To continue on the previous discussions about this subject (with a different subject):
a) I believe the document does not do a good job in describing where you plan to use this method in comparison to the already ongoing work on tunneled mechanisms. To quote Bernard on a previous mailing list thread (see mail thread about "Thoughts on Password-based EAP Methods" from March 2007, at http://www.ietf.org/mail-archive/web/emu/current/msg00476.html) " > I am concerned that by defining yet another password-based > authentication mechanism, " I understood that Bernard has a different opinion now and maybe his comment was influenced in other ways back then in the style of "... there we discussed tunneled methods and not password based methods in general ..." b) Assuming that bullet (a) provides a reasonable argument I believe that the suggested approach is wrong. Ciao Hannes Dan Harkins wrote: > Hello, > > There's a new I-D in the Internet-Drafts database called > draft-harkins-emu-eap-pwd-00.txt. It describes a new method > for authentication using only a password. It provides resistance > to active attack, passive attack, and dictionary attack. It > also provides forward secrecy and an authenticated key (not just > a shared key between authenticated entities). > > Please take a look and send comments to the authors. > > regards, > > Dan. > > > > _______________________________________________ > Emu mailing list > [email protected] > http://www.ietf.org/mailman/listinfo/emu > _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
