Let's assume for the moment that there are good deployment reasons why
you want to use a password based authentication method without running
it in combination with pk-based server side authentication then TLS-SRP
dumped into EAP would be my choice.
The reasons are:
* already specified and analy
Hi Hannes,
I'm sorry the draft does not meet your expectations with respect to
usage as compared to other EAP methods. I actually didn't think such
verbage was actually needed. A brief scan of a recent EAP method
that was advanced as RFC5106 shows that it too lacks a description of
its use wi
To continue on the previous discussions about this subject (with a
different subject):
a) I believe the document does not do a good job in describing where you
plan to use this method in comparison to the already ongoing work on
tunneled mechanisms.
To quote Bernard on a previous mailing list
Hello,
There's a new I-D in the Internet-Drafts database called
draft-harkins-emu-eap-pwd-00.txt. It describes a new method
for authentication using only a password. It provides resistance
to active attack, passive attack, and dictionary attack. It
also provides forward secrecy and an authent
