[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

L2TP+IPsec and IKE authentication

To: ipsra <ietf-ipsra@vpnc.org>
Subject: L2TP+IPsec and IKE authentication
From: Yael Dayan <yael@radguard.com>
Date: Wed, 24 May 2000 10:50:38 +0200
Cc: ipsec@lists.tislabs.com
Organization: Radguard
Sender: owner-ipsec@lists.tislabs.com

It seems as though no one is paying attention to an issue that dominated
these mailing lists in the not so far past, concerning the validity of
the authentication procedure imposed by XAUTH.

L2TP+IPsec requires IKE. IKE is an authenticated key exchange and yet
people clearly state that the user authentication will take place in the
PPP authentication.
This means one of these is true:
1. Users have certificates. In this case why do we need the PPP
authentication?
2. Each user has a pre-shared secret with the SGW. Again, why do we need
the PPP authentication?
3. The user does not authenticate to the SGW and Phase I, Phase II and
IPsec traffic happen prior to authentication of the user. To support
this, IKE requires changes and the architecture in "security
architecture" becomes somewhat questionable.

Yael

Prev by Date: L2TP-IPSec feature list
Next by Date: RE: L2TP+IPsec and IKE authentication
Prev by thread: RE: L2TP-IPSec feature list
Next by thread: RE: L2TP+IPsec and IKE authentication
Index(es):
- Main
- Thread