eap Mailing List: Re: What about PSK with TLS and IKEv2?

[T. Charles Clancy (clancy]

On Mon, 9 Aug 2004, Mohamad Badra wrote:

>   (2) Identity proection and PFS contributions:
>
>       o [TLS-SRP] identity protection, PFS, secure provisioning with a
> weak key; available at
> http://www.ietf.org/internet-drafts/draft-ietf-tls-srp-07.txt

Doesn't SRP has IP issues?  While its licenses are free, there have been
claims it infringes on the SPEKE patent.  There's also an EAP-SRP, but I
believe it's been abandoned.

>       o [TLS-KeyExchangeMethod] identity protection, PFS, secure
> provisioning with a weak key; available at
> http://www.infres.enst.fr/~badra/draft-badra-cherkaoui-hajjeh-serhrouchni-tls-key-exchange-00.txt
> (I will send it today to IETF secretariat).

Correct me if I'm wrong, but if I'm reading this correctly, the server is
required to have a certificate.  (IMHO, you need an overview section in
this draft that describes in general how your protocol works.)  One of the
advantages of PAX is that a certificate is only used if identity
protection or provisioning is being done.  The rest of the time, it is
purely symmetric.

> >With respect to simplicity, something that both PSK and PAX try to achieve
> >is avoid using redundant, extensible APIs.
>
> Sorry, but I didn't understand what do you mean by that :s

For example, EAP, TLS, and krb5 are all authentication protocols.  They
all allow authentication using a miriad of methods and ciphersuites.  Why
use two or three stacked on top of each other when one is sufficient?
IMHO, for simple, secure methods you only need one layer between the
authentication protocol and the lower levels.  Sure, we could implement
PSK over TLS over EAP, but why overcomplicate things?

[ t. charles clancy ]--[ tcc [at] umd.edu ]--[ www.cs.umd.edu/~clancy ]
[ computer science ]-----[ university of maryland | college park ]