[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The remaining IKEv2 issues

To: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
Subject: Re: The remaining IKEv2 issues
From: Uri Blumenthal <uri@lucent.com>
Date: Thu, 21 Aug 2003 16:10:59 -0400
Cc: ipsec@lists.tislabs.com
Organization: Lucent Technologies / Bell Labs
Original-CC: ipsec@lists.tislabs.com
References: <Pine.GSO.4.33.0308200919560.24171-100000@gandalf.sctc.com> <p0521061ebb6ac6869210@[63.202.92.152]>
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0 (CK-LucentTPES)

On 8/21/2003 3:04 PM, Paul Hoffman / VPNC wrote:
>>If we are expecting that people are going to implement these methods and
>>customer are going to make use of these methods, I would much rather see
>>a standards-based way of doing so, and have this method be tested at
>>bakeoffs.
> 
> Fully agree.........
> Saying "'MUST NOT' or 'SHOULD NOT' do the things
> that your customers are demanding" is a really good way to cripple
> IKEv2 deployment.

Well yes, I agree too. What I don't understand if why we
cannot create kg methods using the same credentials? It
seems to be the only way to satisfy both the customers
who need to use devices like SecureID (hey, I'm one
of those), and the security requirements.

> One of the main goals of IKEv2 was to avoid re-creating
> the XAUTH fiasco.

Please educate me - I didn't keep track of XAUTH. Why did
it fail? What was wrong with it?

Thanks!

Follow-Ups:
- Re: The remaining IKEv2 issues
  - From: Yoav Nir <ynir@CheckPoint.com>

References:
- Re: The remaining IKEv2 issues
  - From: Tylor Allison <allison@securecomputing.com>
- Re: The remaining IKEv2 issues
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>

Prev by Date: No Subject
Next by Date: I-D ACTION:draft-ietf-ipsec-ui-suites-04.txt
Prev by thread: Re: The remaining IKEv2 issues
Next by thread: Re: The remaining IKEv2 issues
Index(es):
- Date
- Thread