| Re: EAP viewed by IKEv2 | <– Date –> <– Thread –> |
From: Jari Arkko (jari.arkko piuha.net)
|
|
| Date: Fri, 19 Mar 2004 08:52:12 -0500 (EST) | |
Florent Bersani wrote:
--Jari
While reading draft-ietf-ipsec-ikev2-12.txt, I came across the following text in section 2.16 which you probably know:
"In addition to authentication using public key signatures and shared secrets, IKE supports authentication using methods defined in RFC 2284 [EAP]. Typically, these methods are asymmetric (designed for a user authenticating to a server), and they may not be mutual. For this reason, these protocols are typically used to authenticate the initiator to the responder and MUST be used in conjunction with a public key signature based authentication of the responder to the initiator. These methods are often associated with mechanisms referred to as "Legacy Authentication" mechanisms."
A bit sad, isn't it, that it refers rather to RFC 2284 and the old EAP methods rather then the new work :-(
Regarding the reference, I have complained about it at least once on the IPsec mailing list, but apparently without an effect...
Please complain again. There's absolutely no reason to use the old reference, and a lot of interoperability and other issues come clearer with the new reference.
--Jari
-
EAP viewed by IKEv2 Florent Bersani, March 18 2004
- Re: EAP viewed by IKEv2 Jari Arkko, March 19 2004
Results generated by Tiger Technologies using MHonArc.