[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

EAP Handling in IKEv2

To: <ipsec@lists.tislabs.com>
Subject: EAP Handling in IKEv2
From: "Hannes Tschofenig" <Hannes.Tschofenig@siemens.com>
Date: Thu, 1 May 2003 14:32:10 +0200
References: <sjmptnng1l0.fsf@kikki.mit.edu>
Sender: owner-ipsec@lists.tislabs.com

Dear all,



in Section 2.16 you mention the mechanism for protecting against
man-in-the-middle attacks:

" For EAP methods that create a shared key as a side effect of

authentication, that shared key MUST be used by both the Initiator

and Responder to generate an AUTH payload using the syntax for shared

secrets specified in section 2.15. This shared key MUST NOT be used

for any other purpose.

"

This covers the case where the EAP method establishes a session key.

Which procedure do you suggest for cases where EAP methods do not create a
session key such as the One-Time Password (OTP)?



Ciao

Hannes

Prev by Date: Re: ISAKMP and SSL
Next by Date: Re: ISAKMP and SSL
Prev by thread: Re: ISAKMP and SSL
Next by thread: Re: EAP Handling in IKEv2
Index(es):
- Date
- Thread