[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SOI QUESTIONS: 2.3 Authentication styles

To: ipsec@lists.tislabs.com
Subject: RE: SOI QUESTIONS: 2.3 Authentication styles
From: "Childs, Jonathan (Jonathan)" <jonchilds@lucent.com>
Date: Wed, 19 Jun 2002 17:13:20 -0400
Sender: owner-ipsec@lists.tislabs.com

I couldn't agree more with  Dan's assertion.  We were more or less forced to
add Xauth to support customer needs. After some interop problems they are
finally happy using it as is.  To remove something that they count on rather
heavily would make IKEv2 a non starter for them.  If we don't support some
kind of built in legacy auth I have a feeling I will be implementing some
non-standard Xauthv2 draft in the future.

To answer Ted's question though I think this is absolutely necessary.
Lots of problems with IKEv1 had to do with the fact that we ignored this
subject and people attempted to add it in various ways after the fact,
some more clumsily than others. That tends to work against interoperability
and for single vendor solutions. 

We made a mistake by ignoring this the first time and it would be a mistake
to do so again. PIC is not a solution to this problem.

  Dan.

Prev by Date: Re: SOI QUESTIONS: 2.3 Authentication styles
Next by Date: Re: SOI QUESTIONS: 2.3 Authentication styles
Prev by thread: RE: SOI QUESTIONS: 2.3 Authentication styles
Next by thread: JFK draft editing error?
Index(es):
- Date
- Thread