[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Comments on CRACK
Dan Harkins wrote:
>
> On Tue, 26 Oct 1999 14:36:14 EDT you wrote
> "If mutual authentication is not required, then the phase 1
> negotiation MAY use an authentication method of shared-secret and
> have that shared-secret be null."
>
> Which is just insane! You're saying that people can do an unauthenticated
Yikes! You got me on that one. We'll take that one out asap. Looking
over the draft, I think that stronger security language is required.
Even to the point of stating that "group shared secrets SHOULD NOT be
used with this protocol". Would that make everyone happy?
References: