[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: On ipsra authentication options




On Fri, 23 Jun 2000, Ricky Charlet wrote:

> 
> 
> Howdy,
> 	
> 	One small inline comment near the bottom....

[......]

> > 
> > To realize the second approach I see two options
> > 
> >   A. Follow one of the solutions outlined in the getcert or PIC drafts
> >      (and fill in the many missing details)
> 
> 	Or the User Level Authentication Mechanism (ULA) draft
> draft-kelly-ipsra-userauth.
> 

This protocol suugests a regular IKE exchange followed by legacy
authentication. Thus, if I understand the proposal correctly, it assumes
a strong secret at the client's side (e.g. a strong shared-key stored
in the user's machine). The question is again:
do we (the ipsra WG) want to *manadate* the use of such strong secrets at
the client?
          
Hugo