[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cert enrollment?

In message <000701bfc5da$ca9b9700$428939cc@xxxxxxxxxxxxxxxxxxx>, "Bernard Aboba
" writes:
>>I'm perfectly amenable to hearing 
>>how an existing enrollment protocol can be tweaked, so long as that 
>>tweak isn't comparable in complexity to the tweaks I've already 
>>rejected, i.e., tweaks to IKE.
>Is this as simple as adding support for various legacy authentication
>methods to the enrollment protocol (such as adding support for GSS_API or 
>SASL)? That wouldn't necessarily be complex...
Although the charter isn't phrased in these terms, let's be real.  The 
primary area of interest for ipsra is sites with RADIUS databases, with 
authentication via passwords or SecurID, and probably via PPP-grade 
challenge/response.  If those mechanisms can handle these scenarios, we 
may have a winner.

		--Steve Bellovin