Unfortunately Dan cannot accept that there may be objective, non
political reasons for the group not to adopt his work. Which is the
reason why three alternative proposals were published several months
after his proposed PAKE solution.
As co-chairmen of ipsecme, Paul and I did our best to get
Paul,
The existence of this draft shows a failure of YOUR leadership (and
that of your co-chairman) of the working group. Consensus was achieved
to add an authentication method based on a simple password yet you
seemingly worked to do everything possible to create division in the
working grou
On Jul 27, 2011, at 6:30 PM, Yoav Nir wrote:
> I think this is a terrible idea.
+.5. I think is is a bad idea.
> IKEv2 has a way for mutual authentication with a shared key.
>
> A concern was raised that this method was vulnerable to guessing if trivial
> shared keys were configured.
>
> T
Yoav Nir writes:
> This draft represents a total shirking of our responsibility. Rather
> than decide on one protocol that is "best" or even arbitrarily
> choosing one that is "good enough", it proposes to build a framework
> so that everyone and their dog can have their own method. This is a
> nig
I think this is a terrible idea.
IKEv2 has a way for mutual authentication with a shared key.
A concern was raised that this method was vulnerable to guessing if trivial
shared keys were configured.
There were several proposals for a better cryptographic method.
The IPsecME working group fail
The IESG has received a request from an individual submitter to consider
the following document:
- 'Secure Password Framework for IKEv2'
as an
Informational RFC
The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments
Alright, here's one.
http://tools.ietf.org/html/draft-nir-ipsecme-erx-01 defines an extension to
IKEv2 so that ERX (as defined by the HOKEY group) can be used with IKEv2.
This will allow a seamless transfer from a local network protected by 802.1x to
a public network where your access needs to