Section 3.1 already states: " ... The tunnel method MUST support this use case. However, it MUST NOT expose the username and password to parties in the communication path between the peer and the EAP Server and it MUST provide protection against man-in-the-middle and dictionary attacks. The combination of the tunnel authentication and password authentication MUST enable mutual authentication."
Is there any modification necessary? Joe > -----Original Message----- > From: Alan DeKok [mailto:al...@deployingradius.com] > Sent: Thursday, August 06, 2009 1:00 PM > To: Dan Harkins > Cc: Joseph Salowey (jsalowey); emu@ietf.org > Subject: Re: [Emu] Issue #7: Password Authentication > > Dan Harkins wrote: > > Perhaps it would be a good idea to mandate that the > method used to > > authenticate the tunnel (outer method, whatever you want to call > > it) MUST NOT be susceptible to a dictionary attack if it is > going to > > be used to transport a username and plaintext password to the > > authentication server. > > That is reasonable. > > Alan DeKok. > _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
