One of the things I would like to see is the addition of crypto-binding
(optionally and therefore does not affect others' existing
implementations). I am hoping that can be added as part of the
draft-funk-eap-ttls-v0-01.txt publication process.
The other thing I would like to see is addition of IANA considerations
on using TTLS to carry other legacy weak authentication methods. This
would avoid making all of those line up for EAP-MyMethod IANA registrations.
Steve, if you would like, I can volunteer cycles to write text.
Thoughts?
thanks,
Lakshminath
On 8/14/2007 6:53 AM, Stephen Hanna wrote:
Perhaps a little clarification or correction is in order here.
draft-funk-eap-ttls-v0-01.txt describes EAP-TTLSv0 as it has
been implemented by vendors and adopted by other SDOs. We plan
to submit this for RFC status as part of the ongoing effort
to document popular EAP methods as RFCs.
As I described in my presentation at EMU in Chicago, we are
working on an Internet-Draft that describes a few AVPs for
use with EAP-TTLSv0 that allow it to address all the requirements
the EMU WG has laid out for a strong password-based method.
I expect to have this Internet-Draft ready in the next week
or two.
As to your question about whether EAP-TTLSv0 is a chartered
work item for the EMU WG, that may depend in part on how the
WG decides to address the work item to deliver a strong
password-based method. At the EMU WG in Chicago, there were
two proposals: my proposal to use EAP-TTLSv0 with these
new AVPs and another proposal to define a new EAP method
especially for this purpose. The results of a hum were
inconclusive and it was agreed to take this discussion
to the email list.
If the WG decides to use EAP-TTLSv0 to address the work item
related to delivering a strong password-based method, then
I think that EAP-TTLSv0 and the new AVPs would not be work
items for the EMU WG but the work item would instead be the
creation of a profile showing how to use EAP-TTLSv0 and the
new AVPs to provide a strong password-based method.
Joe, is that consistent with your current thinking?
Thanks,
Steve
-----Original Message-----
From: Tschofenig, Hannes [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 14, 2007 7:03 AM
To: Lakshminath Dondeti; emu@ietf.org
Subject: AW: [Emu] Crypto-binding in TTLS-v0
Crypto-binding: Yes (my opinion)
Sam also suggested to add channel bindings and to address internalization support in a proper way.
Regarding your other question: No. EAP-TTLS is not a charter item since the work on password-based protocols currently does not include tunneled EAP protocols. This was discussed during the meeting.
It was also mentioned that the fans of EAP-TTLS would like to publish their EAP-TTLSv0 as is -- without any modifications.
Ciao
Hannes
-----Ursprüngliche Nachricht-----
Von: Lakshminath Dondeti [mailto:[EMAIL PROTECTED]
Gesendet: Dienstag, 14. August 2007 10:42
An: emu@ietf.org
Betreff: [Emu] Crypto-binding in TTLS-v0
This probably has been asked before, but I will ask it in a different
context: as we try to standardize EAP-TTLS in EMU (is this a charter
item, Joe?) is there a plan to support cryto-binding in TTLS-v0?
My opinion: well, yeah! :)
regards,
Lakshminath
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www1.ietf.org/mailman/listinfo/emu
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www1.ietf.org/mailman/listinfo/emu
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www1.ietf.org/mailman/listinfo/emu
