>>>>> "Alper" == Alper Yegin <[email protected]> writes:
Alper> Hi Sam, Using EAP one-way authentication with network access
Alper> is neither the norm, nor allowed by any decent network
Alper> architecture. Whatever network allows that already has its
Alper> own security issues without compounding with any higher-layer
Alper> threats.
I agree with you.
We were basically discussing whether to permit that one-way use for
abfab.
I think we agree you SHOULD NOT deploy that way.
The question is whether you MUST NOT deploy that way.
I'm now arguing that we MUST NOT use eap without mutual.
In some ways it is a pointless argument because we already agree it is a
bad idea for network access.
It's also at least a bad idea for network access.
I'm arguing that if your network access deployment is bad then it can
make your abfab deployment worse.
To prevent that we can forbid the bad deployment from ABFAB.
I think that's desirable, but it doesn't matter much.
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
