[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hybrid Authentication and Remote Access

To: Vipul Gupta <vgupta@nobel.Eng.Sun.COM>
Subject: Re: Hybrid Authentication and Remote Access
From: "Scott G. Kelly" <skelly@redcreek.com>
Date: Thu, 16 Jul 1998 14:19:50 -0700
CC: ipsec@tis.com, moshe@checkpoint.com
Organization: RedCreek Communications
References: <libSDtMail.9807161248.32658.vgupta@nobel>
Sender: owner-ipsec@ex.tis.com

I wasn't planning on commenting on this until I'd had a bit more time to
review it, but so long as you're bringing it up, I will voice one
criticism of the hybrid-auth draft: ISAKMP Notify messages are ONE-WAY.
You are using them for a 2-way exchange. This is a hack. Read the other
drafts. Hacking your enhancements into the protocol is ridiculous and
unjustified, given that the working group is entering another round in
which such modifications may be properly implemented if appropriate.

Aside from that criticism, I agree that there is a need for such a
mechanism, and that this proposal meets that need in one way, and Roy's
isakmp-xauth proposal meets it in others. It's certainly worthy of
continued discussion.

Follow-Ups:

Re: Hybrid Authentication and Remote Access

From: moshe@checkpoint.com (Moshe Litvin)

References:

Hybrid Authentication and Remote Access

From: Vipul Gupta <vgupta@nobel.Eng.Sun.COM>

Prev by Date: Hybrid Authentication and Remote Access
Next by Date: Re: Revised drafts -- Arch, AH, ESP
Prev by thread: Hybrid Authentication and Remote Access
Next by thread: Re: Hybrid Authentication and Remote Access
Index(es):
- Main
- Thread