Yaron, This is out-of-line. We had discussions on expanding the charter to include this as a work item and there was sufficient support in the WG to add it. At the time you argued against it and suggested that EAP-only was satisfactory. Now that EAP-only has finished WGLC you now want to revisit killing this work item? I object.
For reasons that were not apparent (to me at least), the new charter said that the only draft specifying EAP-only was to be used as a starting point for the EAP-only work item but the only draft specifying how to solve the secure PSK work item was not. So the only reason this "overwhelming silence" didn't greet EAP-only was because this entire step was short circuited. There wasn't any discussion of EAP-only once it became work item-- perusing the list shows a whopping zero posts (!) on it between announcement of the -00 version and the start of WGLC (on the -02 version)-- yet no one called for its removal. I apologize for the tardiness of my post kicking off discussion on my candidate proposal but I was traveling for the past week-and-a-half and was otherwise indisposed. Hopefully this will start a discussion but if it doesn't then I would expect the same treatment of this work item as that given to EAP-only. You seem to alternate wearing your co-chairman's hat or not depending on what particular tactic you are employing but your strategy remains the same. I respectfully request that, when it comes to this work item, you decide whether to wear your WG co-chairman's hat or not and then stick to it. regards, Dan. On Mon, May 24, 2010 1:07 pm, Yaron Sheffer wrote: > Hi everyone, > > In the past we have had heated discussions on password-based auth. > Judging by the resounding silence over the last week, only the draft > authors are interested. If this is true, then the working group as a > whole is seemingly unable to work on this charter item. > > Personally, I would prefer a different outcome. But as a co-chair, I > would not hesitate to eliminate this work item if there is no community > support for it. > > Thanks, > Yaron > > On 05/17/2010 05:42 PM, Paul Hoffman wrote: >> Greetings again. This WG is chartered to "develop a standards-track >> extension to IKEv2 to allow mutual authentication based on 'weak' >> (low-entropy) shared secrets." The goal is to avoid off-line dictionary >> attacks without requiring the use of certificates or EAP. There are many >> already-developed algorithms that can be used, and the WG needs to pick >> one that both is believed to be secure and is believed to have >> acceptable intellectual property features. >> >> As we discussed earlier, each WG member needs to come up with their own >> criteria for making such a choice. Dan Harkins has proposed a set of >> guidelines that individuals might use when choosing; >> see<http://www.ietf.org/id/draft-harkins-ipsecme-pake-criteria-00.txt>. >> >> So far, three protocols have been proposed to the WG: >> >> -<http://tools.ietf.org/html/draft-harkins-ipsecme-spsk-auth> >> >> -<http://tools.ietf.org/html/draft-kuegler-ipsecme-pace-ikev2> >> >> -<http://tools.ietf.org/html/draft-sheffer-ipsecme-hush> >> >> In addition, one more draft was presented to the >> WG:<http://tools.ietf.org/html/draft-shin-augmented-pake>. However the >> Augmented PAKE draft does not specify how it would be integrated into >> IKEv2. >> >> Note that more proposals might be made as we discuss; such proposals >> will hopefully be accompanied by Internet Drafts that show both the >> crypto and how it would be integrated into IKEv2. >> >> To start off this conversation, I propose that people start threads on >> the individual drafts, saying which positive and negative criteria they >> think apply to each. I also propose that replying to this message, or >> starting a thread that is supposedly about all four proposals but only >> focuses on one, is not going to help much. Of course, the authors of the >> four drafts are welcome to say why they think their proposal meets an >> optimum set of criteria, and to clarify parts of their proposals as >> others comment. >> >> Obviously these are all initial drafts, and the WG will have ample >> opportunity to improve the selected proposal later in the process. For >> now, please focus on the relative advantages and disadvantages (based on >> your personal criteria) of each of the proposals. >> >> --Paul Hoffman, Director >> --VPN Consortium >> _______________________________________________ >> IPsec mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/ipsec > _______________________________________________ > IPsec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ipsec > _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
