Re: [IPsec] I-D Action:draft-ietf-ipsecme-eap-mutual-04.txt

Mon, 14 Jun 2010 22:02:31 -0700 

Hi Jyothi,
the proposed protocol is asymmetric. So you will need to make sure somehow that gw1 is always the initiator. 

Thanks,
        Yaron

On 06/15/2010 06:44 AM, V Jyothi-B22245 wrote:

Hi,

To my knowledge, each EAP method has client and server implementation.

Suppose if there are two gateways: gw1 and gw2, gw1 has EAP client
implementation and gw2 has EAP server implementation.
Irrespective of IKEv2 acting as initiator or responder, can gw1 act as
only EAP client and gw2 act as only EAP server.
With this posted draft, is it possible to achieve this functionality.

Thanks
Jyothi

-----Original Message-----
From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf
Of internet-dra...@ietf.org
Sent: Tuesday, June 15, 2010 12:45 AM
To: i-d-annou...@ietf.org
Cc: ipsec@ietf.org
Subject: [IPsec] I-D Action:draft-ietf-ipsecme-eap-mutual-04.txt

A New Internet-Draft is available from the on-line Internet-Drafts
directories.
This draft is a work item of the IP Security Maintenance and Extensions
Working Group of the IETF.


        Title           : An Extension for EAP-Only Authentication in
IKEv2
        Author(s)       : P. Eronen, et al.
        Filename        : draft-ietf-ipsecme-eap-mutual-04.txt
        Pages           : 15
        Date            : 2010-06-14

IKEv2 specifies that EAP authentication must be used together with
public key signature based responder authentication.  This is necessary
with old EAP methods that provide only unilateral authentication using,
e.g., one-time passwords or token cards.

This document specifies how EAP methods that provide mutual
authentication and key agreement can be used to provide extensible
responder authentication for IKEv2 based on methods other than public
key signatures.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-ipsecme-eap-mutual-04.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec






















					Reply via email to