28 Jun 2012 19:21
Re: Comments on draft-hartman-emu-mutual-crypto-bind
Sam Hartman <hartmans <at> painless-security.com>
2012-06-28 17:21:12 GMT
2012-06-28 17:21:12 GMT
>>>>> "Jim" == Jim Schaad <jimsch <at> augustcellars.com> writes:
Jim> Sam et al,
Jim> 1. In section 1 after the Classic Tunnel Attack figure, I believe there are
Jim> three methods listed as possible mitigation strategies, however I don't
Jim> understand how the second one - a sufficiently strong inner method - could
Jim> possibly be a mitigation by itself. The three I see are 1) Policy 2) strong
Jim> inner method 3) Cryptographic binding.
I actually was intending to describe cryptographic binding in two
sentences; I've re-punctuated the text to indicate that if the inner
method is strong enough you can do cryptographic binding.
I believe I've addressed your other comments in an upcoming draft.
--Sam
RSS Feed