As I mentioned in my previous mail, the document attempts to follow the
use cases as agreed in the charter.
For the remote access case, there are clear benefits to having a
separate AAA server, and EAP has been adopted by multiple protocols
including IKEv2. I don't see a reason to open this decision now.
And the criteria that this document "supposedly" deals with have to be
evaluated in the context of use cases and scenarios. They are not
abstract entities.
Thanks,
Yaron
On 26.3.2010 1:59, Dan Harkins wrote:
On the contrary, I would like to see no notion of "clients", "hosts",
and "gateways" at all. There is no reason why this technique could
not be used in any of the use cases in IKEv2.
And such a statement certainly does not belong in a document that
supposedly deals with criteria upon which a selection will be made.
Dan.
On Thu, March 25, 2010 4:40 pm, Kaz Kobara wrote:
Hi Yaron
draft-sheffer-ipsecme-pake-criteria-02.txt says in Page 4
"This document is limited to the use of password-based authentication to
achieve trust between gateways"
I would like to make sure that
"gateway" in this document does not encompass VPN clients and hosts,
right?
Kaz
-----Original Message-----
From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf
Of
Yaron Sheffer
Sent: Friday, March 26, 2010 3:31 AM
To: SeongHan Shin
Cc: IPsecme WG; Kazukuni Kobara
Subject: Re: [IPsec] New PAKE Criteria draft posted
Hi Shin,
Yes. For the typical remote access VPN, EAP is typically more useful.
Note that there is still need for strong password-based mutual
authentication EAP methods - but their home is the EMU working group.
In addition, the IPsecME has another charter item designed to fit such
EAP methods (such as the future EAP-AugPAKE :-) into IKEv2.
Please see again the group's charter,
http://tools.ietf.org/wg/ipsecme/charters.
Thanks,
Yaron
On 25.3.2010 20:07, SeongHan Shin wrote:
Dear Yaron Sheffer,
I have one question about the draft.
draft-sheffer-ipsecme-pake-criteria-02.txt says in Page 4
"This document is limited to the use of password-based authentication
to
achieve trust between gateways"
Is this a consensus of this WG?
Best regards,
Shin
On Thu, Mar 25, 2010 at 3:46 PM, Yaron Sheffer<yaronf.i...@gmail.com
<mailto:yaronf.i...@gmail.com>> wrote:
Hi,
after the good discussion in Anaheim, and with the help of
comments
received on and off the list, I have updated the PAKE Criteria
draft
and posted it as
http://www.ietf.org/id/draft-sheffer-ipsecme-pake-criteria-02.txt.
I have added a number of criteria, clarified others, and added
numbering (SEC1-SEC6, IPR1-IPR3 etc.).
Thanks,
Yaron
_______________________________________________
IPsec mailing list
IPsec@ietf.org<mailto:IPsec@ietf.org>
https://www.ietf.org/mailman/listinfo/ipsec
--
------------------------------------------------------------------
SeongHan Shin
Research Center for Information Security (RCIS),
National Institute of Advanced Industrial Science and Technology
(AIST),
Room no. 1003, Akihabara Daibiru 10F,
1-18-13, Sotokannda, Chiyoda-ku, Tokyo 101-0021 Japan
Tel : +81-3-5298-2722
Fax : +81-3-5298-4522
E-mail : seonghan.s...@aist.go.jp<mailto:seonghan.s...@aist.go.jp>
------------------------------------------------------------------
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
