[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SOI QUESTIONS: 2.3 Authentication styles
> Again, IPSEC working group --- please discuss:
>
> 2.3.A.) Does SOI need to natively support "legacy authentication
> systems"?
YES. If SOI does not provide native support for this, we can expect some *ugly* solution to come out for it. Thus, a genuine standard is desirable (and it seems PIC will not do). Note that legacy auth may help to support a kind of 'null/public authentication', like ftp's ("anonymous", "root@127.0.0.1" ;-) login. Still there is the question of the how; should we consider some kind of EAP tunnel in SOI ?
> 2.3.B.) Does SOI need to natively support some kind of "shared
> secret" scheme? (Or just certificates-only?)
NO. I understand it as ``Does SOI need to natively support some kind of "administrative laziness" scheme ? (Or just minded admistration only ?)'' ...'hope this does not sound like a flame. What is the value added by shared secret that certificates cannot provide ? Use of certificates is realistic even in light scenarios, without a *huge* PKI infrastructure behind, and it helps to foresee growth in the deployment. Such a feature (shared secret) must not be "needed" (but "may" be supported).
--
Jean-Jacques Puig