Hi Kaz,
Most of the WG members are aware of the whole picture:
- The standard is clear that PSK must not be used with passwords.
- The standard contains a good solution for the client-gateway case,
which is already widely implemented, namely EAP. EAP is implemented by
many AAA servers, is avai
Hi Dan,
I'm not suggesting to constrain the protocol. I'm trying to focus the
discussion, and focus the criteria. We both know that integrating an
existing PAKE into IKEv2 is not such a big deal. But we can spend months
debating password management:
- Do we specify a password policy?
- Is th
Hi Yaron,
I see.
Your "client-gateway" means "client-gateway-AAA".
OK, now we can go back to the title.
Why don't you make it more specific, like
"Password-Based Authentication between Gateways in IKEv2: Selection Criteria
and Comparison" or something like that?
This is really what you want t
Hi Kaz,
Sure. That would be an appropriate title.
Thanks for helping to clarify this point!
Regards,
Yaron
On 28.3.2010 15:06, Kaz Kobara wrote:
Hi Yaron,
I see.
Your "client-gateway" means "client-gateway-AAA".
OK, now we can go back to the title.
Why don't you make it more specif
The disagreement between Dan and Yaron is over wording in the not-at-all
normative criteria draft. This draft is not intended to become an RFC, and is
not binding on the WG. It currently is being edited by Yaron; soon it will be
edited by both Yaron and Dan.
>From the active thread the past f
