Hi Alan,
Initial provisioning by shipping the device with the trust anchor pre-installed
is fine, if you're Verizon. But in many cases you don't control the device, and
don't have a trusted path through which to transport the CA cert (I am thinking
enterprise CA here, not a public CA). The combination of anonymous tunnel plus
mutual auth with a one-time password allows you to do that.
But I'm OK with not making this option mandatory, since there are important use
cases that don't need it.
Thanks,
Yaron
> -----Original Message-----
> From: Alan DeKok [mailto:al...@deployingradius.com]
> Sent: Thursday, March 04, 2010 8:47
> To: Yaron Sheffer
> Cc: emu@ietf.org
> Subject: Re: [Emu] review of draft-ietf-emu-eaptunnel-req-04
>
> Yaron Sheffer wrote:
> > Joe, what Dan is proposing is a reasonable way to use a one-time
> password for the initial provisioning of a trust anchor. Initial
> provisioning is important for many types of deployments. Does the
> document allow an alternative secure way to do that?
>
> TLS-based methods can leverage server certificates. This is already
> done in other areas (WiMAX, etc.)
>
> i.e. ship a device with a known CA, and on first provisioning, TLS
> checks the server certificate, and the user validates that the name of
> the server is what was expected.
>
> Since the document doesn't forbid anonymous methods, the only issue
> here is whether or not the document should make them mandatory to
> implement. I agree with Joe, in that they shouldn't be mandatory.
>
> Alan DeKok.
>
> Scanned by Check Point Total Security Gateway.
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
