Let's assume for the moment that there are good deployment reasons why you want to use a password based authentication method without running it in combination with pk-based server side authentication then TLS-SRP dumped into EAP would be my choice. The reasons are: * already specified and analysed quite well * implementations available.
I am going to ask around whether someone could write a quick implementation to see how long it takes. Ciao Hannes Dan Harkins wrote: >> To continue on the previous discussions about this subject (with a >> different subject): >> >> a) I believe the document does not do a good job in describing where you >> plan to use this method in comparison to the already ongoing work on >> tunneled mechanisms. >> >> To quote Bernard on a previous mailing list thread (see mail thread >> about "Thoughts on Password-based EAP Methods" from March 2007, at >> http://www.ietf.org/mail-archive/web/emu/current/msg00476.html) >> " >> > I am concerned that by defining yet another password-based >> > authentication mechanism, >> >> " >> >> I understood that Bernard has a different opinion now and maybe his >> comment was influenced in other ways back then in the style of >> "... there we discussed tunneled methods and not password based methods in >> general ..." >> >> >> b) Assuming that bullet (a) provides a reasonable argument I believe >> that the suggested approach is wrong. >> >> Ciao >> Hannes >> >> Dan Harkins wrote: >> >>> Hello, >>> >>> There's a new I-D in the Internet-Drafts database called >>> draft-harkins-emu-eap-pwd-00.txt. It describes a new method >>> for authentication using only a password. It provides resistance >>> to active attack, passive attack, and dictionary attack. It >>> also provides forward secrecy and an authenticated key (not just >>> a shared key between authenticated entities). >>> >>> Please take a look and send comments to the authors. >>> >>> regards, >>> >>> Dan. >>> >>> >>> >>> _______________________________________________ >>> Emu mailing list >>> [email protected] >>> http://www.ietf.org/mailman/listinfo/emu >>> >>> >> > > _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
