Greetings again. This WG is chartered to "develop a standards-track extension to IKEv2 to allow mutual authentication based on 'weak' (low-entropy) shared secrets." The goal is to avoid off-line dictionary attacks without requiring the use of certificates or EAP. There are many already-developed algorithms that can be used, and the WG needs to pick one that both is believed to be secure and is believed to have acceptable intellectual property features.
As we discussed earlier, each WG member needs to come up with their own criteria for making such a choice. Dan Harkins has proposed a set of guidelines that individuals might use when choosing; see <http://www.ietf.org/id/draft-harkins-ipsecme-pake-criteria-00.txt>. So far, three protocols have been proposed to the WG: -<http://tools.ietf.org/html/draft-harkins-ipsecme-spsk-auth> -<http://tools.ietf.org/html/draft-kuegler-ipsecme-pace-ikev2> -<http://tools.ietf.org/html/draft-sheffer-ipsecme-hush> In addition, one more draft was presented to the WG: <http://tools.ietf.org/html/draft-shin-augmented-pake>. However the Augmented PAKE draft does not specify how it would be integrated into IKEv2. Note that more proposals might be made as we discuss; such proposals will hopefully be accompanied by Internet Drafts that show both the crypto and how it would be integrated into IKEv2. To start off this conversation, I propose that people start threads on the individual drafts, saying which positive and negative criteria they think apply to each. I also propose that replying to this message, or starting a thread that is supposedly about all four proposals but only focuses on one, is not going to help much. Of course, the authors of the four drafts are welcome to say why they think their proposal meets an optimum set of criteria, and to clarify parts of their proposals as others comment. Obviously these are all initial drafts, and the WG will have ample opportunity to improve the selected proposal later in the process. For now, please focus on the relative advantages and disadvantages (based on your personal criteria) of each of the proposals. --Paul Hoffman, Director --VPN Consortium _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
