RE: [Emu] Thoughts on Password-based EAP Methods

2007-04-03 Thread Bernard Aboba
Also, Pascal asked about a patent application. I asked Paul about that and he said it isn't about EAP-TTLS. Searching the IETF IPR page, I found the following disclosure, which relates to TLS-IA, and therefore is only relevant to EAP-TTLSv1: https://datatracker.ietf.org/public/ipr_detail_show.

RE: [Emu] Thoughts on Password-based EAP Methods

2007-04-03 Thread Stephen Hanna
Jouni Malinen wrote: > I'm aware of at least one, though maybe partial, implementation of > TTLSv1. Anyway, I don't think it has been deployed anywhere. I talked to Paul Funk about this. He hasn't implemented EAP-TTLSv1, is not planning to do so, and is not aware of any implementations or deployme

RE: [Emu] Thoughts on Password-based EAP Methods

2007-04-03 Thread Ryan Hurst
Sent: Tuesday, April 03, 2007 8:16 AM To: Bernard Aboba; emu@ietf.org Subject: RE: [Emu] Thoughts on Password-based EAP Methods Some of the things that need to be fixed are fairly fundamental. For example crypto-binding and avoiding multiple layers of negotiation are fairly fundamental. At this

RE: [Emu] Thoughts on Password-based EAP Methods

2007-04-03 Thread Joseph Salowey \(jsalowey\)
Original Message- > From: Bernard Aboba [mailto:[EMAIL PROTECTED] > Sent: Monday, April 02, 2007 3:46 PM > To: emu@ietf.org > Subject: RE: [Emu] Thoughts on Password-based EAP Methods > > >I'm not sure that adding yet another version to TTLS > specifically for >

Re: [Emu] Thoughts on Password-based EAP Methods

2007-04-03 Thread Hannes Tschofenig
I see it a bit differently since I was at many EAP meetings where EAP method authors wanted to work on standards track EAP methods. Ciao Hannes Bernard Aboba wrote: Part of the problem with EAP methods is that people should have started to standardize them within the IETF several years ago. U

Re: [Emu] Thoughts on Password-based EAP Methods

2007-04-03 Thread Bernard Aboba
For example, at least one server uses "client PEAP encryption" as the label for PRF whereas most use "client EAP encryption". That is clearly an interoperability issue (I've only seen this with PEAPv1 and one RADIUS server, but anyway that is the label described in some of the drafts). Using the

Re: [Emu] Thoughts on Password-based EAP Methods

2007-04-02 Thread Jouni Malinen
On Mon, Apr 02, 2007 at 10:41:09PM -0400, Hao Zhou (hzhou) wrote: > > differently.. The main issue for me from the implementation > > view point has been lack of clear description of the protocol > > and existance of differently behaving and already deployed > > implementations.. > [HZ] That's n

RE: [Emu] Thoughts on Password-based EAP Methods

2007-04-02 Thread Hao Zhou \(hzhou\)
Please see inline. > -Original Message- > From: Jouni Malinen [mailto:[EMAIL PROTECTED] > Sent: Monday, April 02, 2007 10:07 PM > To: Bernard Aboba > Cc: emu@ietf.org > Subject: Re: [Emu] Thoughts on Password-based EAP Methods > > On Mon, Apr 02, 2007 at 03:45:4

Re: [Emu] Thoughts on Password-based EAP Methods

2007-04-02 Thread Jouni Malinen
On Mon, Apr 02, 2007 at 03:45:44PM -0700, Bernard Aboba wrote: > I would agree that "versioning" is not a good idea. However, as I > understand it, EAP-TTLSv0 is the only deployed version of TTLS; v1 has > never been implemented. So currently there is no versioning issue with > TTLS, and if

RE: [Emu] Thoughts on Password-based EAP Methods

2007-04-02 Thread Ryan Hurst
Password-based EAP Methods >I'm not sure that adding yet another version to TTLS specifically for >supporting passwords will make things better for customers. Multiple >versions certainly has caused quite a confusion in PEAP. I would agree that "versioning" is not a g

RE: [Emu] Thoughts on Password-based EAP Methods

2007-04-02 Thread Bernard Aboba
I'm not sure that adding yet another version to TTLS specifically for supporting passwords will make things better for customers. Multiple versions certainly has caused quite a confusion in PEAP. I would agree that "versioning" is not a good idea. However, as I understand it, EAP-TTLSv0 is th

RE: [Emu] Thoughts on Password-based EAP Methods

2007-04-02 Thread Hao Zhou \(hzhou\)
; Sent: Monday, April 02, 2007 3:48 PM > To: Joseph Salowey (jsalowey); Bernard Aboba; emu@ietf.org > Subject: RE: [Emu] Thoughts on Password-based EAP Methods > > I believe there were many issues with how PEAP progressed, if > we are careful we could prevent the same thing

RE: [Emu] Thoughts on Password-based EAP Methods

2007-04-02 Thread Ryan Hurst
Subject: RE: [Emu] Thoughts on Password-based EAP Methods I'm not sure that adding yet another version to TTLS specifically for supporting passwords will make things better for customers. Multiple versions certainly has caused quite a confusion in PEAP. > -Original Message

RE: [Emu] Thoughts on Password-based EAP Methods

2007-04-02 Thread Joseph Salowey \(jsalowey\)
Sent: Tuesday, March 27, 2007 8:07 AM > To: emu@ietf.org > Subject: [Emu] Thoughts on Password-based EAP Methods > > After listening to the IETF 68 presentation on a > password-based EAP method, I would like to voice some concerns. > > Today we already have an "over abund

RE: [Emu] Thoughts on Password-based EAP Methods

2007-03-29 Thread Hao Zhou \(hzhou\)
> To: emu@ietf.org > Subject: [Emu] Thoughts on Password-based EAP Methods > > After listening to the IETF 68 presentation on a > password-based EAP method, I would like to voice some concerns. > > Today we already have an "over abundance" of such methods. > Th

[Emu] Thoughts on Password-based EAP Methods

2007-03-27 Thread Bernard Aboba
After listening to the IETF 68 presentation on a password-based EAP method, I would like to voice some concerns. Today we already have an "over abundance" of such methods. These include PEAPv0, PEAPv1, EAP-TTLSv0, EAP-TTLSv1, and EAP-FAST. In my discussions with customers, I invariably hear