On Oct 18, 2012, at 2:26 AM, Dan Harkins wrote: > > Hi David, > > On Wed, October 17, 2012 11:36 am, David Brownhill (dbrownhi) wrote: >> Hi Dan, >> >> The lack or EAP authentication would be a non-starter for us to implement >> this in our remote access VPN client. Why not support EAP authentication? > > What credential are you interested in using with EAP?
I'm not David, but with remote access VPN into an enterprise network, it's usually the passwords stored on the directory they are using. These directory servers support EAP over RADIUS or DIAMETER to the VPN gateway. The PSK method in the draft requires the VPN gateway to know the password (or a hash thereof). EAP (even EAP-dragonfly) doesn't. Yoav _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
