Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

The Network Endpoint Assessment (NEA) Asokan Attack Analysis
draft-ietf-nea-asokan-02

Yes

(Sean Turner)

(Stephen Farrell)

No Objection

(Adrian Farrel)

(Barry Leiba)

(Benoît Claise)

(Brian Haberman)

(Gonzalo Camarillo)

(Martin Stiemerling)

(Ralph Droms)

(Robert Sparks)

(Ron Bonica)

(Russ Housley)

(Stewart Bryant)

(Wesley Eddy)

Note: This ballot was opened for revision 01 and is now closed.

Sean Turner Former IESG member

Yes

Yes (for -01) Unknown

Stephen Farrell Former IESG member

Yes

Yes (for -01) Unknown

Adrian Farrel Former IESG member

No Objection

No Objection (2012-09-26 for -01) Unknown

The third sentence of the Introduction is an apparent non sequitur. It
would be nice if some context was given to the statement.

---

Section 5

   1. Protocols should make use of cryptographic binding, however
     binding identities of the tunnel endpoints in the EMA may be
     useful.

This is hard to parse. Is there an "also" missing from the second 
clause?

Barry Leiba Former IESG member

No Objection

No Objection (for -01) Unknown

Benoît Claise Former IESG member

No Objection

No Objection (for -01) Unknown

Brian Haberman Former IESG member

No Objection

No Objection (for -01) Unknown

Gonzalo Camarillo Former IESG member

No Objection

No Objection (for -01) Unknown

Martin Stiemerling Former IESG member

No Objection

No Objection (2012-09-25 for -01) Unknown

I have one point requiring clarification:

Section 2, paragraph 1:

>    The NEA Asokan Attack is a variation on an attack described in a
>    2002 paper written by Asokan, Niemi, and Nyberg [1]. Figure 1
>    depicts one version of the original Asokan attack. This attack
>    involves tricking an authorized user into authenticating to a decoy
>    AAA server, which forwards the authentication protocol from one
>    tunnel to another, tricking a AAA server into believing these
>    messages came from the attacker and granting access to him.

  Shouldn't it read that the 'believe that messages came from the user,
  but granting access to the attacker'?

Ralph Droms Former IESG member

No Objection

No Objection (for -01) Unknown

Robert Sparks Former IESG member

No Objection

No Objection (for -01) Unknown

Ron Bonica Former IESG member

No Objection

No Objection (for -01) Unknown

Russ Housley Former IESG member

No Objection

No Objection (for -01) Unknown

Stewart Bryant Former IESG member

No Objection

No Objection (2012-09-25 for -01) Unknown

I had no idea what a Network Endpoint Assessment was, until I stumbled on the reference to RFC5209. It would be a good idea to move the reference up to the first line of the Introduction.

I kept meeting PT, but has no idea what that was until I found it in RFC5209. A sentence earlier in the text would be useful.

Wesley Eddy Former IESG member

No Objection

No Objection (for -01) Unknown

The Network Endpoint Assessment (NEA) Asokan Attack Analysis draft-ietf-nea-asokan-02

The Network Endpoint Assessment (NEA) Asokan Attack Analysis
draft-ietf-nea-asokan-02