Great, clear benefits to having a separate AAA server. So that's the reason to neuter technology?
What you're talking about is a deployment issue and that really isn't any of our business. Dan. On Thu, March 25, 2010 10:06 pm, Yaron Sheffer wrote: > As I mentioned in my previous mail, the document attempts to follow the > use cases as agreed in the charter. > > For the remote access case, there are clear benefits to having a > separate AAA server, and EAP has been adopted by multiple protocols > including IKEv2. I don't see a reason to open this decision now. > > And the criteria that this document "supposedly" deals with have to be > evaluated in the context of use cases and scenarios. They are not > abstract entities. > > Thanks, > Yaron > > On 26.3.2010 1:59, Dan Harkins wrote: >> >> On the contrary, I would like to see no notion of "clients", "hosts", >> and "gateways" at all. There is no reason why this technique could >> not be used in any of the use cases in IKEv2. >> >> And such a statement certainly does not belong in a document that >> supposedly deals with criteria upon which a selection will be made. >> >> Dan. >> >> On Thu, March 25, 2010 4:40 pm, Kaz Kobara wrote: >>> Hi Yaron >>> >>>> draft-sheffer-ipsecme-pake-criteria-02.txt says in Page 4 >>>> "This document is limited to the use of password-based authentication >>>> to >>>> achieve trust between gateways" >>> >>> I would like to make sure that >>> "gateway" in this document does not encompass VPN clients and hosts, >>> right? >>> >>> Kaz >>> >>>> -----Original Message----- >>>> From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf >>>> Of >>>> Yaron Sheffer >>>> Sent: Friday, March 26, 2010 3:31 AM >>>> To: SeongHan Shin >>>> Cc: IPsecme WG; Kazukuni Kobara >>>> Subject: Re: [IPsec] New PAKE Criteria draft posted >>>> >>>> Hi Shin, >>>> >>>> Yes. For the typical remote access VPN, EAP is typically more useful. >>>> Note that there is still need for strong password-based mutual >>>> authentication EAP methods - but their home is the EMU working group. >>>> >>>> In addition, the IPsecME has another charter item designed to fit such >>>> EAP methods (such as the future EAP-AugPAKE :-) into IKEv2. >>>> >>>> Please see again the group's charter, >>>> http://tools.ietf.org/wg/ipsecme/charters. >>>> >>>> Thanks, >>>> Yaron >>>> >>>> On 25.3.2010 20:07, SeongHan Shin wrote: >>>>> Dear Yaron Sheffer, >>>>> >>>>> I have one question about the draft. >>>>> >>>>> draft-sheffer-ipsecme-pake-criteria-02.txt says in Page 4 >>>>> "This document is limited to the use of password-based authentication >>>> to >>>>> achieve trust between gateways" >>>>> >>>>> Is this a consensus of this WG? >>>>> >>>>> Best regards, >>>>> Shin >>>>> >>>>> On Thu, Mar 25, 2010 at 3:46 PM, Yaron Sheffer<yaronf.i...@gmail.com >>>>> <mailto:yaronf.i...@gmail.com>> wrote: >>>>> >>>>> Hi, >>>>> >>>>> after the good discussion in Anaheim, and with the help of >>>> comments >>>>> received on and off the list, I have updated the PAKE Criteria >>>> draft >>>>> and posted it as >>>>> >>>> http://www.ietf.org/id/draft-sheffer-ipsecme-pake-criteria-02.txt. >>>>> >>>>> I have added a number of criteria, clarified others, and added >>>>> numbering (SEC1-SEC6, IPR1-IPR3 etc.). >>>>> >>>>> Thanks, >>>>> Yaron >>>>> _______________________________________________ >>>>> IPsec mailing list >>>>> IPsec@ietf.org<mailto:IPsec@ietf.org> >>>>> https://www.ietf.org/mailman/listinfo/ipsec >>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> ------------------------------------------------------------------ >>>>> SeongHan Shin >>>>> Research Center for Information Security (RCIS), >>>>> National Institute of Advanced Industrial Science and Technology >>>> (AIST), >>>>> Room no. 1003, Akihabara Daibiru 10F, >>>>> 1-18-13, Sotokannda, Chiyoda-ku, Tokyo 101-0021 Japan >>>>> Tel : +81-3-5298-2722 >>>>> Fax : +81-3-5298-4522 >>>>> E-mail : seonghan.s...@aist.go.jp<mailto:seonghan.s...@aist.go.jp> >>>>> ------------------------------------------------------------------ >>>> _______________________________________________ >>>> IPsec mailing list >>>> IPsec@ietf.org >>>> https://www.ietf.org/mailman/listinfo/ipsec >>> >>> >>> _______________________________________________ >>> IPsec mailing list >>> IPsec@ietf.org >>> https://www.ietf.org/mailman/listinfo/ipsec >>> >> >> >> _______________________________________________ >> IPsec mailing list >> IPsec@ietf.org >> https://www.ietf.org/mailman/listinfo/ipsec > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec > _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
