[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Clarification of EAP authentication in IKEv2?
(I'm sending this again, since for some reason my
post on Tuesday didn't come through.)
Hi,
IKEv2-11, Section 2.16 says:
In addition to authentication using public key signatures and
shared secrets, IKE supports authentication using methods
defined in RFC 2284 [EAP]. Typically, these methods are
asymmetric (designed for a user authenticating to a server),
and they may not be mutual. For this reason, these protocols
are typically used to authenticate the initiator to the
responder and are used in addition to a public key signature
based authentication of the responder to the initiator.
Recently, some people have interpreted the last sentence as
"public key signature based authentication of the responder
MUST be used".
Another possible interpretation is that _typically_ the responder
is authenticated with public key signatures (for the reasons
given earlier in the paragraph), but other alternatives (such
as EAP method that provides mutual authentication, or even
shared secret) may be possible in some circumstances.
Any comments?
Personally, I support the latter interpretation; since otherwise
only initiator authentication is extensible, not responder
(and I think this would be an unnecessary limitation... after all,
if the point of EAP is to allow users to choose an authentication
method that best suits their needs, why should this be limited
to initiator authentication?).
This could be perhaps clarified by adding the following
paragraph below the sequence diagram:
If the authentication of the responder is based solely on a
mutually authenticating EAP method, the responder omits the
AUTH payload from message 4. Alternatively, the responder
can be authenticated using either public key signatures or
a shared secret, in which case the AUTH payload in message 4
is calculated as described in Section 2.15.
Best regards,
Pasi