[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Question about how to proceed on PIC

To: "'Paul Hoffman / VPNC'" <paul.hoffman@xxxxxxxx>, <ietf-ipsra@xxxxxxxx>
Subject: RE: Question about how to proceed on PIC
From: "Glen Zorn" <gwz@xxxxxxxxx>
Date: Fri, 2 May 2003 13:14:38 -0700
Importance: Normal
In-reply-to: <>
List-archive: <http://www.vpnc.org/ietf-ipsra/mail-archive/>
List-id: <ietf-ipsra.vpnc.org>
List-unsubscribe: <mailto:ietf-ipsra-request@vpnc.org?body=unsubscribe>
Organization: Cisco Systems
Reply-to: <gwz@xxxxxxxxx>
Sender: owner-ietf-ipsra@xxxxxxxxxxxxx

> Greetings again. 

Hi, Paul.

> As many of you know, PIC was sent to the RFC 
> Editor for publication, and before the RFC came out, a 
> security problem with the way that PIC, EAP, and other 
> related protocols do authentication was discovered. The problem is
described in 
> detail in 
<http://www.ietf.org/internet-drafts/draft-puthenkulam-eap-binding-02.tx
t>.

> We now have a clearer idea on how to modify PIC to avoid the security
problem, 

Cool!  How is it done? 
 
...

> So our question to you is, should we fix PIC and get a standards-track
RFC, an informational > RFC, or should we withdraw it? There is no
reason for us to create an RFC that no one will > 
> implement. 

Serious question: was anybody actually planning to implement PIC
_before_ the problems were discovered?

> We want to hear from folks in the WG about this so we can decide to go
forwards.

--Paul Hoffman and Sara Bitan, WG chairs

References:
- Question about how to proceed on PIC
  - From: Paul Hoffman / VPNC

Prev by Date: Re: Question about how to proceed on PIC
Next by Date: RE: Question about how to proceed on PIC
Previous by thread: Re: Question about how to proceed on PIC
Next by thread: RE: Question about how to proceed on PIC
Index(es):
- Date
- Thread