[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Position statement on IKE development
Having everyone eventually migrate to certificates would be nice from a
theoretical viewpoint, but the reality is that there are VPN customers who
will _never_ move to a certificate based infrastructure. As a VPN service
provider, we see plenty of small customers who simply want their VPN
authentication proxied to their existing RADIUS/NT/etc server(s). This is
why it's critical to have a long term user authentication mechanism for
IPsec.
Mike Horn
> -----Original Message-----
> From: Bill Sommerfeld [mailto:sommerfeld@east.sun.com]
> Sent: Monday, August 06, 2001 6:41 PM
> To: Horn, Mike
> Cc: 'Theodore Tso'; Andrew Krywaniuk; 'Alex Alten'; 'Marcus Leech';
> ipsec@lists.tislabs.com; ietf-ipsra@vpnc.org
> Subject: Re: Position statement on IKE development
>
>
> > One of the reasons various user authentication schemes have not been
> > considered (CRACK for instance) is the moratorium on changes to IKE.
> > Unfortunately the IPSRA WG is very dependent on IKE.
>
> The IPSRA WG is not at all dependant on IKE; it's really all about
> protocols to turn legacy authentication into certificates..
>
> - Bill
>