Hi Ryan,
Well, I thought presenting tunneled methods were in general out of scope
for the password based authentication. But it is a viable means to
meeting the requirements.....which I believe, is what the design team
presented with PP-EAP.
My point is that if we contemplate TTLS as a working group item, we
should also be analyzing PEAP and EAP-FAST. Though PEAP may not have as
much traction, I believe though EAP-FAST was instantiated after TTLS, is
also widely deployed and addresses some of the deployment challenges
(like crypto binding and the ability to establish tunnels without the
need of asymmetric crypto) that were presented by PEAP and TTLS.
Nancy.
-----Original Message-----
From: Ryan Hurst [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 14, 2007 4:45 PM
To: Nancy Winget (ncamwing); Alan DeKok; Stephen Hanna
Cc: emu@ietf.org
Subject: RE: [Emu] Crypto-binding in TTLS-v0
I agree that PEAPv0 is a orthogonal issue Nancy, did not mean to suggest
it was although in hindsight I can see how it might have read that way.
On the topic of TTLS as a EMU working group item, I am not opposed to
this as from the customer engagements I have had it appears to have a
very strong existing deployment across a number of customer segments and
from a protocol standpoint is pretty clean (It just needs a couple of
additions like CryptoBindings).
Ryan
-----Original Message-----
From: Nancy Winget (ncamwing) [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 14, 2007 4:29 PM
To: Ryan Hurst; Alan DeKok; Stephen Hanna
Cc: emu@ietf.org
Subject: RE: [Emu] Crypto-binding in TTLS-v0
Publishing TTLS and PEAPv0 (and PEAPv1) is a worthy cause given that
there are deployments out there. However, I think that is a different
item/issue than having it be taken as an EMU work item. For instance,
it can be published as an informational RFC much the same way EAP-FAST
is now RFC 4851.
It is not clear why TTLS should become an EMU work item or standardized
as the means to deliver a strong password based method. There are other
tunnel methods such as PEAP and EAP-FAST that can also meet the
requirements. If we are discussing what would need to be
changed/updated to TTLS to meet the requirements, perhaps we should also
be evaluating PEAP and EAP-FAST as alternatives as they also meet the
requirements and perhaps more so than TTLS.
Nancy.
-----Original Message-----
From: Ryan Hurst [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 14, 2007 9:57 AM
To: Alan DeKok; Stephen Hanna
Cc: emu@ietf.org
Subject: RE: [Emu] Crypto-binding in TTLS-v0
I agree, I also want to see PEAPv0 published for the same reasons (I am
working on a draft of this, no ETA I can share at this time).
-----Original Message-----
From: Alan DeKok [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 14, 2007 9:47 AM
To: Stephen Hanna
Cc: emu@ietf.org
Subject: Re: [Emu] Crypto-binding in TTLS-v0
Stephen Hanna wrote:
> draft-funk-eap-ttls-v0-01.txt describes EAP-TTLSv0 as it has been
> implemented by vendors and adopted by other SDOs. We plan to submit
> this for RFC status as part of the ongoing effort to document popular
> EAP methods as RFCs.
I think this document should be published. It's widely used, and
deserves documentation in the IETF process.
> As to your question about whether EAP-TTLSv0 is a chartered work item
> for the EMU WG, that may depend in part on how the WG decides to
> address the work item to deliver a strong password-based method. At
> the EMU WG in Chicago, there were two proposals: my proposal to use
> EAP-TTLSv0 with these new AVPs and another proposal to define a new
> EAP method especially for this purpose. The results of a hum were
> inconclusive and it was agreed to take this discussion to the email
> list.
I am in favor of EAP-TTLSv0 + new AVP's.
Alan DeKok.
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www1.ietf.org/mailman/listinfo/emu
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www1.ietf.org/mailman/listinfo/emu
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www1.ietf.org/mailman/listinfo/emu
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www1.ietf.org/mailman/listinfo/emu
