RE: Comments on "Hybrid Auth. mode for IKE"

[Stephen Kent <kent@bbn.com>]

Pat,

I have not looked at EAP, but the notion of transporting auth data between
endpoints who are not directly connected seems like a reasonable goal.
However, if these endpoints are not IPsec implementations, I would see this
as an adjunct to IKE, not an alternative underlying mechanism.

SOCKS and PPP have modes in which only bind-time auth is provided, i.e.,
there is nothing that cryptographically ties each successive packet to the
initial auth exchange.  This differs from IPsec, where the keying materail
used with AH or with ESP auth/integrity is tied directly to the initial
auth and encryption exchange.  Given this fundamental dichotomy, I would
not expect auth mechanisms to be completely interchangeable among all of
these protocols in all of thier modes of use.

Steve

---

Follow-Ups:

• RE: Comments on "Hybrid Auth. mode for IKE"
• From: "pcalhoun@eng.sun.com" <Pat.Calhoun@Eng.Sun.Com>

References:

• RE: Comments on "Hybrid Auth. mode for IKE"
• From: Pat.Calhoun@Eng.Sun.Com (Patrice Calhoun)

---

• Prev by Date: RE: Comments on "Hybrid Auth. mode for IKE"
• Next by Date: RE: Comments on "Hybrid Auth. mode for IKE"
• Prev by thread: RE: Comments on "Hybrid Auth. mode for IKE"
• Next by thread: RE: Comments on "Hybrid Auth. mode for IKE"
• Index(es):
  • Main
  • Thread