| EAP viewed by IKEv2 | <– Date –> <– Thread –> |
From: Florent Bersani (florent.bersani rd.francetelecom.fr)
|
|
| Date: Thu, 18 Mar 2004 21:48:53 -0500 (EST) | |
While reading draft-ietf-ipsec-ikev2-12.txt, I came across the following
text in section 2.16 which you probably know:
"In addition to authentication using public key signatures and shared secrets, IKE supports authentication using methods defined in RFC 2284 [EAP]. Typically, these methods are asymmetric (designed for a user authenticating to a server), and they may not be mutual. For this reason, these protocols are typically used to authenticate the initiator to the responder and MUST be used in conjunction with a public key signature based authentication of the responder to the initiator. These methods are often associated with mechanisms referred to as "Legacy Authentication" mechanisms."
A bit sad, isn't it, that it refers rather to RFC 2284 and the old EAP methods rather then the new work :-(
Florent, of course I am not willing to modify IKEv2 in any way
"In addition to authentication using public key signatures and shared secrets, IKE supports authentication using methods defined in RFC 2284 [EAP]. Typically, these methods are asymmetric (designed for a user authenticating to a server), and they may not be mutual. For this reason, these protocols are typically used to authenticate the initiator to the responder and MUST be used in conjunction with a public key signature based authentication of the responder to the initiator. These methods are often associated with mechanisms referred to as "Legacy Authentication" mechanisms."
A bit sad, isn't it, that it refers rather to RFC 2284 and the old EAP methods rather then the new work :-(
Florent, of course I am not willing to modify IKEv2 in any way
-
EAP viewed by IKEv2 Florent Bersani, March 18 2004
- Re: EAP viewed by IKEv2 Jari Arkko, March 19 2004
Results generated by Tiger Technologies using MHonArc.