[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: EAP-IKEv2 MITM prevention (Was: Re: The remaining IKEv2 issues)

To: Uri Blumenthal <uri@lucent.com>
Subject: Re: EAP-IKEv2 MITM prevention (Was: Re: The remaining IKEv2 issues)
From: Michael Thomas <mat@cisco.com>
Date: Wed, 20 Aug 2003 14:06:40 -0700 (PDT)
Cc: Michael Thomas <mat@cisco.com>, Jari Arkko <jari.arkko@kolumbus.fi>, "Theodore Ts'o" <tytso@mit.edu>, ipsec@lists.tislabs.com, smb@research.att.com, Charlie_Kaufman@notesdev.ibm.com, Bernard Aboba <aboba@internaut.com>
In-Reply-To: <3F43DFF2.8030608@lucent.com>
References: <E19oneL-0003NU-00@think.thunk.org><3F42A76A.1050800@kolumbus.fi><3F43B2B8.2010203@lucent.com><16195.57195.361779.466156@thomasm-u1.cisco.com><3F43DFF2.8030608@lucent.com>
Sender: owner-ipsec@lists.tislabs.com

Uri Blumenthal writes:
 > On 8/20/2003 4:51 PM, Michael Thomas wrote:
 > > 2) keeping the AAA clueless that any of this 
 > >    is going on.
 > 
 > I don't think it's (a) feasible, or (b) desirable. Let's
 > NOT keep AAA clueless. Especially since in EAP it's the
 > AAA that will have to actually run the "new" EAP method.
 > 
 > If it means fighting reality as it is - so be it. :-)

   Yes, that's it exactly -- reality. Note that I'm
   not defending this, just stating my experience in 
   the matter. My personal observation is that
   there seems to be a lot of both use for better
   or worse, and reticence to change people's AAA's. 

   Does anybody --  Jari? -- have any idea how the 
   SIP saga ended? Were AAA's eventually upgraded
   to deal with http-digest? My guess is that if
   they weren't willing to deal with it for SIP,
   they're probably not going to be any more
   willing with IKE...

	   Mike

Follow-Ups:
- Re: EAP-IKEv2 MITM prevention
  - From: Bernard Aboba <aboba@internaut.com>

References:
- The remaining IKEv2 issues
  - From: "Theodore Ts'o" <tytso@mit.edu>
- EAP-IKEv2 MITM prevention (Was: Re: The remaining IKEv2 issues)
  - From: Jari Arkko <jari.arkko@kolumbus.fi>
- Re: EAP-IKEv2 MITM prevention (Was: Re: The remaining IKEv2 issues)
  - From: Michael Thomas <mat@cisco.com>
- Re: EAP-IKEv2 MITM prevention (Was: Re: The remaining IKEv2 issues)
  - From: Uri Blumenthal <uri@lucent.com>

Prev by Date: Re: EAP-IKEv2 MITM prevention (Was: Re: The remaining IKEv2 issues)
Next by Date: RE: The remaining IKEv2 issues - #64
Prev by thread: Re: EAP-IKEv2 MITM prevention (Was: Re: The remaining IKEv2 issues)
Next by thread: Re: EAP-IKEv2 MITM prevention
Index(es):
- Date
- Thread