Dear Yaron Sheffer,
I have one question about the draft.
draft-sheffer-ipsecme-pake-criteria-02.txt says in Page 4
“This document is limited to the use of password-based authentication to
achieve trust between gateways”
Is this a consensus of this WG?
Best regards,
Shin
On Thu, Mar 25, 2010 at
Hi Shin,
Yes. For the typical remote access VPN, EAP is typically more useful.
Note that there is still need for strong password-based mutual
authentication EAP methods - but their home is the EMU working group.
In addition, the IPsecME has another charter item designed to fit such
EAP metho
Hi Shin,
Yes. For the typical remote access VPN, EAP is typically more useful.
Note that there is still need for strong password-based mutual
authentication EAP methods - but their home is the EMU working group.
In addition, the IPsecME has another charter item designed to fit such
EAP metho
Thank you for your kind explanation.
Best regards,
Shin
On Fri, Mar 26, 2010 at 3:30 AM, Yaron Sheffer wrote:
> Hi Shin,
>
> Yes. For the typical remote access VPN, EAP is typically more useful. Note
> that there is still need for strong password-based mutual authentication EAP
> methods - but
Hi Dan
I am not trying to create a complete taxonomy of cluster types. I should also
note that we don't really have a term for a single "thing" that does IKE and
IPsec. Our documents use terms like "gateway" and "peer", but "gateway" does
not encompass VPN clients and hosts, and "peer" is not j
Yoav Nir writes:
> I am not trying to create a complete taxonomy of cluster types.
I think it is worth adding more defined terms, just to show which we
are not talking about too.
> I should also note that we don't really have a term for a single
> "thing" that does IKE and IPsec. Our documents u
Hi Yaron
> draft-sheffer-ipsecme-pake-criteria-02.txt says in Page 4
> "This document is limited to the use of password-based authentication to
> achieve trust between gateways"
I would like to make sure that
"gateway" in this document does not encompass VPN clients and hosts, right?
Kaz
>
On the contrary, I would like to see no notion of "clients", "hosts",
and "gateways" at all. There is no reason why this technique could
not be used in any of the use cases in IKEv2.
And such a statement certainly does not belong in a document that
supposedly deals with criteria upon which a
As I mentioned in my previous mail, the document attempts to follow the
use cases as agreed in the charter.
For the remote access case, there are clear benefits to having a
separate AAA server, and EAP has been adopted by multiple protocols
including IKEv2. I don't see a reason to open this de
Hi Kaz,
I *thought* my intention was clear: "between gateways" as opposed to
"between clients and gateways". So your assertion is correct.
Thanks,
Yaron
On 26.3.2010 1:40, Kaz Kobara wrote:
Hi Yaron
draft-sheffer-ipsecme-pake-criteria-02.txt says in Page 4
"This document is limited
Hi Shin,
Yes. For the typical remote access VPN, EAP is typically more useful.
Note that there is still need for strong password-based mutual
authentication EAP methods - but their home is the EMU working group.
In addition, the IPsecME has another charter item designed to fit such
EAP metho
11 matches
Mail list logo
