| Re: What about PSK with TLS and IKEv2? | <– Date –> <– Thread –> |
From: Mohamad Badra (badra inf.enst.fr)
|
|
| Date: Tue, 10 Aug 2004 12:14:19 -0400 (EDT) | |
>For example, EAP, TLS, and krb5 are all authentication protocols. They >all allow authentication using a miriad of methods and ciphersuites. Why >use two or three stacked on top of each other when one is sufficient? >IMHO, for simple, secure methods you only need one layer between the >authentication protocol and the lower levels. Sure, we could implement >PSK over TLS over EAP, but why overcomplicate things? Charles, I can't see where we overcomplicated things and how the PSK-TLS requires an independant API? The RFC 2246 defines resumed handshake so that the session can be resumed if it is still in the memory (cache). One TLS-PSK contribution requires to copy the session to the disk instead of the cache. In OpenSSL, the two functions to do that are defined and used: 1) PEM_write_SSL_SESSION(fp, session) to save session to the disk 2) PEM_read_SSL_SESSION(fp, NULL, NULL, NULL) reload from the disk So where is the overcomplicated things in that; especially where TLS is used with almost all EAP methods. Badra
-
Proposed resolution of issue 251 Pasi.Eronen, August 10 2004
-
Re: Proposed resolution of issue 251 Jari Arkko, August 10 2004
- Re: Proposed resolution of issue 251 Yoshihiro Ohba, August 10 2004
-
Re: Proposed resolution of issue 251 John Vollbrecht, August 10 2004
- Re: What about PSK with TLS and IKEv2? Mohamad Badra, August 10 2004
- Re: What about PSK with TLS and IKEv2? T. Charles Clancy, August 12 2004
- Re: What about PSK with TLS and IKEv2? Mohamad Badra, August 13 2004
- Re: What about PSK with TLS and IKEv2? T. Charles Clancy, August 15 2004
- RE: What about PSK with TLS and IKEv2? Joseph Salowey, August 16 2004
-
Re: Proposed resolution of issue 251 Jari Arkko, August 10 2004
Results generated by Tiger Technologies using MHonArc.