> Joe, what Dan is proposing is a reasonable way to use a one-time password > for the initial provisioning of a trust anchor. Initial provisioning is > important for many types of deployments. Does the document allow an > alternative secure way to do that? > [Joe] Initial provisioning is not currently in the scope of the document for the base method. I agree that using anonymous cipher suites in the way Dan proposes can be used in a provisioning mechanism, however there are other ways provisioning can be achieved with or without the use of EAP.
> Dan, I suspect that for this specific use case (one time use, no need for > confidentiality), resistance against dictionary attack is not very > important. So EAP-GPSK inside the tunnel will do just as well. > > Thanks, > Yaron > > > Date: Wed, 3 Mar 2010 20:05:09 -0800 > > From: "Joseph Salowey (jsalowey)" <[email protected]> > > Subject: Re: [Emu] review of draft-ietf-emu-eaptunnel-req-04 > > To: "Dan Harkins" <[email protected]>, "Hoeper Katrin-QWKN37" > > <[email protected]> > > Cc: [email protected] > > Message-ID: > > <ac1cfd94f59a264488dc2bec3e890de509bd3...@xmb-sjc- > > 225.amer.cisco.com> > > Content-Type: text/plain; charset="us-ascii" > > > > Hi Dan, > > > > The document currently states anonymous cipher suites MUST NOT be > > mandatory to implement for the tunnel method. I think the is the > > appropriate stance for the document to take for the base tunnel method. > > I also do not think this prevents a follow-on specification defining > > how > > to use anonymous tunnel securely. > > > > Cheers, > > > > Joe > > > > _______________________________________________ > Emu mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/emu _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
