To clarify: we don't want "an EAP method". We would like to slightly extend
IKEv2 to use existing, and future, EAP methods that fit the bill.
Thanks,
Yaron
> -----Original Message-----
> From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of
> Michael Richardson
> Sent: Friday, December 04, 2009 5:20
> To: ipsec@ietf.org
> Subject: Re: [IPsec] Proposed work item: EAP-only authentication in IKEv2
>
> Yaron Sheffer wrote:
> > This draft proposes an IKEv2 extension to allow mutual EAP-based
> authentication in IKEv2, eliminating the need for one of the peers to
> present a certificate. This applies to a small number of key-generating
> EAP methods that allow mutual authentication.
> >
> > Proposed starting point: http://tools.ietf.org/id/draft-eronen-ipsec-
> ikev2-eap-auth-07.txt.
> >
> > Please reply to the list:
>
> I believe that this item is a lower priority than SPSK.
> I would like to find a way to find a compromise, but recent discussion
> suggests to me that it isn't possible. Those who want an EAP method can
> do that work in EMU.
>
>
>
>
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec
>
> Scanned by Check Point Total Security Gateway.
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
