Hi Katrin, On Wed, March 3, 2010 12:31 pm, Hoeper Katrin-QWKN37 wrote: > Dan, > > OK, I understand that the tunnel provides all these other feats. > > But why can't the server authenticate during the tunnel protocol? I > still don't understand the use case for mutually anonymous tunnels.
Because it doesn't have the right credential. > If the server has a certificate why can't it send it to the peer before > or during the tunnel establishment? If the server has a certificate then sending it to the peer would not really solve any problem. The peer would still need to have a reason to trust it and we're back to the problem of putting a trusted certificate in some certificate store. A global PKI to solve all of our certificate issues still has not materialized. > If the peer and server share a secret, than this could be used to > establish the tunnel. If the peer and server share a secret they could use one of the PSK ciphersuites for TLS but those are susceptible to a dictionary attack and are therefore inappropriate. The tunnel is being established with EAP-TLS so we are limited to TLS ciphersuites and the authentication they provide. If a TLS ciphersuite was appropriate always and everywhere then we would not need any other EAP methods, we'd just do EAP-TLS. But that is not the case. Also it is a requirement to tunnel additional EAP methods inside the tunnel so obviously there are EAP methods that provide something that a TLS ciphersuite does not. > What I am saying is what kind of server authentication credentials could > be used inside an anonymous tunnel that could not be used to > authenticate the server in the tunnel protocol? (given that privacy is > not the issue) A low-entropy password that can easily be remembered and entered by a human with low probability of error. Dan. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
