[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Ipsec] IKEv2 and EAP-SIM
On 6/1/2004 17:42, vamsi wrote:
> Hi All,
>
> In section 2.16 of IKEv2 draft states that, when EAP is used, initiator MUST
> authenticate the server using public key signatures. Some EAP methods
> provide mutual authentication. Should not this requirement be relaxed to
> support EAP methods such as EAP-SIM?
It is an open question whether EAP-SIM offers a reliable mutual authentication.
Thus I'd be against relaxing this requirement for a method such as EAP-SIM.
> I would prefer the statement such as, if EAP method does not
> support mutual authentication, then the initiator MUST authenticate
> the responder using public key signatures.
In general, I'm ambivalent on this. But since not EAP methods offer equal
strength, perhaps it's best to leave as is...
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec