Re: Comments on "Hybrid Auth. mode for IKE"

[suresh@livingston.com (Pyda Srisuresh)]

> 
> Suresh,
> 
> I'm glad we have clarified a number of misunderstandings, though a few
> still remain.
> 
OK, Thanks.

> >I see your clever rewording :-).
> >In reality, users dont have certs and there is a strong demand to
> >support existing auth.  mechanisms to avail of the IPsec services.
> 
> User's with passwords can be issued certs readily.  User's have certs as
> much as they have SecurID cards, S-Key software, etc.  Any time we move
> beyond what a user can do personally to authenticate himself, to require
> computation, the line is blurred.  Hardware tokens are certainly a good way
> to personalize computatiionally intensive auth mechanisms, but they are not
> the only game in town.
> 
> The primary differences seem to be that your primary goal is to find a way
> to make use of existing user auth mechanisms with IPsec, period.  My goal
> is to not degrade the minimum quality of security service offered by the
> use of IPsec.  Hopefully there may be a way to satosfy both goals, but I am
> not prepared to backoff on mine in the name of "market demands, legacy
> systems, etc."
> 
> Steve
> 

I agree with your characterization of the differences for the most part.
We need to be open to market requirements, legacy or otherwise. By 
addressing these requirements in IETF, we can ensure interoperability. 

cheers,
suresh

---

References:

• Re: Comments on "Hybrid Auth. mode for IKE"
• From: Stephen Kent <kent@bbn.com>

---

• Prev by Date: IPSec interop workshop Aug 31st - Sept 3 invitation
• Next by Date: Re: an inbound SPD-check question
• Next by thread: Re: an inbound SPD-check question
• Index(es):
  • Main
  • Thread