[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Charter



In message <38308E71.B798C719@xxxxxxxxxxxx>, "Scott G. Kelly" writes:
> Hi Jan,
> 
> Jan Vilhuber wrote:
>  
> <trimmed...>
>  
> > The requirement really is to have support for 'existing user Direct-Dial
> > Access authentication mechanisms'. Whether this is via PPP (l2tp) or via
> > extending/enhancing IKE (xauth/config-mode or dhcp-proposal) needs to be
> > determined.
> 
> The dhcp proposal doesn't modify or extend IKE in any way, and is not an
> authentication mechanism - it is strictly for configuration. Also,
> l2tp-based authentication is not the only proposed mechanism besides
> xauth. Steve Bellovin discussed one mechanism at the ipsra meeting
> (which he said he'd write up), and we proposed a different one last
> month. 

Yup, I'm working on it.  My current plans are for a draft with two co-authors 
that spells out ~4 different ways to accomplish the authentication without 
touching IKE.  Each will be spelled out in enough detail to make it obvious 
how to do it, and what the costs and benefits are.  We'll take whichever the 
WG likes (if any) and turn it into a full-fledged spec.

		--Steve Bellovin