Re: [IPsec] Proposed work item: IKEv2 password authentication (SPSK) - NO

Hi Dan, Responding to your last point: The alternatives for EAP-PWD (a.k.a. SPSK), namely EKE, SRP and PAK, have all been published outside the IETF and peer-reviewed by the relevant community: cryptographers, mainly of the academic kind. I highly appreciate the expertise we have at the IPsecM

Re: [IPsec] Proposed work item: EAP-only authentication in IKEv2

Hi Yaron, > - If this proposal is accepted as a WG work item, are you committing to > review multiple versions of the draft? > - Are you willing to contribute text to the draft? > - Would you like to co-author it? I'm willing to review and contribute text to the EAP-only work item. We probably

Re: [IPsec] Proposed work item: Childless IKE SA

Hi Hui, Are all 4 motivations below part of 3gpp discussion? Alper > -Original Message- > From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf > Of Hui Deng > Sent: Tuesday, December 01, 2009 3:28 PM > To: Yoav Nir > Cc: ipsec@ietf.org; Alper Yegin > Subject: Re: [IPs

Re: [IPsec] Proposed work item: Childless IKE SA

Hello Yoav, This seems to be very interesting, I like it due to the first motivation you mentioned. I would be ready to review if this is accepted as a WG item. If some of the motivations are already tackled, it would be wise to check if making additions to IKEv2 tackling those motivations would

Re: [IPsec] Proposed work item: IKEv2 password authentication (SPSK) - NO

Hi Yaron, The technology underlying SPSK is not patented, EKE, SRP and PAK are all patented. Patents are a drag. In addition, EKE has the additional problem that it requires specialized MODP groups-- it can't use the ones in the IKE registry-- and I don't believe it can be used with ellipt

Re: [IPsec] Proposed work item: IKEv2 password authentication (SPSK) - NO

Hi Dan, I actually think the patent situation plays against SPSK, rather than in its favor. But I will say no more. Patent *discussions* are a drag. My personal opinion is that patents should have the lowest priority in this decision. As you know, it is trivial to generate MODP groups that will

[IPsec] password auth methods debate

Folks, I think there is merit to pursing both the EAP-based and the SPSK-based password authentication proposals as WG items. My rationale is: - EAP-based methods are well-suited to client-server interactions and to enterprise environments that already use RADIUS/DIAMATER. Unfortunately,

Re: [IPsec] Proposed work item: IKE/IPsec high availability and load sharing

If this proposal is accepted, I commit to review it. Scott Moonen (smoo...@us.ibm.com) z/OS Communications Server TCP/IP Development http://www.linkedin.com/in/smoonen From: Yaron Sheffer To: "ipsec@ietf.org" Date: 11/29/2009 12:41 PM Subject: [IPsec] Proposed work item: IKE/IPsec high availa

Re: [IPsec] Proposed work item: Labelled IPsec

If this proposal is accepted, I commit to review it. Scott Moonen (smoo...@us.ibm.com) z/OS Communications Server TCP/IP Development http://www.linkedin.com/in/smoonen From: Yaron Sheffer To: "ipsec@ietf.org" Date: 11/29/2009 12:26 PM Subject: [IPsec] Proposed work item: Labelled IPsec Thi

Re: [IPsec] Proposed work item: Failure detection in IKEv2

If this proposal is accepted I commit to review it. Scott Moonen (smoo...@us.ibm.com) z/OS Communications Server TCP/IP Development http://www.linkedin.com/in/smoonen From: Yaron Sheffer To: "ipsec@ietf.org" Date: 11/29/2009 12:26 PM Subject: [IPsec] Proposed work item: Failure detection in

Re: [IPsec] Proposed work item: WESP extensibility - YES

[mail snipped] > - If this proposal is accepted as a WG work item, > are you committing to review multiple versions of the draft? Yes > - Are you willing to contribute text to the draft? Yes > - Would you like to co-author it? Yes I believe the OAM extension described in the draft is useful and