Nico Williams writes: > I fail to see how Tero's proposal makes any headway. Customers who > have and want to use AAA will not be able to use it, near as I can > tell, and if you undertake to make it possible to use AAA in Tero's > proposal then you'll be quickly approximating EAP re-invention.
If you want to use AAA, you use EAP. We already have EAP in the IKEv2, there is no need for another method which supports AAA than that. We also have mutual EAP authentication as extension and we do have some of those same secure password authentication methods proposed as EAP methods too. > Which I-Ds are in last call?? http://datatracker.ietf.org/doc/draft-harkins-ipsecme-spsk-auth/ http://datatracker.ietf.org/doc/draft-kuegler-ipsecme-pace-ikev2/ http://datatracker.ietf.org/doc/draft-shin-augmented-pake/ and then there are one more which is not yet there: http://datatracker.ietf.org/doc/draft-sheffer-ipsecme-hush/ and then we have the selection criteria document for background information: http://datatracker.ietf.org/doc/draft-harkins-ipsecme-pake-criteria/ -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
