Hi Dan, The document currently states anonymous cipher suites MUST NOT be mandatory to implement for the tunnel method. I think the is the appropriate stance for the document to take for the base tunnel method. I also do not think this prevents a follow-on specification defining how to use anonymous tunnel securely.
Cheers, Joe > -----Original Message----- > From: emu-boun...@ietf.org [mailto:emu-boun...@ietf.org] On Behalf Of Dan > Harkins > Sent: Wednesday, March 03, 2010 3:30 PM > To: Hoeper Katrin-QWKN37 > Cc: emu@ietf.org > Subject: Re: [Emu] review of draft-ietf-emu-eaptunnel-req-04 > > > Hi Katrin, > > Yes, EAP-pwd uses the password for mutual authentication. If the > server doesn't know the password the exchange will fail. The key > differentiator (from, say, EAP-GPSK) is that it uses a zero knowledge > proof and is resistant to off-line dictionary attack. > > Dan. > > On Wed, March 3, 2010 2:33 pm, Hoeper Katrin-QWKN37 wrote: > > Sorry Dan, > > > > Is EAP-pwd using the password for mutual authentication? > > > >> -----Original Message----- > >> From: emu-boun...@ietf.org [mailto:emu-boun...@ietf.org] On Behalf Of > >> Hoeper Katrin-QWKN37 > >> Sent: Wednesday, March 03, 2010 4:28 PM > >> To: Dan Harkins > >> Cc: emu@ietf.org > >> Subject: Re: [Emu] review of draft-ietf-emu-eaptunnel-req-04 > >> > >> How does that authenticate the server if a user enters a password? > >> > >> If the server says, yes that was the right password? > >> > >> > >> > >> > -----Original Message----- > >> > From: Dan Harkins [mailto:dhark...@lounge.org] > >> > Sent: Wednesday, March 03, 2010 4:14 PM > >> > To: Hoeper Katrin-QWKN37 > >> > Cc: Dan Harkins; Joseph Salowey; emu@ietf.org > >> > Subject: RE: [Emu] review of draft-ietf-emu-eaptunnel-req-04 > >> > > >> > > >> > Since they both use the same low-entropy password to perform their > >> > mutual authentication it is not, strictly speaking, just the peer's > >> > credential. > >> > > >> > Dan. > >> > > >> > On Wed, March 3, 2010 1:45 pm, Hoeper Katrin-QWKN37 wrote: > >> > > > >> > > See inline. > >> > >> -----Original Message----- > >> > >> From: Dan Harkins [mailto:dhark...@lounge.org] > >> > >> Sent: Wednesday, March 03, 2010 3:39 PM > >> > >> To: Hoeper Katrin-QWKN37 > >> > >> Cc: Dan Harkins; Joseph Salowey; emu@ietf.org > >> > >> Subject: RE: [Emu] review of draft-ietf-emu-eaptunnel-req-04 > >> > >> > >> > >> > >> > >> Hi Katrin, > >> > >> > >> > >> On Wed, March 3, 2010 12:31 pm, Hoeper Katrin-QWKN37 wrote: > >> > >> > Dan, > >> > >> > > >> > >> > OK, I understand that the tunnel provides all these other > > feats. > >> > >> > > >> > >> > But why can't the server authenticate during the tunnel > > protocol? > >> I > >> > >> > still don't understand the use case for mutually anonymous > >> tunnels. > >> > >> > >> > >> Because it doesn't have the right credential. > >> > >> > >> > >> > If the server has a certificate why can't it send it to the > > peer > >> > > before > >> > >> > or during the tunnel establishment? > >> > >> > >> > >> If the server has a certificate then sending it to the peer > >> > >> would not really solve any problem. The peer would still need to > >> > >> have a reason to trust it and we're back to the problem of > > putting > >> > >> a trusted certificate in some certificate store. A global PKI to > >> > >> solve all of our certificate issues still has not materialized. > >> > >> > >> > >> > If the peer and server share a secret, than this could be used > > to > >> > >> > establish the tunnel. > >> > >> > >> > >> If the peer and server share a secret they could use one of the > >> PSK > >> > >> ciphersuites for TLS but those are susceptible to a dictionary > >> attack > >> > >> and are therefore inappropriate. > >> > >> > >> > >> The tunnel is being established with EAP-TLS so we are limited > > to > >> > >> TLS ciphersuites and the authentication they provide. If a TLS > >> > > ciphersuite > >> > >> was appropriate always and everywhere then we would not need any > >> other > >> > >> EAP methods, we'd just do EAP-TLS. But that is not the case. Also > >> it > >> > > is > >> > >> a requirement to tunnel additional EAP methods inside the tunnel > > so > >> > >> obviously there are EAP methods that provide something that a TLS > >> > >> ciphersuite does not. > >> > >> > >> > >> > What I am saying is what kind of server authentication > >> credentials > >> > > could > >> > >> > be used inside an anonymous tunnel that could not be used to > >> > >> > authenticate the server in the tunnel protocol? (given that > >> privacy > >> > > is > >> > >> > not the issue) > >> > >> > >> > >> A low-entropy password that can easily be remembered and > > entered > >> by > >> > > a > >> > >> human with low probability of error. > >> > > [KH] I asked what kind of SERVER credentials not peer credentials. > >> > >> > >> > >> Dan. > >> > >> > >> > > > >> > > > >> > > >> > >> _______________________________________________ > >> Emu mailing list > >> Emu@ietf.org > >> https://www.ietf.org/mailman/listinfo/emu > > > > > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
