[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Question about EAP payload

To: <ipsec@lists.tislabs.com>
Subject: Question about EAP payload
From: Radia Perlman - Boston Center for Networking <Radia.Perlman@sun.com>
Date: Sun, 23 Feb 2003 00:32:47 -0500
Reply-To: <radia.perlman@sun.com>
Sender: owner-ipsec@lists.tislabs.com

I've been reading the new draft of IKEv2, which
has not yet been announced, but has been submitted.

Anyway, under EAP payload, there seems to be
"OTP", "MD5-challenge", and "generic token card".
But there doesn't seem to be anything there
for just plain sending a name and password.

Is this intentional, perhaps because MD5-challenge
is considered better? (though it requires the
server to store a password-equivalent, whereas
sending password in-the-clear allows the
server to store hashes of passwords)

Or is name/password really covered under "generic
token card", because EAP just passes text back
and forth, and the server could ask for name
and password, and the client could send it?

Radia

Follow-Ups:
- RE: Question about EAP payload
  - From: "Yoav Nir" <ynir@CheckPoint.com>

Prev by Date: (fwd) Last Call: Using IPsec to Protect MIPv6 Signaling to ProposedStandard
Next by Date: Software Library for programatic implementation of IPSec/IKE
Prev by thread: (fwd) Last Call: Using IPsec to Protect MIPv6 Signaling to ProposedStandard
Next by thread: RE: Question about EAP payload
Index(es):
- Date
- Thread