Hi Nico, On Tue, April 12, 2011 12:45 pm, Nico Williams wrote: > "If you want to use certs then use certs... if you want to use > passwords then use passwords ..." implies an authentication framework > with at least two authentication mechanisms (and negotiation!). > > So you're for at least one authentication framework. Only you weren't > aware of it. Or what did I miss this time? :)
No I don't think you missed it. The "framework" is just IKE and if we want to use a credential in IKE we should use it directly and in the most robust and misuse resistant way possible. In my opinionated opinion, putting a pluggable framework, like EAP, into IKE was a mistake and putting in another to use some particular credential would compound that mistake. regards, Dan. _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
