Joe, what Dan is proposing is a reasonable way to use a one-time password for
the initial provisioning of a trust anchor. Initial provisioning is important
for many types of deployments. Does the document allow an alternative secure
way to do that?
Dan, I suspect that for this specific use case (one time use, no need for
confidentiality), resistance against dictionary attack is not very important.
So EAP-GPSK inside the tunnel will do just as well.
Thanks,
Yaron
> Date: Wed, 3 Mar 2010 20:05:09 -0800
> From: "Joseph Salowey (jsalowey)" <[email protected]>
> Subject: Re: [Emu] review of draft-ietf-emu-eaptunnel-req-04
> To: "Dan Harkins" <[email protected]>, "Hoeper Katrin-QWKN37"
> <[email protected]>
> Cc: [email protected]
> Message-ID:
> <ac1cfd94f59a264488dc2bec3e890de509bd3...@xmb-sjc-
> 225.amer.cisco.com>
> Content-Type: text/plain; charset="us-ascii"
>
> Hi Dan,
>
> The document currently states anonymous cipher suites MUST NOT be
> mandatory to implement for the tunnel method. I think the is the
> appropriate stance for the document to take for the base tunnel method.
> I also do not think this prevents a follow-on specification defining
> how
> to use anonymous tunnel securely.
>
> Cheers,
>
> Joe
>
_______________________________________________
Emu mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/emu
