[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Clarification of EAP authentication in IKEv2?


(resent, some of my e-mails do not make it to the list.)

Pasi.Eronen@xxxxxxxxx wrote:

IKEv2-11, Section 2.16 says:

   In addition to authentication using public key signatures and
   shared secrets, IKE supports authentication using methods
   defined in RFC 2284 [EAP]. Typically, these methods are
   asymmetric (designed for a user authenticating to a server),
   and they may not be mutual. For this reason, these protocols
   are typically used to authenticate the initiator to the
   responder and are used in addition to a public key signature
   based authentication of the responder to the initiator.

Recently, some people have interpreted the last sentence as
"public key signature based authentication of the responder MUST be used".

Another possible interpretation is that _typically_ the responder is authenticated with public key signatures (for the reasons given earlier in the paragraph), but other alternatives (such as EAP method that provides mutual authentication, or even shared secret) may be possible in some circumstances.

Any comments?

Personally, I support the latter interpretation; since otherwise

I agree.

only initiator authentication is extensible, not responder (and I think this would be an unnecessary limitation... after all,
if the point of EAP is to allow users to choose an authentication method that best suits their needs, why should this be limited to initiator authentication?).

This could be perhaps clarified by adding the following paragraph below the sequence diagram:

If the authentication of the responder is based solely on a
mutually authenticating EAP method, the responder omits the
AUTH payload from message 4. Alternatively, the responder can be authenticated using either public key signatures or a shared secret, in which case the AUTH payload in message 4 is calculated as described in Section 2.15.

This text looks good to me.

--Jari