Re: The remaining IKEv2 issues

[Michael Richardson <mcr@sandelman.ottawa.on.ca>]

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams@sun.com> writes:
    >> i.e. we can't do something like CHAP.
    >> 
    >> The reason is that the gateway will likely have to provide the literal
    >> reply via EAP/Radius to another machine for checking.
    >> 
    >> I'm not certain what systems your proposal would work for.  Not
    >> SecureID, not X9.9, not passwords-over-radius.

    Nicolas> The challenge function would have to be modified in those
    Nicolas> systems - it's not applicable only at the responder.  This means

  I wish it were that simple, but the tokens and servers are out of our
control.

]      Out and about in Ottawa.    hmmm... beer.                |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian/notebook using, kernel hacking, security guy");  [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys - custom hacks make this fully PGP2 compat

iQCVAwUBP0KEZoqHRg3pndX9AQGECgP/cl1uEjjV2J42H8jdqPL1yMVCv/i3Egqz
mqBDtKUr3iLnnMD5+APrqEMfam1qjjHKOtwkvmbpn5iURvxU7PgrwlCiSNJEnDpK
rqU4c8CDDRjO0qdIQyVRcnvfBGjRZEr/wAlnEdzX1h6LIe/z7KtU0nzSuiAJcDCS
shQm9xguyEU=
=Pr14
-----END PGP SIGNATURE-----