Re: Question about how to proceed on PIC

[Jean-Jacques Puig <Jean-Jacques.Puig@xxxxxxxxxxx>]

Hello,

	I was interested in PIC mainly because IKEv1 does not address legacy
	auth, and a bootstrap method from legacy auth to tunnel
	establishment sounds reasonable. IKEv2 supports legacy auth, but I
	don't think PIC does exactly the same thing. However, the market will
	certainly accept only one protocol here, and it will be IKEv2, thus
	I think going further with PIC is pointless.

	Whether it is coherent for IKEv2 to handle legacy auth is another
	debate though (on which I have no opinion :-).

--
Jean-Jacques Puig

On Fri, May 02, 2003 at 08:12:50AM -0700, Paul Hoffman / VPNC wrote:
> 
> Greetings again. As many of you know, PIC was sent to the RFC Editor
> for publication, and before the RFC came out, a security problem with
> the way that PIC, EAP, and other related protocols do authentication
> was discovered. The problem is described in detail in
> <http://www.ietf.org/internet-drafts/draft-puthenkulam-eap-binding-02.txt>.
> 
> We now have a clearer idea on how to modify PIC to avoid the security
> problem, but in the meantime, IKEv2 has moved much closer to being
> finished. IKEv2 includes a single standard method for doing legacy
> authentication. Also, we have heard little or no interest in
> deploying PIC.
> 
> So our question to you is, should we fix PIC and get a standards-track
> RFC, an informational RFC, or should we withdraw it? There is no reason
> for us to create an RFC that no one will implement. We want to hear
> from folks in the WG about this so we can decide to go forwards.
> 
> --Paul Hoffman and Sara Bitan, WG chairs