-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "Alan" == Alan DeKok <aland@xxxxxxxxxxxxxxxxxxx> writes:
Alan> Both the PKM-SS-Cert and PKM-CA-Cert attributes provide
Alan> 'ad-hoc' extension of the RADIUS attribute size, much like the
Alan> EAP-Message attribute. It would have been preferable to
Back in the time of EAP-SIM, I complained about the rather
inconsistent attribute encoding in it, and why didn't they use the
radius encoding, or at least some consistent mechanism.
(Sizes are both in "words" and "bytes" in EAP-SIM)
While doing interop, I found at least two implementations that got
things wrong (and therefore their corresponding clients must not checked
at all!) and would have resulted in buffer overflows, and possible
exploits.
I want to emphasis what Alan says in the next message:
Alan> What value, then, is in the design guidelines, WG consensus,
Alan> or IETF review? Can we just over-ride them willy-nilly
Alan> because a vendor has an implementation of a spec?
- --
] Y'avait une poule de jammé dans l'muffler!!!!!!!!! | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@xxxxxxxxxxxxxxxxxxxxxx http://www.sandelman.ottawa.on.ca/ |device driver[
] h("Just another Debian GNU/Linux using, kernel hacking, ruby guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Finger me for keys
iQEVAwUBSmi1kICLcPvd0N1lAQIHhwf+Pgz79pEFujsgWY7dHFxAEezUiMb6QgPQ
8NQqQCzxquI+aikmzxsqrmNdSEXLEIMEVCyzyYLLb+W0dCNpWD7HUJ0Ktz4NsOK6
zI+t7Cbx0KMXHmydpUJNqg3ucxf5cpt46hY2eug2p2F0UNLTuCYIne+2HzhSMOKa
95PeRlYvkGIW8PKxspdYlIxa9GnASjCY4lh1IRQv3tRNZ3kPSPsRqfSZhyzNB8Hy
SFnEIiBL3FvbvDzOqlk2TA6GYE+Q86v21tSlaGP61/UqbuRrl51Bo8QviORFiWy8
zdiOq0oTAhjT59pspiq518UgrP/ndsjB1op8xCi5JBEnRMDFDuyU1g==
=Vzu1
-----END PGP SIGNATURE-----
_______________________________________________
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf