[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Authentication Mechanism Matrix (was L2TP vs IPSEC)

To: Andrew Krywaniuk <andrew.krywaniuk@xxxxxxxxxxx>
Subject: RE: Authentication Mechanism Matrix (was L2TP vs IPSEC)
From: Hugo Krawczyk <hugo@xxxxxxxxxxxxxxxxx>
Date: Tue, 20 Jun 2000 12:21:59 +0300 (IDT)
Cc: "'IPSRA list'" <ietf-ipsra@xxxxxxxx>
In-reply-to: <>
List-archive: <http://www.vpnc.org/ietf-ipsra/mail-archive/>
List-id: <ietf-ipsra.vpnc.org>
List-unsubscribe: <mailto:ietf-ipsra-request@vpnc.org?body=unsubscribe>
Reply-to: Hugo Krawczyk <hugo@xxxxxxxxxxxxxxxxx>
Sender: owner-ietf-ipsra@xxxxxxxxxxxxx


On Mon, 19 Jun 2000, Andrew Krywaniuk wrote:

> Hi Glen,
> 
> > > Well, that was basically my point. None of the recent
> > proposals have dealt
> > > with the issue of authenticating both user and machine.
> 
> > Try L2TP/IPSec w/EAP-TLS.
> 
> I wasn't including that as a "recent proposal". I meant the more recent get
> cert type drafts.
> 

The PIC protocol (draft-ietf-ipsra-pic-00.txt) can easily accomodate
(optional) machine authentication *in addition* to (mandatory)
user authentication.
I am in favor of providing that option. It was not included in the
first draft because we did not want to add options for which there
was no clear consensus about their need.
>From recent discussions in the list it seems to me that there may be
strong support for such option, if so we can include it in the next
version of the draft.

Hugo

>

Follow-Ups:
- RE: Authentication Mechanism Matrix (was L2TP vs IPSEC)
  - From: CHINNA N.R. PELLACURU

References:
- RE: Authentication Mechanism Matrix (was L2TP vs IPSEC)
  - From: Andrew Krywaniuk

Prev by Date: l2tp as ipsra solution
Next by Date: Re: l2tp as ipsra solution
Previous by thread: RE: Authentication Mechanism Matrix (was L2TP vs IPSEC)
Next by thread: RE: Authentication Mechanism Matrix (was L2TP vs IPSEC)
Index(es):
- Date
- Thread