eap Mailing List: Re: What about PSK with TLS and IKEv2?

[Mohamad Badra (badra]

T. Charles Clancy wrote:

> If TLS-PSK does indeed only require 1.5 round trips, it would accomplish
> something similar to EAP-PSK.  I could argue some other differences, but I
> think I'll leave that to Florent.
I wait so :)

> As far as EAP-PAX goes, it includes features that cannot be accomplished
> with just TLS-PSK, including secure provisioning with a weak key and
> identity protection.
For info, we have today the following contributions for Pre Shared Key with TLS:

 (1) No identity protection, no PFS contributions:

     o [TLS-PSK] no identity protection, no PFS; available at 
http://www.ietf.org/internet-drafts/draft-ietf-tls-psk-00.txt
     o [TLS-SHAREDKEYS] no identity protection, no PFS (expired and available 
at http://www.ietf.org/proceedings/03nov/I-D/draft-ietf-tls-sharedkeys-02.txt
     o [TLS-EXPRESS] no identity protection, no PFS; available at 
http://ietfreport.isoc.org/ids/draft-badra-tls-express-00.txt

 (2) Identity proection and PFS contributions:

     o [TLS-SRP] identity protection, PFS, secure provisioning with a weak key; 
available at http://www.ietf.org/internet-drafts/draft-ietf-tls-srp-07.txt
     o [TLS-KeyExchangeMethod] identity protection, PFS, secure provisioning 
with a weak key; available at 
http://www.infres.enst.fr/~badra/draft-badra-cherkaoui-hajjeh-serhrouchni-tls-key-exchange-00.txt
 (I will send it today to IETF secretariat).

> With respect to simplicity, something that both PSK and PAX try to achieve
> is avoid using redundant, extensible APIs. 
Sorry, but I didn't understand what do you mean by that :s

--
Mohamad Badra
ENST-Paris
Dept. Computer Sciences and Networks