[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Clarification of EAP authentication in IKEv2?
Pasi.Eronen@nokia.com wrote:
> IKEv2-11, Section 2.16 says:
>
> In addition to authentication using public key signatures and
> shared secrets, IKE supports authentication using methods
> defined in RFC 2284 [EAP]. Typically, these methods are
> asymmetric (designed for a user authenticating to a server),
> and they may not be mutual. For this reason, these protocols
> are typically used to authenticate the initiator to the
> responder and are used in addition to a public key signature
> based authentication of the responder to the initiator.
>
> Recently, some people have interpreted the last sentence as
> "public key signature based authentication of the responder
> MUST be used".
>
> Another possible interpretation is that _typically_ the responder
> is authenticated with public key signatures (for the reasons
> given earlier in the paragraph), but other alternatives (such
> as EAP method that provides mutual authentication, or even
> shared secret) may be possible in some circumstances.
>
> Any comments?
>
> Personally, I support the latter interpretation; since otherwise
I agree.
> only initiator authentication is extensible, not responder
> (and I think this would be an unnecessary limitation... after all,
> if the point of EAP is to allow users to choose an authentication
> method that best suits their needs, why should this be limited
> to initiator authentication?).
>
> This could be perhaps clarified by adding the following
> paragraph below the sequence diagram:
>
> If the authentication of the responder is based solely on a
> mutually authenticating EAP method, the responder omits the
> AUTH payload from message 4. Alternatively, the responder
> can be authenticated using either public key signatures or
> a shared secret, in which case the AUTH payload in message 4
> is calculated as described in Section 2.15.
This text looks good to me.
--Jari