Adding Support for Salted Password Databases to EAP-pwd
draft-harkins-salted-eap-pwd-08
Yes
(Kathleen Moriarty)
No Objection
(Alexey Melnikov)
(Alia Atlas)
(Alissa Cooper)
(Alvaro Retana)
(Deborah Brungard)
(Jari Arkko)
(Joel Jaeggli)
(Spencer Dawkins)
(Suresh Krishnan)
(Terry Manderson)
Note: This ballot was opened for revision 07 and is now closed.
Kathleen Moriarty Former IESG member
Yes
Yes
(for -07)
Unknown
Alexey Melnikov Former IESG member
No Objection
No Objection
(for -07)
Unknown
Alia Atlas Former IESG member
No Objection
No Objection
(for -07)
Unknown
Alissa Cooper Former IESG member
No Objection
No Objection
(for -07)
Unknown
Alvaro Retana Former IESG member
No Objection
No Objection
(for -07)
Unknown
Ben Campbell Former IESG member
No Objection
No Objection
(2016-11-02 for -07)
Unknown
The abbreviated title on the top of pages after the first is "Abbreviated Title " :-)
Deborah Brungard Former IESG member
No Objection
No Objection
(for -07)
Unknown
Jari Arkko Former IESG member
No Objection
No Objection
(for -07)
Unknown
Joel Jaeggli Former IESG member
No Objection
No Objection
(for -07)
Unknown
Mirja Kühlewind Former IESG member
No Objection
No Objection
(2016-10-30 for -07)
Unknown
Maybe put the folling warning also more clearly at the beginning of the doc or even in the abstract: "Plain salting techniques are included for support of existing databases. scrypt and PBKDF2 techniques are RECOMMENDED for new password database deployments."
Spencer Dawkins Former IESG member
No Objection
No Objection
(for -07)
Unknown
Stephen Farrell Former IESG member
No Objection
No Objection
(2016-11-01 for -07)
Unknown
Thanks for the secdir discussion - it was thorough and lead to good changes being made. (It took me longer to read that thread than the document:-) I do think that some of the text doesn't flow as well as a result of all those edits though, maybe a pass to improve that would be good. (Though it is clear enough now for implementers I think.) Figure 1 means that implementing this requires changes to the innards of your EAP-PWD implementation. It might be nice to a random implementer (if there are some) to provide that hint by saying this updates 7664. I like Mirja's suggestion - that RECOMMENDED is a bit buried right now. (Even if the main concern here is not new DB records.) I'd also note that it's possible to switch to a new alg on a per-record and not per-DB basis, if one's implementation allows, so you could also encourage that. (Well, unless EAP-PWD prevents it somehow but I'd be surprised if it did.)
Suresh Krishnan Former IESG member
No Objection
No Objection
(for -07)
Unknown
Terry Manderson Former IESG member
No Objection
No Objection
(for -07)
Unknown