[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ipsec] IKEv2 and EAP-SIM

To: vamsi <vamsi@intotoinc.com>
Subject: Re: [Ipsec] IKEv2 and EAP-SIM
From: Uri Blumenthal <uri@lucent.com>
Date: Wed, 02 Jun 2004 12:33:19 -0400
Cc: ipsec@ietf.org
List-help: <mailto:ipsec-request@ietf.org?subject=help>
List-id: IP Security <ipsec.ietf.org>
List-post: <mailto:ipsec@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>,<mailto:ipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>,<mailto:ipsec-request@ietf.org?subject=unsubscribe>
Organization: Lucent Technologies / Bell Labs
Original-cc: ipsec@ietf.org
References: <5.2.0.9.0.20040601142755.0331cf58@10.1.5.10>
Sender: ipsec-bounces@ietf.org
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;rv:1.0.1) Gecko/20020823 Netscape/7.0 (CK-LucentTPES)

On 6/1/2004 17:42, vamsi wrote:
> Hi All,
> 
> In section 2.16 of IKEv2 draft states that, when EAP is used, initiator MUST
> authenticate the server using public key signatures. Some EAP methods 
> provide mutual authentication. Should not  this requirement be relaxed to 
> support EAP methods such as EAP-SIM? 

It is an open question whether EAP-SIM offers a reliable mutual authentication.
Thus I'd be against relaxing this requirement for a method such as EAP-SIM.

> I would prefer the statement such as, if EAP method does not
> support mutual authentication, then the initiator MUST authenticate 
> the responder using public key signatures.

In general, I'm ambivalent on this. But since not EAP methods offer equal
strength, perhaps it's best to leave as is...

_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec

References:
- [Ipsec] IKEv2 and EAP-SIM
  - From: vamsi <vamsi@intotoinc.com>

Prev by Date: [Ipsec] IPSec Outbound Packet Processing Questions
Next by Date: [Ipsec] I-D ACTION:draft-ietf-ipsec-ikev2-14.txt
Previous by thread: Re: [Ipsec] IKEv2 and EAP-SIM
Next by thread: [Ipsec] Qos issue related to rfc2401bis
Index(es):
- Date
- Thread