[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Using Legacy Authentication for IPSRA (was : xauth requirements: vulnerabilities)

Hi Sara,

One small clarification:

Sara Bitan wrote:
> > > The purpose of the suggested extend authentication protocols is to convey
> > > these authentication mechanisms into the existing IKE protocol.
> >
> > This gets to the heart of it, I think. There seems to be a market
> > "requirement" which has driven xauth, that being that administrators
> > think they want security, but they also have a conflicting desire, i.e.
> > to continue using their currently installed weak authentication
> > mechanisms. A remote access working group has been proposed, and I would
> > hope that the purpose of this group would be to actually examine the
> > remote access problem in depth and propose good, solid solutions, as
> > opposed to simply rubber-stamping the existing proposed mechanisms
> > without further thought.
> "rubber-stamping" is one way of looking at the integration of legacy
> authentication
> into IPSec. There are others.

The rubber-stamping I was referring to is with respect to xauth. I meant
to say that I don't think we should go through the motions of forming a
working group just so that we can standardize xauth with no real