Skip to main content

Adding Support for Salted Password Databases to EAP-pwd
draft-harkins-salted-eap-pwd-08

Yes

(Kathleen Moriarty)

No Objection

(Alexey Melnikov)
(Alia Atlas)
(Alissa Cooper)
(Alvaro Retana)
(Deborah Brungard)
(Jari Arkko)
(Joel Jaeggli)
(Spencer Dawkins)
(Suresh Krishnan)
(Terry Manderson)

Note: This ballot was opened for revision 07 and is now closed.

Kathleen Moriarty Former IESG member
Yes
Yes (for -07) Unknown

                            
Alexey Melnikov Former IESG member
No Objection
No Objection (for -07) Unknown

                            
Alia Atlas Former IESG member
No Objection
No Objection (for -07) Unknown

                            
Alissa Cooper Former IESG member
No Objection
No Objection (for -07) Unknown

                            
Alvaro Retana Former IESG member
No Objection
No Objection (for -07) Unknown

                            
Ben Campbell Former IESG member
No Objection
No Objection (2016-11-02 for -07) Unknown
The abbreviated title on the top of pages after the first is "Abbreviated Title " :-)
Deborah Brungard Former IESG member
No Objection
No Objection (for -07) Unknown

                            
Jari Arkko Former IESG member
No Objection
No Objection (for -07) Unknown

                            
Joel Jaeggli Former IESG member
No Objection
No Objection (for -07) Unknown

                            
Mirja K├╝hlewind Former IESG member
No Objection
No Objection (2016-10-30 for -07) Unknown
Maybe put the folling warning also more clearly at the beginning of the doc or even in the abstract:
"Plain salting techniques are included for support of existing
   databases. scrypt and PBKDF2 techniques are RECOMMENDED for new
   password database deployments."
Spencer Dawkins Former IESG member
No Objection
No Objection (for -07) Unknown

                            
Stephen Farrell Former IESG member
No Objection
No Objection (2016-11-01 for -07) Unknown
Thanks for the secdir discussion - it was thorough and lead
to good changes being made. (It took me longer to read that
thread than the document:-)

I do think that some of the text doesn't flow as well as a
result of all those edits though, maybe a pass to improve
that would be good. (Though it is clear enough now for
implementers I think.)

Figure 1 means that implementing this requires changes to the
innards of your EAP-PWD implementation. It might be nice to a
random implementer (if there are some) to provide that hint
by saying this updates 7664.

I like Mirja's suggestion - that RECOMMENDED is a bit buried
right now. (Even if the main concern here is not new DB
records.) I'd also note that it's possible to switch to a new
alg on a per-record and not per-DB basis, if one's
implementation allows, so you could also encourage that.
(Well, unless EAP-PWD prevents it somehow but I'd be
surprised if it did.)
Suresh Krishnan Former IESG member
No Objection
No Objection (for -07) Unknown

                            
Terry Manderson Former IESG member
No Objection
No Objection (for -07) Unknown