[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: On ipsra authentication options

To: Ricky Charlet <rcharlet@xxxxxxxxxxxx>
Subject: Re: On ipsra authentication options
From: Hugo Krawczyk <hugo@xxxxxxxxxxxxxxxxx>
Date: Sun, 25 Jun 2000 15:15:09 +0300 (IDT)
Cc: ietf-ipsra@xxxxxxxx
In-reply-to: <>
List-archive: <http://www.vpnc.org/ietf-ipsra/mail-archive/>
List-id: <ietf-ipsra.vpnc.org>
List-unsubscribe: <mailto:ietf-ipsra-request@vpnc.org?body=unsubscribe>
Sender: owner-ietf-ipsra@xxxxxxxxxxxxx

On Fri, 23 Jun 2000, Ricky Charlet wrote:

> 
> 
> Howdy,
> 	
> 	One small inline comment near the bottom....

[......]

> > 
> > To realize the second approach I see two options
> > 
> >   A. Follow one of the solutions outlined in the getcert or PIC drafts
> >      (and fill in the many missing details)
> 
> 	Or the User Level Authentication Mechanism (ULA) draft
> draft-kelly-ipsra-userauth.
> 

This protocol suugests a regular IKE exchange followed by legacy
authentication. Thus, if I understand the proposal correctly, it assumes
a strong secret at the client's side (e.g. a strong shared-key stored
in the user's machine). The question is again:
do we (the ipsra WG) want to *manadate* the use of such strong secrets at
the client?

Hugo

Follow-Ups:
- Re: On ipsra authentication options
  - From: Ricky Charlet

References:
- Re: On ipsra authentication options
  - From: Ricky Charlet

Prev by Date: Re: L2TP is ipsra solution (?)
Next by Date: Re: Raising the level ... was RE: Authentication Mechanism Matrix
Previous by thread: Re: On ipsra authentication options
Next by thread: Re: On ipsra authentication options
Index(es):
- Date
- Thread