On Apr 12, 2011, at 3:17 PM, Tero Kivinen wrote: > This kind of framework would allow using any of the secure password > authentication methods in a way where they can co-exist in the same > implementation. If the implementation is done properly, then it might > be even possible to make it so that new algorithms can be added > easily. > > The proposed protocol is mostly there for start of discussion and the > final version might be different what I outlined above. I have quickly > checked all password method drafts through and I think it should be > quite easy to fit all of the mehods to this kind of framework. > > If people think this is good idea, I can write the first version of > the framework draft and submit it as internet-draft quite soon, but > before I start working on this I would like to get some feedback from > others whether this is good idea, and whether authors of those methods > would be willing to convert their drafts to use this framework. If the > authors are not willing to use this framework then there is no point > of creating the framework.
Hi Tero I have mixed feelings about this. It's better than all four of those drafts advancing separately. OTOH this plug-innable architecture is pretty much admitting defeat. It sets us up to have a situation like EAP, with lots of different methods, and no guide to implementers as to which methods to implement. But I guess it's the lesser evil. Yoav _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
