Tero Kivinen wrote:
SPSK can be used when there is requirement for host to host (or site
to site) connection, where either end can initiate traffic and
exchanges and where entities still want to use passwords instead of
public keys to authenticate. Shared keys could be used there, but in
most set
U side of the house, I share your
> > frustration...
> >
> > Thanks,
> > Yaron
> >
> >> -Original Message-
> >> From: Dan Harkins [mailto:dhark...@lounge.org]
> >> Sent: Tuesday, December 01, 2009 10:19
> >> To: Yaron Sheffer
>
> Regarding the process at the EMU side of the house, I share your
> frustration...
>
> Thanks,
> Yaron
>
>> -Original Message-
>> From: Dan Harkins [mailto:dhark...@lounge.org]
>> Sent: Tuesday, December 01, 2009 10:19
>> To: Yaron Sheffer
>>
aron Sheffer
> Cc: Dan Harkins; ipsec@ietf.org
> Subject: Re: [IPsec] Proposed work item: IKEv2 password authentication
> (SPSK) - NO
>
>
> Yaron,
>
> It is important for you to state what problem you're trying to solve.
> That problem is, simply, password-only
: Tero Kivinen; ipsec@ietf.org; Matthew Cini Sarreo
> Subject: Re: [IPsec] Proposed work item: IKEv2 password authentication
> (SPSK) - NO
>
>
> Hi Yaron,
>
> EAP is a client/server protocol. If either side can initiate the
> exchange (necessary for site-to-site and tra
Thanks,
> Yaron
>
>> -Original Message-
>> From: Tero Kivinen [mailto:kivi...@iki.fi]
>> Sent: Tuesday, December 01, 2009 15:04
>> To: Yaron Sheffer
>> Cc: Dan Harkins; Matthew Cini Sarreo; ipsec@ietf.org
>> Subject: Re: [IPsec] Proposed
Yaron Sheffer writes:
> I'm sorry, but you are misstating the difference between the
> proposals. One is adding a notification and eliminating one existing
> (certificate) check; the other is adding an IKE mode, and changing
> the protocol state machine in the process.
Not true.
Both are adding n
gt; Subject: Re: [IPsec] Proposed work item: IKEv2 password authentication
> (SPSK) - NO
>
> Yaron Sheffer writes:
> > I'm sorry, but you are misstating the difference between the
> > proposals. One is adding a notification and eliminating one existing
> > (certificat
Matthew Cini Sarreo writes:
> From a developer point of view, I share the same opinion as Yaron about this
> issue. Instead of creating new solutions, I personally think that it would
> be better to offer guidlines on how to implement current solutions (i.e EAP)
> and provide documents targeting im
Yaron Sheffer writes:
> EAP was added to IKEv2 to provide "legacy" (a.k.a. password)
> authentication. In the past it did not do it very well, but this is
> changing. We should improve the use of EAP in IKEv2, rather than
> replacing it by a homebrew solution.
EAP can really only be used in the c
gt; Subject: Re: [IPsec] Proposed work item: IKEv2 password authentication
> (SPSK) - NO
>
>
> Hi Matthew,
>
> Please take a look at both proposals. There is no proposal to simply
> offer guidelines. Both of them are "new solutions" and modify the IKE
> exchan
Hi Matthew,
Please take a look at both proposals. There is no proposal to simply
offer guidelines. Both of them are "new solutions" and modify the IKE
exchange. One uses NOTIFY messages to indicate the new exchange and the
other uses the critical bit to indicate the new exchange. I would be
i
Yaron,
It is important for you to state what problem you're trying to solve.
That problem is, simply, password-only authentication. To bring up the
motivation for adding EAP to IKEv2 is quite irrelevant since EAP in IKEv2
today involves server-side authentication using a certificate.
You w
>From a developer point of view, I share the same opinion as Yaron about this
issue. Instead of creating new solutions, I personally think that it would
be better to offer guidlines on how to implement current solutions (i.e EAP)
and provide documents targeting implementers. This would create less
Hi everyone,
[WG co-chair hat off]
I believe this effort is misguided, and would be a waste of the WG time.
EAP was added to IKEv2 to provide "legacy" (a.k.a. password) authentication. In
the past it did not do it very well, but this is changing. We should improve
the use of EAP in IKEv2, rath
15 matches
Mail list logo
