On the contrary, I would like to see no notion of "clients", "hosts", and "gateways" at all. There is no reason why this technique could not be used in any of the use cases in IKEv2.
And such a statement certainly does not belong in a document that supposedly deals with criteria upon which a selection will be made. Dan. On Thu, March 25, 2010 4:40 pm, Kaz Kobara wrote: > Hi Yaron > >> draft-sheffer-ipsecme-pake-criteria-02.txt says in Page 4 >> "This document is limited to the use of password-based authentication to >> achieve trust between gateways" > > I would like to make sure that > "gateway" in this document does not encompass VPN clients and hosts, > right? > > Kaz > >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] On Behalf >> Of >> Yaron Sheffer >> Sent: Friday, March 26, 2010 3:31 AM >> To: SeongHan Shin >> Cc: IPsecme WG; Kazukuni Kobara >> Subject: Re: [IPsec] New PAKE Criteria draft posted >> >> Hi Shin, >> >> Yes. For the typical remote access VPN, EAP is typically more useful. >> Note that there is still need for strong password-based mutual >> authentication EAP methods - but their home is the EMU working group. >> >> In addition, the IPsecME has another charter item designed to fit such >> EAP methods (such as the future EAP-AugPAKE :-) into IKEv2. >> >> Please see again the group's charter, >> http://tools.ietf.org/wg/ipsecme/charters. >> >> Thanks, >> Yaron >> >> On 25.3.2010 20:07, SeongHan Shin wrote: >> > Dear Yaron Sheffer, >> > >> > I have one question about the draft. >> > >> > draft-sheffer-ipsecme-pake-criteria-02.txt says in Page 4 >> > "This document is limited to the use of password-based authentication >> to >> > achieve trust between gateways" >> > >> > Is this a consensus of this WG? >> > >> > Best regards, >> > Shin >> > >> > On Thu, Mar 25, 2010 at 3:46 PM, Yaron Sheffer <[email protected] >> > <mailto:[email protected]>> wrote: >> > >> > Hi, >> > >> > after the good discussion in Anaheim, and with the help of >> comments >> > received on and off the list, I have updated the PAKE Criteria >> draft >> > and posted it as >> > >> http://www.ietf.org/id/draft-sheffer-ipsecme-pake-criteria-02.txt. >> > >> > I have added a number of criteria, clarified others, and added >> > numbering (SEC1-SEC6, IPR1-IPR3 etc.). >> > >> > Thanks, >> > Yaron >> > _______________________________________________ >> > IPsec mailing list >> > [email protected] <mailto:[email protected]> >> > https://www.ietf.org/mailman/listinfo/ipsec >> > >> > >> > >> > >> > -- >> > ------------------------------------------------------------------ >> > SeongHan Shin >> > Research Center for Information Security (RCIS), >> > National Institute of Advanced Industrial Science and Technology >> (AIST), >> > Room no. 1003, Akihabara Daibiru 10F, >> > 1-18-13, Sotokannda, Chiyoda-ku, Tokyo 101-0021 Japan >> > Tel : +81-3-5298-2722 >> > Fax : +81-3-5298-4522 >> > E-mail : [email protected] <mailto:[email protected]> >> > ------------------------------------------------------------------ >> _______________________________________________ >> IPsec mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/ipsec > > > _______________________________________________ > IPsec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ipsec > _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
