[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The remaining IKEv2 issues
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams@sun.com> writes:
>> i.e. we can't do something like CHAP.
>>
>> The reason is that the gateway will likely have to provide the literal
>> reply via EAP/Radius to another machine for checking.
>>
>> I'm not certain what systems your proposal would work for. Not
>> SecureID, not X9.9, not passwords-over-radius.
Nicolas> The challenge function would have to be modified in those
Nicolas> systems - it's not applicable only at the responder. This means
I wish it were that simple, but the tokens and servers are out of our
control.
] Out and about in Ottawa. hmmm... beer. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian/notebook using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys - custom hacks make this fully PGP2 compat
iQCVAwUBP0KEZoqHRg3pndX9AQGECgP/cl1uEjjV2J42H8jdqPL1yMVCv/i3Egqz
mqBDtKUr3iLnnMD5+APrqEMfam1qjjHKOtwkvmbpn5iURvxU7PgrwlCiSNJEnDpK
rqU4c8CDDRjO0qdIQyVRcnvfBGjRZEr/wAlnEdzX1h6LIe/z7KtU0nzSuiAJcDCS
shQm9xguyEU=
=Pr14
-----END PGP SIGNATURE-----