[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: EAP-IKEv2 MITM prevention (Was: Re: The remaining IKEv2 issues)
Uri Blumenthal writes:
> On 8/20/2003 4:51 PM, Michael Thomas wrote:
> > 2) keeping the AAA clueless that any of this
> > is going on.
>
> I don't think it's (a) feasible, or (b) desirable. Let's
> NOT keep AAA clueless. Especially since in EAP it's the
> AAA that will have to actually run the "new" EAP method.
>
> If it means fighting reality as it is - so be it. :-)
Yes, that's it exactly -- reality. Note that I'm
not defending this, just stating my experience in
the matter. My personal observation is that
there seems to be a lot of both use for better
or worse, and reticence to change people's AAA's.
Does anybody -- Jari? -- have any idea how the
SIP saga ended? Were AAA's eventually upgraded
to deal with http-digest? My guess is that if
they weren't willing to deal with it for SIP,
they're probably not going to be any more
willing with IKE...
Mike