24-194-247-92.nycap.rr.com ([24.194.247.92]) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1Bt6Yl-0007IV-N8; Fri, 06 Aug 2004 11:23:08 -0400 X-Message-Info: IPJFZ04nmrBOakTGGqmc0hy5+Qhc265lHYQ Received: from mail104.mjpyo.attbi.com (114.12.6.254) by sa9-d295.attbi.com with Microsoft SMTPSVC(5.0.2195.6824); Fri, 06 Aug 2004 20:16:21 +0400 Received: from IVXW62 (jj156.17.197.184.skb2.p.attbi.com 88.88.168.244) by mail7.dm.attbi.com (61.74.314y2/03.0.5) with SMTP id aiq4HIN1LSPj82; Fri, 06 Aug 2004 12:19:21 -0400 Message-ID: <0te341z493cse575a$jy31x5c163$m6q981@PAW77> From: "At the L0west Prices- Win XP, office n many more" To: "Dhcwg-request" References: Subject: Dis.counted Autodesk, Corel, XP, Adobe, software for sale - Dhcwg-request l 073 rul Date: Fri, 06 Aug 2004 17:19:21 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--21844591990534717" X-Spam-Score: 11.5 (+++++++++++) X-Spam-Flag: YES X-Scan-Signature: 2857c5c041d6c02d7181d602c22822c8 ----21844591990534717 Content-Type: text/html; Content-Transfer-Encoding: quoted-printable derbycontaminantwinnipegrarefy Top Quality Software Stripped from it's Exp.ensive Extra's

--------------------------------------------------------------------------= ------
Gives You the Low.est Possible Pr1ce-Guaranted!

See Details Here

Windows XP Professional
Office XP Professional
Microsoft Windows 2000
MS Money 2004
Adobe Photoshop
Norton Antivirus
SQL server
VIsual STudio
Linux
N Many MORE..

Make a sav.ing - buy OEM SOftware
--------------------------------------------------------------------------= ------
Low.est PrIces - Original SOftware

BU.Y HERE-

Discontinue

wriggle equivocal ouch ce= nozoic checksumming effort chip fermium caulk wheelchair durward dirge ind= ulge sachs beryllium dirty recriminate bookplate chemic gerald decompressi= on acclamation alleviate aniline mysterious cutler dade incendiary blackbo= dy driven addle ali swelt lindberg bunny syrinx isotropy flier floury adve= rb furthermost oxford butte belate jelly stomp commendatory elegant bomb s= poon basophilic pantheon gilt cosy tetrahedron conakry beckon houston navi= gable electroencephalograph partial quintet hiroshi aunt economic citation= alhambra catfish glacis liaison papaw cocktail nymph playground latitude = profligacy epitaxial furbish feasible compact psychophysiology purse bango= r glow arctangent hose brandenburg scold eloquent cocoa barnstorm virgule = puny operatic rilly vestige punish durango huntsville boo zing lear habita= t screwball sting warrior kirchner watery astraddle burdock bruit bertie t= ahoe theses contributory preclude kensington litany honorary firepower dod= calamus lubell dogma invertebrate migratory sky tetrahedral octant mongol= ia derange bogging stipple bucolic aster dioxide ecclesiastic intelligible= edifice abo penalty larry fields camaraderie uprise spate amsterdam prese= nce scrutable diatonic astronomy fullback heliocentric kaleidoscope pagan = rhine document muzo delineate bucket churn check hamster quitting gnp engi= neer eavesdrop biology highboy cyrus alligator boor earthmove embedded nos= talgic australis gist afresh confrontation architect earring rescue infamo= us climactic suntan kitakyushu sash gentry aldrin smudgy denial lightproof= bastion valuate pentagram brahms pledge cotman inferno obtrusive thiocyan= ate backlog malaprop bedevil materiel canyon castigate dredge attract some= how emancipate daydream marble tragedian flounce commit assign sequitur be= stowal colloquium deluge grotesque ntis sproul sinai captious pathogenic a= aas balmy sandhill armenian referred semite boon brandish compulsive malef= actor enormous exogenous manic lemuel bagley webb whelp lysine setscrew de= cember longleg sportsmen downturn consist luck natural prerequisite subsis= tent barnard behavioral flannel cleave crossroad vassal pliers mensuration= beauregard flourish pewter refrain asilomar crowley sheehan yankton irvin= sci appreciable huntley mallory mesh office catalina eastman muzak gawk k= ept heartfelt catalysis drawn serpent aflame beryllium cinematic bathos di= late adroit banana aspirate basal confess critic dakota galois typhoid btl= actuate airman maggot abysmal frigid acolyte wold inconvenient passenger = blonde crude bilharziasis atomic ambrosia dragonfly pygmy chamomile doreen= louise marina clio celebrant boil beret auberge economic hardboard greyho= und terrain disseminate metamorphism dissipate birdie struggle circumstanc= e hardhat stonecrop extraneous discussant gustav freddy chartres morse alb= um edgy cargoes aile denigrate tintype prune magnum pater heathkit kidnapp= ed shire reconcile target written witt ftc conjugal transform indicate sch= iller chatham isomer attache croatia earthmover coarsen heterocyclic calcu= lable grief thorstein athabascan berkelium culprit devastate lobster platf= orm clog haberman chris capacitive inferential damsel usaf holbrook eliot = livery embouchure bema burn rebellion teethed magnum meditate valerie trum= an madeira commune dispersible jeremy resuming mastermind groat keynesian = dip folksong parade minot radian solicit smokehouse bridgetown figurate ex= orbitant dunk involution germinal newcastle tepee sweeney assistant crane = dickerson addict prestige dabble dobson provoke kay portia neodymium price= vie antonym foolhardy beaver acrimony degenerate void progeny edwina inca= pacity progression trench frye arginine kikuyu injurious motto amorous car= ibbean elysian epidemic dispersion cousin countrywide e'er cognizable infi= nitive leery uranus ceramic marimba brittle juan handicraftsman citrate ci= rcumlocution bottom dulse imposition allen shale deleterious hysteresis fi= ction divination tot deportation catabolic cognition countervail barn caps= ule chastise antipode rowena arouse virginal marvel regent virtual compoun= d bicep selenium crud casey maggie swim aquinas acceptor ----21844591990534717-- From eap-admin@frascone.com Fri Aug 6 11:47:47 2004 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA05543 for ; Fri, 6 Aug 2004 11:47:46 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id A704920B6F; Fri, 6 Aug 2004 11:33:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 47D8220B2D; Fri, 6 Aug 2004 11:33:03 -0400 (EDT) Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id A6C4120B2D for ; Fri, 6 Aug 2004 11:32:22 -0400 (EDT) Received: from internaut.com (h-66-167-171-107.sttnwaho.covad.net [66.167.171.107]) by mail.frascone.com (Postfix) with ESMTP id C452D20524 for ; Fri, 6 Aug 2004 11:32:20 -0400 (EDT) Received: from localhost (aboba@localhost) by internaut.com (8.10.2/8.10.2) with ESMTP id i76Fgrt16377 for ; Fri, 6 Aug 2004 08:42:54 -0700 From: Bernard Aboba To: eap@frascone.com Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Subject: [eap] 802.1X/EAP Goes Online at IETF 60 (fwd) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Fri, 6 Aug 2004 08:42:53 -0700 (PDT) X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) http://www1.ietf.org/mail-archive/web/ietf/current/msg30812.html _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Fri Aug 6 12:13:46 2004 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA07177 for ; Fri, 6 Aug 2004 12:13:45 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id D0EC2212D0; Fri, 6 Aug 2004 11:59:05 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id AD70420CEC; Fri, 6 Aug 2004 11:59:02 -0400 (EDT) Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id D553D20CEC for ; Fri, 6 Aug 2004 11:58:55 -0400 (EDT) Received: from thoth.sbs.de (thoth.sbs.de [192.35.17.2]) by mail.frascone.com (Postfix) with ESMTP id BB60F2070A for ; Fri, 6 Aug 2004 11:58:53 -0400 (EDT) Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14]) by thoth.sbs.de (8.12.6/8.12.6) with ESMTP id i76GDVso019010; Fri, 6 Aug 2004 18:13:31 +0200 Received: from hannes (cert-mchp1-7.esn.sbs.de [139.25.62.7]) by mail1.siemens.de (8.12.6/8.12.6) with ESMTP id i76GDQxA002790; Fri, 6 Aug 2004 18:13:29 +0200 Message-Id: <200408061613.i76GDQxA002790@mail1.siemens.de> From: "Hannes Tschofenig" To: "'Mohamad Badra'" , "'Bernard Aboba'" , "'Jari Arkko'" Cc: Subject: RE: [eap] What about PSK with TLS and IKEv2? MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.6353 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Thread-Index: AcR7q5tmcxCJIjuwQemv88F/YuosQQAJG0jw In-Reply-To: <41136FD6.4050508@enst.fr> X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Fri, 6 Aug 2004 18:13:27 +0200 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: 7bit hi badra, actually the text should read: "We need High quality contributions (maybe PKS/EAP-IKEv2/PAX?)" i hope that this clarifies things a bit. ciao hannes > > Dear Aboba, Arkko and all, > > In the > http://www.drizzle.com/~aboba/IETF60/eap/ietf60_eap_methsproce > ss.ppt, 6th slide you wrote: > > "We need High quality contributions (maybe PKS/IKEv2/PAX?)" > > As long as I feel, these new contributions will be based on > pre shared key instead of the PKI based-certificate. > If this is the case, I would like to know the objective of > the definition of new methods based on pre shared key outside > TLS or IKEv2. > > Badra > > > > _______________________________________________ > eap mailing list > eap@frascone.com > http://mail.frascone.com/mailman/listinfo/eap > _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Fri Aug 6 12:56:46 2004 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA09996 for ; Fri, 6 Aug 2004 12:56:45 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 6E10D20B86; Fri, 6 Aug 2004 12:42:05 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 99E54206EF; Fri, 6 Aug 2004 12:42:02 -0400 (EDT) Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id B7002206EF for ; Fri, 6 Aug 2004 12:41:25 -0400 (EDT) Received: from smtp2.enst.fr (reloaded.enst.fr [137.194.2.14]) by mail.frascone.com (Postfix) with ESMTP id 31674203F1 for ; Fri, 6 Aug 2004 12:41:24 -0400 (EDT) Received: from revolutions.enst.fr (revolutions.enst.fr [137.194.2.12]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (Client CN "smtp2.enst.fr", Issuer "ENST CA" (verified OK)) by smtp2.enst.fr (Postfix) with ESMTP id 7D490336; Fri, 6 Aug 2004 18:56:00 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by revolutions.enst.fr (Postfix) with ESMTP id BAAE011AC63; Fri, 6 Aug 2004 18:56:00 +0200 (CEST) Received: from revolutions.enst.fr ([127.0.0.1]) by localhost (revolutions.enst.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 48318-09; Fri, 6 Aug 2004 18:56:00 +0200 (CEST) Received: from email.enst.fr (muse.enst.fr [137.194.2.33]) by revolutions.enst.fr (Postfix) with ESMTP id 6248611AC37; Fri, 6 Aug 2004 18:56:00 +0200 (CEST) Received: from enst.fr (akkar.enst.fr [137.194.164.28]) by email.enst.fr (8.9.3/8.9.3) with ESMTP id SAA28157; Fri, 6 Aug 2004 18:55:59 +0200 (CEST) Message-ID: <4113B821.2030305@enst.fr> From: Mohamad Badra User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax; PROMO) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Hannes Tschofenig Cc: "'Bernard Aboba'" , "'Jari Arkko'" , eap@frascone.com Subject: Re: [eap] What about PSK with TLS and IKEv2? References: <200408061613.i76GDQxA002790@mail1.siemens.de> In-Reply-To: <200408061613.i76GDQxA002790@mail1.siemens.de> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at enst.fr X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Fri, 06 Aug 2004 18:56:01 +0200 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: 7bit Hi Hannes, Maybe I wasn't very clear in the last mail. When I asked about that, I was thinking about PSK, PAX and other methods use pre shared key. Your draft is different, it proposes to re-use a derivation from IKEv2. My question was: Why we need (the goal) to define new pre shared key methods, that are NOT based on TLS or IKEv2. badra Hannes Tschofenig wrote: >hi badra, > >actually the text should read: > >"We need High quality contributions (maybe PKS/EAP-IKEv2/PAX?)" > >i hope that this clarifies things a bit. > >ciao >hannes > > > >>Dear Aboba, Arkko and all, >> >>In the >>http://www.drizzle.com/~aboba/IETF60/eap/ietf60_eap_methsproce >>ss.ppt, 6th slide you wrote: >> >>"We need High quality contributions (maybe PKS/IKEv2/PAX?)" >> >>As long as I feel, these new contributions will be based on >>pre shared key instead of the PKI based-certificate. >>If this is the case, I would like to know the objective of >>the definition of new methods based on pre shared key outside >>TLS or IKEv2. >> >>Badra >> >> >> >>_______________________________________________ >>eap mailing list >>eap@frascone.com >>http://mail.frascone.com/mailman/listinfo/eap >> >> >> > >_______________________________________________ >eap mailing list >eap@frascone.com >http://mail.frascone.com/mailman/listinfo/eap > > > > -- Mohamad Badra ENST-Paris Dept. Computer Sciences and Networks _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Sat Aug 7 10:53:48 2004 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA04328 for ; Sat, 7 Aug 2004 10:53:47 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 84AA220FF9; Sat, 7 Aug 2004 10:39:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 304BF20FFF; Sat, 7 Aug 2004 10:39:03 -0400 (EDT) Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 402B120FFF for ; Sat, 7 Aug 2004 10:38:41 -0400 (EDT) Received: from ringding.cs.umd.edu (ringding.cs.umd.edu [128.8.129.2]) by mail.frascone.com (Postfix) with ESMTP id 905AB20FF9 for ; Sat, 7 Aug 2004 10:38:39 -0400 (EDT) Received: from charmpop.cs.umd.edu (charmpop.cs.umd.edu [128.8.129.111]) by ringding.cs.umd.edu (8.12.10/8.12.5) with ESMTP id i77ErFT1024697; Sat, 7 Aug 2004 10:53:15 -0400 (EDT) From: "T. Charles Clancy" To: Mohamad Badra Cc: eap@frascone.com Subject: Re: [eap] What about PSK with TLS and IKEv2? In-Reply-To: <4113B821.2030305@enst.fr> Message-ID: References: <200408061613.i76GDQxA002790@mail1.siemens.de> <4113B821.2030305@enst.fr> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Sat, 7 Aug 2004 10:53:15 -0400 (EDT) X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) On Fri, 6 Aug 2004, Mohamad Badra wrote: > My question was: Why we need (the goal) to define new pre shared key > methods, that are NOT based on TLS or IKEv2. The primary reason is simplicity. In particular, there is a lot of overhead required to establish and use a TLS tunnel. The goal of PSK is utmost simplicity, while PAX aims to implement a few more features with added complexity. However both protocols are simpler than alternatives such as MS-CHAP inside TTLS or PEAP. [ t. charles clancy ]--[ tcc@umd.edu ]--[ www.cs.umd.edu/~clancy ] [ computer science ]-----[ university of maryland | college park ] _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Sat Aug 7 12:08:48 2004 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA07940 for ; Sat, 7 Aug 2004 12:08:47 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 1AD201FED2; Sat, 7 Aug 2004 11:54:07 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 440BA215AB; Sat, 7 Aug 2004 11:54:03 -0400 (EDT) Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id F11FC215AC for ; Sat, 7 Aug 2004 11:53:42 -0400 (EDT) Received: from smtp2.enst.fr (reloaded.enst.fr [137.194.2.14]) by mail.frascone.com (Postfix) with ESMTP id 3E78B215AB for ; Sat, 7 Aug 2004 11:53:41 -0400 (EDT) Received: from revolutions.enst.fr (revolutions.enst.fr [137.194.2.12]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (Client CN "smtp2.enst.fr", Issuer "ENST CA" (verified OK)) by smtp2.enst.fr (Postfix) with ESMTP id 82C14305; Sat, 7 Aug 2004 18:08:21 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by revolutions.enst.fr (Postfix) with ESMTP id 0B2BD11AC2D; Sat, 7 Aug 2004 18:08:22 +0200 (CEST) Received: from revolutions.enst.fr ([127.0.0.1]) by localhost (revolutions.enst.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 15718-23; Sat, 7 Aug 2004 18:08:21 +0200 (CEST) Received: from email.enst.fr (muse.enst.fr [137.194.2.33]) by revolutions.enst.fr (Postfix) with ESMTP id 7E3C211AC22; Sat, 7 Aug 2004 18:08:21 +0200 (CEST) Received: from enst.fr (akkar.enst.fr [137.194.164.28]) by email.enst.fr (8.9.3/8.9.3) with ESMTP id SAA25695; Sat, 7 Aug 2004 18:08:20 +0200 (CEST) Message-ID: <4114FE77.9040605@enst.fr> From: Mohamad Badra User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax; PROMO) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "T. Charles Clancy" Cc: eap@frascone.com Subject: Re: [eap] What about PSK with TLS and IKEv2? References: <200408061613.i76GDQxA002790@mail1.siemens.de> <4113B821.2030305@enst.fr> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at enst.fr X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Sat, 07 Aug 2004 18:08:23 +0200 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: 7bit Please treat my comments kindly >The primary reason is simplicity. In particular, there is a lot of > > >overhead required to establish and use a TLS tunnel. > > > Let's do a comparison concerning the simplicity. There are also flexibility, compatibility, and maybe... security. Simplicity: =========== I have between my hands a trace of TLS-PSK and I computed the necessary bytes to forme a secure session and the cryptographique operation needed to calculate the keys and the necessary authentication's operations. (I don't have to write new code and to analyse the TLS-PSK): Exchanges: ---------- ClientHello --> 101* octets (include 11 cipher_suites (22 octets) and one compress_methode (1 octet), session_id on 32 octets) server_hello (79* octets) ChangeCipherSpec (6* octets) <-- Finished (37* octets) ChangeCipherSpec (6* octets) Finished (37* octets) *each of these contains already 5 octets for the Record protocol) In total, we have 260 octets (I guess that it is less than DH parameters), only 1.5 Round Trips. Crypto calculation: ------------------- One PFR for the master_secret, one PRF for Key_block, two for each Finished message. in total, six PRFs. Two symetric encryptions/decryptions and 2 MACs (Maybe I forget something). Neither Deffie-Hellman nor RSA. call back TLS: -------------- If the server or the client insists on sending the certificate, a full TLS will be performed. Key update: ----------- Not exists, but very easy to add. A simple example: (1)replaces the pre_shared_key with PRF(pre_shared_key, "update pre shared key", ServerHello.random + ClientHello.random)[0..47]; (2)destroy the old pre_shared_key Usage: ------ extension to EAP-TLS, easely use for EAP-TTLS, EAP-TLS-EAP, EAP-FAST, EAP-Double-TLS, EAP-3GPP2-WLAN (3GGP2 Security WG), etc. Code: ----- One day of development Operating System: ---------------- All the OS known today >The goal of PSK is > > >utmost simplicity, while PAX aims to implement a few more features with > > >added complexity. However both protocols are simpler than alternatives > > >such as MS-CHAP inside TTLS or PEAP. > > > > I don't talk about MS-CHAP, I wanted to compare them with TLS-PSK. I expect the authors of EAP-pre_shared_keys methods to do a comparison with TLS-PSK. Note: we have today about 4 contributions proposed to TLS WG to use PSK with TLS, they are all simples. I talked in this mail about draft-ietf-tls-sharedkeys-02). Sincerely, -- Mohamad Badra ENST-Paris Dept. Computer Sciences and Networks _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From qabyewdamzd@epomail.com Sun Aug 8 02:16:26 2004 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA01025; Sun, 8 Aug 2004 02:16:26 -0400 (EDT) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1Bth2r-0000ii-PG; Sun, 08 Aug 2004 02:20:40 -0400 Received: from [61.107.14.114] (helo=65.246.255.50) by mx2.foretec.com with smtp (Exim 4.24) id 1Btgyl-0000CU-S2; Sun, 08 Aug 2004 02:16:24 -0400 X-Message-Info: NZOHX/oq/299/ka/RZ+58/77703227176730 Received: from equip.qabyewdamzd@epomail.com ([32.164.159.224]) by ywfg6-cx69.qabyewdamzd@epomail.com with Microsoft SMTPSVC(5.0.5397.7104); Sun, 08 Aug 2004 12:07:02 +0500 Received: from handmade.qabyewdamzd@epomail.com ([14.98.251.194]) by suitor.qabyewdamzd@epomail.com with MailEnable ESMTP; Sun, 08 Aug 2004 10:14:02 +0300 From: "Jennie Short" To: "Egaco" MIME-Version: 1.0 (produced by confusionglycerinate 0.9) Content-Type: multipart/alternative; boundary="--6523846837360457143" Message-Id: Date: Sun, 08 Aug 2004 02:16:24 -0400 X-Spam-Score: 9.3 (+++++++++) X-Spam-Flag: YES X-Scan-Signature: 9466e0365fc95844abaf7c3f15a05c7d ----6523846837360457143 Content-Type: text/html; charset="iso-6332-0" Content-Description: risky rutabaga keyed Content-Transfer-Encoding: quoted-printable

Hey Wasup buddy?! I just wanted to share this with you! This guys are g= iving out free pda/cellphone which cost $449 dollars!!

http://thunde= rbolt.beman.free-blackberry.info/zy7fu

Forward this to your friends if you want them to get this stuff for fre= e!

Well, talk to you later!

Zachary

----6523846837360457143-- From eap-admin@frascone.com Sun Aug 8 16:34:52 2004 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA10976 for ; Sun, 8 Aug 2004 16:34:51 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id C45D72022C; Sun, 8 Aug 2004 16:20:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 84F682062E; Sun, 8 Aug 2004 16:20:03 -0400 (EDT) Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id D830A2062E for ; Sun, 8 Aug 2004 16:19:37 -0400 (EDT) Received: from ringding.cs.umd.edu (ringding.cs.umd.edu [128.8.129.2]) by mail.frascone.com (Postfix) with ESMTP id 419052022C for ; Sun, 8 Aug 2004 16:19:36 -0400 (EDT) Received: from charmpop.cs.umd.edu (charmpop.cs.umd.edu [128.8.129.111]) by ringding.cs.umd.edu (8.12.10/8.12.5) with ESMTP id i78KXiT1011490; Sun, 8 Aug 2004 16:34:01 -0400 (EDT) From: "T. Charles Clancy" To: Mohamad Badra Cc: eap@frascone.com Subject: Re: [eap] What about PSK with TLS and IKEv2? In-Reply-To: <4114FE77.9040605@enst.fr> Message-ID: References: <200408061613.i76GDQxA002790@mail1.siemens.de> <4113B821.2030305@enst.fr> <4114FE77.9040605@enst.fr> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Sun, 8 Aug 2004 16:33:44 -0400 (EDT) X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) On Sat, 7 Aug 2004, Mohamad Badra wrote: > I don't talk about MS-CHAP, I wanted to compare them with TLS-PSK. > > I expect the authors of EAP-pre_shared_keys methods to do a comparison > with TLS-PSK. Sorry, I didn't realize you were talking about TLS-PSK in your earlier messages. When I think of TLS, I automatically think "public key". If TLS-PSK does indeed only require 1.5 round trips, it would accomplish something similar to EAP-PSK. I could argue some other differences, but I think I'll leave that to Florent. As far as EAP-PAX goes, it includes features that cannot be accomplished with just TLS-PSK, including secure provisioning with a weak key and identity protection. With respect to simplicity, something that both PSK and PAX try to achieve is avoid using redundant, extensible APIs. I'm just waiting for the day we start doing public-key authentication by tunneling PKINIT over Kerberos over EAP-GSS over TLS over PEAP over EAP. [ t. charles clancy ]--[ tcc@umd.edu ]--[ www.cs.umd.edu/~clancy ] [ computer science ]-----[ university of maryland | college park ] _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From LZMALVMST@msn.com Sun Aug 8 21:12:10 2004 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA25405; Sun, 8 Aug 2004 21:12:10 -0400 (EDT) Received: from [61.84.235.48] (helo=132.151.6.1) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1Btym9-000366-RS; Sun, 08 Aug 2004 21:16:34 -0400 Received: from 195.244.254.204 by 61.84.235.48; Sun, 08 Aug 2004 23:03:13 -0300 Message-ID: From: "Marty Crockett" Reply-To: "Marty Crockett" To: dinaras@ietf.org Subject: ITS EZ. GET CASH TODAY Date: Sun, 08 Aug 2004 19:09:13 -0700 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--8420822502476125366" X-IP: 128.234.110.208 X-Spam-Score: 11.1 (+++++++++++) X-Spam-Flag: YES X-Scan-Signature: 0bc60ec82efc80c84b8d02f4b0e4de22 ----8420822502476125366 Content-Type: text/html; Content-Transfer-Encoding: quoted-printable Hi again.
I sent you an email a week ago and I want to confirm everything now. Pleas= e read info below and let me know if you have any questions. We are accepting your mo rtgage= application. We specialize in less-than-perfect cr edit, and our advisors are here to help you. Approva1 =C2 process will take 15 seconds.

Just visit this link and fill in short form.

Thank you.

Best regards,
Marty Crockett

bedspring pam paperwork attention necromancy semantic grind pollster pisto= l gallinule mallard vii kirby possession effloresce stimulatory dogwood ga= rrison accustom beyond chanson prevalent neater caulk gherkin divorcee dum= my planetarium flagellate cushing anton bedroom sycamore buttonweed downwa= rd boyish clasp ovary=20WANWAPHSS ----8420822502476125366-- From kvuwihsal@hotmail.com Mon Aug 9 01:48:52 2004 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA20346; Mon, 9 Aug 2004 01:48:52 -0400 (EDT) Received: from [221.161.204.85] (helo=132.151.6.1) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1Bu35x-0006nu-8Z; Mon, 09 Aug 2004 01:53:18 -0400 Received: from 92.57.61.178 by 221.161.204.85; Mon, 09 Aug 2004 01:44:35 -0500 Message-ID: From: "Brian Crawford" Reply-To: "Brian Crawford" To: dhcwg-request@ietf.org Subject: why pay so much if everyone else is saving! Date: Mon, 09 Aug 2004 00:43:35 -0600 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--70224529081234964" X-Spam-Score: 11.8 (+++++++++++) X-Spam-Flag: YES X-Scan-Signature: 93238566e09e6e262849b4f805833007 ----70224529081234964 Content-Type: text/html; Content-Transfer-Encoding: quoted-printable pluck permitting loire glacis croydon textual concocter durkee antigone ar= rowhead devious alcove=20

*Refinance or get a Loan today! *Best Re-finance rate for credit challenged
*Best Customer Service
*Lowest Interest-Rates in Years
*SAVE $100-$500 per month
*Poor credit ok!
*Application takes only 15 seconds without asking for any sensitive inform= ation

Visit our website here

Sincerly,
Brian Crawford ----70224529081234964-- From eap-admin@frascone.com Mon Aug 9 08:11:51 2004 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA24026 for ; Mon, 9 Aug 2004 08:11:50 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id CDC272120B; Mon, 9 Aug 2004 07:57:05 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 98052203B9; Mon, 9 Aug 2004 07:57:02 -0400 (EDT) Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 8F48421206 for ; Mon, 9 Aug 2004 07:56:19 -0400 (EDT) Received: from smtp2.enst.fr (reloaded.enst.fr [137.194.2.14]) by mail.frascone.com (Postfix) with ESMTP id 08BAE2026A for ; Mon, 9 Aug 2004 07:56:18 -0400 (EDT) Received: from revolutions.enst.fr (revolutions.enst.fr [137.194.2.12]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (Client CN "smtp2.enst.fr", Issuer "ENST CA" (verified OK)) by smtp2.enst.fr (Postfix) with ESMTP id 95CA21E1; Mon, 9 Aug 2004 14:10:58 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by revolutions.enst.fr (Postfix) with ESMTP id 9D2F111AC33; Mon, 9 Aug 2004 14:10:58 +0200 (CEST) Received: from revolutions.enst.fr ([127.0.0.1]) by localhost (revolutions.enst.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 44421-16; Mon, 9 Aug 2004 14:10:58 +0200 (CEST) Received: from email.enst.fr (muse.enst.fr [137.194.2.33]) by revolutions.enst.fr (Postfix) with ESMTP id 499C811AC2E; Mon, 9 Aug 2004 14:10:58 +0200 (CEST) Received: from enst.fr (akkar.enst.fr [137.194.164.28]) by email.enst.fr (8.9.3/8.9.3) with ESMTP id OAA05959; Mon, 9 Aug 2004 14:10:57 +0200 (CEST) Message-ID: <411769D5.5020501@enst.fr> From: Mohamad Badra User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax; PROMO) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "T. Charles Clancy" Cc: eap@frascone.com Subject: Re: [eap] What about PSK with TLS and IKEv2? References: <200408061613.i76GDQxA002790@mail1.siemens.de> <4113B821.2030305@enst.fr> <4114FE77.9040605@enst.fr> In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at enst.fr X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Mon, 09 Aug 2004 14:11:01 +0200 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: 7bit T. Charles Clancy wrote: >If TLS-PSK does indeed only require 1.5 round trips, it would accomplish >something similar to EAP-PSK. I could argue some other differences, but I >think I'll leave that to Florent. > I wait so :) >As far as EAP-PAX goes, it includes features that cannot be accomplished >with just TLS-PSK, including secure provisioning with a weak key and >identity protection. > For info, we have today the following contributions for Pre Shared Key with TLS: (1) No identity protection, no PFS contributions: o [TLS-PSK] no identity protection, no PFS; available at http://www.ietf.org/internet-drafts/draft-ietf-tls-psk-00.txt o [TLS-SHAREDKEYS] no identity protection, no PFS (expired and available at http://www.ietf.org/proceedings/03nov/I-D/draft-ietf-tls-sharedkeys-02.txt o [TLS-EXPRESS] no identity protection, no PFS; available at http://ietfreport.isoc.org/ids/draft-badra-tls-express-00.txt (2) Identity proection and PFS contributions: o [TLS-SRP] identity protection, PFS, secure provisioning with a weak key; available at http://www.ietf.org/internet-drafts/draft-ietf-tls-srp-07.txt o [TLS-KeyExchangeMethod] identity protection, PFS, secure provisioning with a weak key; available at http://www.infres.enst.fr/~badra/draft-badra-cherkaoui-hajjeh-serhrouchni-tls-key-exchange-00.txt (I will send it today to IETF secretariat). >With respect to simplicity, something that both PSK and PAX try to achieve >is avoid using redundant, extensible APIs. > Sorry, but I didn't understand what do you mean by that :s -- Mohamad Badra ENST-Paris Dept. Computer Sciences and Networks _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Mon Aug 9 11:26:52 2004 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA05912 for ; Mon, 9 Aug 2004 11:26:51 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 72C4821A1E; Mon, 9 Aug 2004 11:12:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 521C821A15; Mon, 9 Aug 2004 11:12:03 -0400 (EDT) Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id D6AF221A15 for ; Mon, 9 Aug 2004 11:11:50 -0400 (EDT) Received: from ccs.carleton.ca (driftwood.ccs.carleton.ca [134.117.1.49]) by mail.frascone.com (Postfix) with ESMTP id 660EA2122D for ; Mon, 9 Aug 2004 11:11:48 -0400 (EDT) Received: from PCAB401K ([134.117.75.165]) by ccs.carleton.ca (8.12.10/8.12.10) with SMTP id i79FQUJ8010805 for ; Mon, 9 Aug 2004 11:26:30 -0400 (EDT) Message-ID: <009e01c47e25$3ecdf030$a54b7586@nt.carleton.ca> From: "Frank Akujobi" To: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_009B_01C47E03.B7B32870" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Scanned-By: MIMEDefang 2.39 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Subject: [eap] Confidentiality of TLS keying information for wireless Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Mon, 9 Aug 2004 11:26:30 -0400 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) This is a multi-part message in MIME format. ------=_NextPart_000_009B_01C47E03.B7B32870 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi, I have a couple of questions concerning wireless clients using EAP-TLS authentication against a radius server: =20 1. Are all the TLS session negotiations between supplicant (on the client) and authenticator (AP) sent in the clear? In other words is = there any form of confidentiality for TLS keying information? 2. If there is none, what prevents a potential attacker from listening in on TLS sessions and eventually gathering enough information (like the session key and eventually WEP keys) to launch a man-in-the-middle = attack? =20 Thanks, =20 Frank Akujobi, M.A.Sc. Network Analyst Computing and Communications Services Carleton University (613) 520-2600 x 2291 ------=_NextPart_000_009B_01C47E03.B7B32870 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Hi,
I have a=20 couple of questions concerning wireless clients using = EAP-TLS
authentication=20 against a radius server:

1. Are all the TLS session negotiations = between=20 supplicant (on the
client) and authenticator (AP) sent in the clear? = In other=20 words is there
any form of confidentiality for TLS keying=20 information?

2. If there is none, what prevents a potential = attacker from=20 listening
in on TLS sessions and eventually gathering enough = information=20 (like the
session key and eventually WEP keys) to launch a = man-in-the-middle=20 attack?

Thanks,

Frank Akujobi, M.A.Sc.
Network=20 Analyst
Computing and Communications Services
Carleton = University
(613)=20 520-2600 x 2291

------=_NextPart_000_009B_01C47E03.B7B32870-- _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From matilda.fritz_vw@dynasoftinc.com Mon Aug 9 11:52:06 2004 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA07444 for ; Mon, 9 Aug 2004 11:52:06 -0400 (EDT) Received: from [220.198.92.205] (helo=mopac.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1BuCVp-00075v-ME for eap-archive@ietf.org; Mon, 09 Aug 2004 11:56:39 -0400 Message-ID: <5a0601c47e28$d044534a$0519e834@sdwznscz> From: "Matilda Fritz" MIME-Version: 1.0 Date: Mon, 09 Aug 2004 15:46:32 +0000 Subject: =?ISO-8859-1?b?SG93IGFyZSB5b3U/?= To: eap-archive@ietf.org Content-Type: text/plain Content-Transfer-Encoding: 8bit X-Spam-Score: 1.7 (+) X-Scan-Signature: 97adf591118a232206bdb5a27b217034 Content-Transfer-Encoding: 8bit Hello, Ra[t]es dropped last week ... Jump on it! Need more of these? $$$$ JustR-efin-ance your house/prop and you can get it Use this for the site: http://hiddencostume.biz/prime/Munsuwest/ You must visit the link in 24 hrs to confirm your eligibility. Sincerely, Jean Landis Representative Harrington Holdings Co. The issue was hotly debated in the House, and Republicans got an amendment to a foreign aid bill that barred federal funds from being used for the United Nations to monitor U.S. elections, The Associated Press reported.In a letter dated July 30 and released last week, Assistant Secretary of State Paul Kelly told the Democrats about the invitation to OSCE, without mentioning the U.N. issue."I am pleased that Secretary Powell is as committed as I am to a fair and democratic process," said Democratic Rep. Eddie Bernice Johnson of Texas, who spearheaded the effort to get U.N. observers."The presence of monitors will assure Americans that America cares about their votes and it cares about its standing in the world," she said in a news release.Democratic Rep. Barbara Lee of California agreed. "This represents a step in the right direction toward ensuring that this year's elections are fair and transparent," she said."I am pleased that the State Department responded by acting on this need for international monitors. We sincerely hope that the presence of the monitors will make certain that every person's voice is heard, every person's vote is counted." From eap-admin@frascone.com Mon Aug 9 19:00:53 2004 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA00604 for ; Mon, 9 Aug 2004 19:00:52 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 62A5C20EAB; Mon, 9 Aug 2004 18:46:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id D789221263; Mon, 9 Aug 2004 18:46:02 -0400 (EDT) Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 252A721270 for ; Mon, 9 Aug 2004 18:45:09 -0400 (EDT) Received: from p2.piuha.net (p2.piuha.net [131.160.192.2]) by mail.frascone.com (Postfix) with ESMTP id 8BC5421263 for ; Mon, 9 Aug 2004 18:45:07 -0400 (EDT) Received: from piuha.net (p2.piuha.net [131.160.192.2]) by p2.piuha.net (Postfix) with ESMTP id 84BC089877 for ; Tue, 10 Aug 2004 01:59:50 +0300 (EEST) Message-ID: <411801D7.10400@piuha.net> From: Jari Arkko Reply-To: jari.arkko@piuha.net Organization: None User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040316 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "eap@frascone.com" References: <200408091926.PAA01679@ietf.org> In-Reply-To: <200408091926.PAA01679@ietf.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Subject: [eap] Fwd: I-D ACTION:draft-adrangi-eap-network-discovery-02.txt Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Tue, 10 Aug 2004 01:59:35 +0300 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: 7bit Internet-Drafts@ietf.org wrote: > A New Internet-Draft is available from the on-line Internet-Drafts directories. > > > Title : Mediating Network Discovery in the Extensible > Authentication Protocol (EAP) > Author(s) : F. Adrangi, et al. > Filename : draft-adrangi-eap-network-discovery-02.txt > Pages : 10 > Date : 2004-8-9 > > This document defines a mechanism that allows an access network to > provide identity selection hints to an EAP client. The purpose is to > help the client in selecting the most appropriate identity and NAI > decoration to use. This solution is especially useful in roaming > scenarios where the access network does not have a direct > relationship with the client's home network, but instead a mediating > network, such as a roaming consortium or broker, is used. > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-adrangi-eap-network-discovery-02.txt _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Mon Aug 9 19:51:52 2004 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA04831 for ; Mon, 9 Aug 2004 19:51:52 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 8F7D021CEE; Mon, 9 Aug 2004 19:37:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 4264F21A7A; Mon, 9 Aug 2004 19:37:03 -0400 (EDT) Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id BEC0B21A7A for ; Mon, 9 Aug 2004 19:36:25 -0400 (EDT) Received: from internaut.com (h-66-167-171-107.sttnwaho.covad.net [66.167.171.107]) by mail.frascone.com (Postfix) with ESMTP id BAB4F21797 for ; Mon, 9 Aug 2004 19:36:23 -0400 (EDT) Received: from localhost (aboba@localhost) by internaut.com (8.10.2/8.10.2) with ESMTP id i79Nkhi19222 for ; Mon, 9 Aug 2004 16:46:43 -0700 From: Bernard Aboba To: eap@frascone.com Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Subject: [eap] comments on draft-adrangi-eap-network-discovery-02.txt Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Mon, 9 Aug 2004 16:46:43 -0700 (PDT) X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) This version is much improved over -01. With a little bit of cleanup I think it will be ready for a "pseudo WG last call" (and review by 802.11). My only substantive comment about this version concerns Section 3. IMHO, this section should be provided as an Appendix to the document, with the exception of any normative requirements on the client. My advice would be to put those requirements into Section 1. I think that Section 1 could use a bit more guidance for implementations. Take this statement from Section 3: " Client implementation[s] MUST support all three options." Since the client doesn't have any way to know which option has been deployed on the AP/AAA server, this normative statement is not meaningful. What I think you mean to say is that the client may receive a hint in an initial EAP-Identity/Request, or the hint could be received in a subsequent EAP-Identity/Request after an initial EAP-Identity/Response is sent. Also, we had talked about some advice for implementations, such as: a. Implementations SHOULD have a default value for the maximum number of EAP-Identity round-trips, in case the hint is not taken by the peer or is not acceptable to the EAP server. It is suggested that no more than three retries by used by default. b. It is suggested that an EAP-Notification by sent by the EAP server after the maximum retry limit is reached, to inform the peer why it is being disconnected, prior to sending an EAP-Failure. Some NITs: Section 5 "There, is MUST be considered just" -> "Therefore, it MUST be considered" _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Mon Aug 9 22:08:53 2004 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA17774 for ; Mon, 9 Aug 2004 22:08:52 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 2BF5821D12; Mon, 9 Aug 2004 21:54:07 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id B465921D13; Mon, 9 Aug 2004 21:54:02 -0400 (EDT) Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 7783C21D12 for ; Mon, 9 Aug 2004 21:53:16 -0400 (EDT) Received: from internaut.com (h-66-167-171-107.sttnwaho.covad.net [66.167.171.107]) by mail.frascone.com (Postfix) with ESMTP id 3DD0221D11 for ; Mon, 9 Aug 2004 21:53:14 -0400 (EDT) Received: from localhost (aboba@localhost) by internaut.com (8.10.2/8.10.2) with ESMTP id i7A23XV27050 for ; Mon, 9 Aug 2004 19:03:33 -0700 From: Bernard Aboba To: eap@frascone.com Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Subject: [eap] Re: Confidentiality of TLS keying information for wireless Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Mon, 9 Aug 2004 19:03:33 -0700 (PDT) X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) On August 9, 2004, Frank Akujobi wrote: "Hi, I have a couple of questions concerning wireless clients using EAP-TLS authentication against a radius server: 1. Are all the TLS session negotiations between supplicant (on the client) and authenticator (AP) sent in the clear? In other words is there any form of confidentiality for TLS keying information? 2. If there is none, what prevents a potential attacker from listening in on TLS sessions and eventually gathering enough information (like the session key and eventually WEP keys) to launch a man-in-the-middle attack? Thanks, Frank Akujobi, M.A.Sc. Network Analyst Computing and Communications Services Carleton University (613) 520-2600 x 2291" ------------------------------------------------------------------------- Frank -- TLS is a modern key exchange protocol that is documented in RFC 2246, as well as in the following updated Internet Draft: http://www.ietf.org/internet-drafts/draft-ietf-tls-rfc2246-bis-07.txt Another good source of information on TLS is the following book: Rescorla, Eric, "SSL and TLS Designing and Building Secure Systems", Addison-Wesley, 2001. As noted in those documents, the properties of the SSL/TLS exchange vary depending on the ciphersuite chosen. EAP-TLS requires selection of a ciphersuite that provides for both client and server authentication. This implies that some of the existing SSL/TLS modes (such as anonymous DH) are not suitable for use with EAP-TLS. Through use of cryptographic mechanisms such as the exchange of certificates and corresponding RSA public keys, TLS is able to provide for mutual authentication as well as to set up an encrypted channel. As with any modern key exchange protocol, keying material is never sent in the clear. Given mutual authentication between client and server, man-in-the-middle attacks are precluded, barring the failure of a fundamental cryptographic assumption, such as compromise of a server certificate or trust anchor. As noted in Section 3 of [Rescorla], when server certificate authentication is supported, the server sends its certificate to the client in the Certificate message. The client then responds with the ClientKeyExchange message, in which it encrypts a randomly chosen PreMasterSecret and encrypts it using the server's public key. The server subsequently demonstrates receipt of the PreMasterSecret (and possession of the private key corresponding to the public enclosed within its certificate) by using it in the calculation of the Finished message. As noted in Section 4 of [Rescorla] when the client authentication is supported and certificates are used, client authentication is initiated by the server sending a CertificateRquest message to the client. The client responds by sending a Certificate message to the server as well as a CertificateVerify message, which is signed with the private key associated with the transmitted client certificate. The client therefore demonstrates possession of the private key corresponding to the public key enclosed within its certificate. _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Tue Aug 10 00:55:51 2004 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA01864 for