Re: [IPsec] New PAKE Criteria draft posted (def. of gateway)

Yaron Sheffer Thu, 25 Mar 2010 22:27:33 -0700

Hi Kaz,

I *thought* my intention was clear: "between gateways" as opposed to"between clients and gateways". So your assertion is correct.


Thanks,
        Yaron

On 26.3.2010 1:40, Kaz Kobara wrote:

Hi Yaron

draft-sheffer-ipsecme-pake-criteria-02.txt says in Page 4
"This document is limited to the use of password-based authentication to
achieve trust between gateways"


I would like to make sure that
"gateway" in this document does not encompass VPN clients and hosts, right?

Kaz

-----Original Message-----
From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of
Yaron Sheffer
Sent: Friday, March 26, 2010 3:31 AM
To: SeongHan Shin
Cc: IPsecme WG; Kazukuni Kobara
Subject: Re: [IPsec] New PAKE Criteria draft posted

Hi Shin,

Yes. For the typical remote access VPN, EAP is typically more useful.
Note that there is still need for strong password-based mutual
authentication EAP methods - but their home is the EMU working group.

In addition, the IPsecME has another charter item designed to fit such
EAP methods (such as the future EAP-AugPAKE :-) into IKEv2.

Please see again the group's charter,
http://tools.ietf.org/wg/ipsecme/charters.

Thanks,
        Yaron

On 25.3.2010 20:07, SeongHan Shin wrote:

Dear Yaron Sheffer,

I have one question about the draft.

draft-sheffer-ipsecme-pake-criteria-02.txt says in Page 4
"This document is limited to the use of password-based authentication

to

achieve trust between gateways"

Is this a consensus of this WG?

Best regards,
Shin

On Thu, Mar 25, 2010 at 3:46 PM, Yaron Sheffer<yaronf.i...@gmail.com
<mailto:yaronf.i...@gmail.com>>  wrote:

     Hi,

     after the good discussion in Anaheim, and with the help of comments
     received on and off the list, I have updated the PAKE Criteria draft
     and posted it as

http://www.ietf.org/id/draft-sheffer-ipsecme-pake-criteria-02.txt.


     I have added a number of criteria, clarified others, and added
     numbering (SEC1-SEC6, IPR1-IPR3 etc.).

     Thanks,
         Yaron
     _______________________________________________
     IPsec mailing list
     IPsec@ietf.org<mailto:IPsec@ietf.org>
     https://www.ietf.org/mailman/listinfo/ipsec




--
------------------------------------------------------------------
SeongHan Shin
Research Center for Information Security (RCIS),
National Institute of Advanced Industrial Science and Technology (AIST),
Room no. 1003, Akihabara Daibiru 10F,
1-18-13, Sotokannda, Chiyoda-ku, Tokyo 101-0021 Japan
Tel : +81-3-5298-2722
Fax : +81-3-5298-4522
E-mail : seonghan.s...@aist.go.jp<mailto:seonghan.s...@aist.go.jp>
------------------------------------------------------------------

_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec



_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Re: [IPsec] New PAKE Criteria draft posted (def. of gateway)

Reply via email to