[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Clarification of EAP authentication in IKEv2?




(also resent)

Hannes,

I think Pasi is suggesting a clarification, not a change
in the protocol. The current text says "typically".
Also, Section 2.16 talks about AUTH payloads in the
"final messages" i.e. when the generated key is available
from EAP. Finally, you wrote:

> - if you have this eap method offers the desired functionality
>   (mutual authentication, session key generation)

This may not be such a big requirement. Our specifications
already require these properties with strong keywords: the IKEv2
spec says that you SHOULD NOT use non-key generating methods.
And according to draft-ietf-eap-keying-01.txt, key-generating
methods MUST provide also mutual authentication.

--Jari