[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Clarification of EAP authentication in IKEv2?

To: hannes.tschofenig@xxxxxxxxxxx
Subject: Re: Clarification of EAP authentication in IKEv2?
From: Jari Arkko <jari.arkko@xxxxxxxxxxx>
Date: Fri, 19 Dec 2003 20:27:27 +0200
Cc: Pasi.Eronen@xxxxxxxxx, ipsec@xxxxxxxxxxxxxxxxx
In-reply-to: <>
References: <>
Sender: owner-ipsec@xxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031007

(also resent)

Hannes,

I think Pasi is suggesting a clarification, not a change
in the protocol. The current text says "typically".
Also, Section 2.16 talks about AUTH payloads in the
"final messages" i.e. when the generated key is available
from EAP. Finally, you wrote:

- if you have this eap method offers the desired functionality
  (mutual authentication, session key generation)


This may not be such a big requirement. Our specifications
already require these properties with strong keywords: the IKEv2
spec says that you SHOULD NOT use non-key generating methods.
And according to draft-ietf-eap-keying-01.txt, key-generating
methods MUST provide also mutual authentication.

--Jari

References:
- RE: Clarification of EAP authentication in IKEv2?
  - From: Pasi . Eronen

Prev by Date: Re: Clarification of EAP authentication in IKEv2?
Next by Date: Re: Clarification of EAP authentication in IKEv2?
Previous by thread: Re: Clarification of EAP authentication in IKEv2?
Next by thread: Re: Clarification of EAP authentication in IKEv2?
Index(es):
- Date
- Thread