[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: New XAUTH draft
I'd like to add a voice in favor of separating the legacy user
authentication mechanisms from IKE. There are several arguments
supporting this separation:
* First and foremost, IKE is hard to analyze and implement correctly
as is. Adding modes and functionalities will only make it harder.
KISS (keep is simple and secure)!
* IKE/IPSEC is primarily meant for host-to-host protection. User
authentication seems to be best done on top of IKE/IPSEC,
not as a part of it.
* Having relatively simple and separate modules is a nice feature of the
IPSEC suite, as opposed to other, monolythic security protocols. Let's keep
it this way.
A seemingly "natural" alternative to XAUTH is to first do IKE, and then
complete the user authentication via the IPSEC-protected connection
(using either AH or ESP). Are there overwhelming arguments to not do it
this way, and break the modularity of IPSEC?
Ran