It's starting to sound like existing methods, to be sure. I'm skeptical of introducing yet another form of authentication. This would add to the complexity of the overall system. To frame it in terms of a requirement, I propose that any leaf-to-leaf communication has to be done with existing (already defined) authentication methods: for instance, either certificates or pre shared key.
-geoff On 3/26/12 1:07 AM, "Yoav Nir" <[email protected]> wrote: > >On Mar 26, 2012, at 9:52 AM, Michael Richardson wrote: > >> >>>>>>> "Geoffrey" == Geoffrey Huang <[email protected]> writes: >> Geoffrey> My initial inclination is to say that won't fly: that many >> Geoffrey> deployments still require preshared key authentication. >> Geoffrey> Rather, they would object to certificates because of >> Geoffrey> perceived complexity. That said, I could see arguments >> Geoffrey> that what we're discussing are already fairly >> Geoffrey> sophisticated topologies, so perhaps the certificate >> Geoffrey> allergy doesn't hold? >> >> Tero isn't proposing using certificates. >> >> Tero is proposing that the gateway/hub provides each leaf node with a >> gateway mediated, ASN.1 encoded, scalable, asymmetric, transitive proofs >> of identity. It would be used only for the leaf to leaf connection. >> It would be retained for a convenient period of time and then destroyed. > >Not just leaf-to-leaf, but also leaf to any other node, even if it's not >a real leaf. > >This is beginning to look a lot like Kerberos, no? > >Yoav > >_______________________________________________ >IPsec mailing list >[email protected] >https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
