[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Comments on "Hybrid Auth. mode for IKE"



Title: RE: Comments on "Hybrid Auth. mode for IKE"

Steve, I didn't make the statement that XAUTH was designed because IKE had shortcomings.  It was designed to extend IKE to support (mostly) legacy authentication mechanisms.  Most of these mechanisms are less secure than the authentication mechanisms that IKE support (X.509 certs), but nonetheless, these mechanisms are in demand.



> -----Original Message-----
> From: Stephen Kent [mailto:kent@bbn.com]
> Sent: Wednesday, July 22, 1998 6:09 PM
> To: Roy Pereira
> Cc: ipsec@tis.com
> Subject: RE: Comments on "Hybrid Auth. mode for IKE"
>
>
> Roy,
>
> I don't mean to suggest that we should engineer on the fly. 
> However, I do
> object to statements justifying XAUTH design features based
> on purported
> shortcomings of IKE and thye general IPsec authentication
> model. If folks
> make such comments and they're not substantiated (or just
> wrong), I think
> it apprppriate to comment on that in the context of this
> mailing list.  Do
> you disagree/
>
> Steve
>
>


Follow-Ups: