Re: [IPsec] Fw: New Version Notification for draft-smyslov-ipsecme-ikev2-null-auth-00.txt

Tue, 24 Dec 2013 14:43:09 -0800 

Hi Valery,

Thanks for posting this draft.
One quick comment: the interaction of your proposal with EAP is not clear to me, i.e. when one peer uses Null auth and the other uses EAP. There are cases where this should be forbidden (e.g. MSCHAP, where the unauthenticated peer can mount a dictionary attack) and other cases where this is OK. Specifically, for the methods listed as "safe" in Sec. 4 of RFC 5998, I believe this use would be secure. 

Happy holidays!

        Yaron

On 12/24/2013 03:47 PM, Valery Smyslov wrote:

Hi all,

I've just posted a draft, defining NULL Authentication method in IKEv2.
This method may be used for anonymous access or in situations,
when peers don't have any trust relationship, but still want
to get protection at least against passive attacks.

Regards,
Valery.


----- Original Message ----- From: <[email protected]>
To: "Valery Smyslov" <[email protected]>; "Valery Smyslov" <[email protected]>
Sent: Tuesday, December 24, 2013 5:40 PM
Subject: New Version Notification for
draft-smyslov-ipsecme-ikev2-null-auth-00.txt



A new version of I-D, draft-smyslov-ipsecme-ikev2-null-auth-00.txt
has been successfully submitted by Valery Smyslov and posted to the
IETF repository.

Name: draft-smyslov-ipsecme-ikev2-null-auth
Revision: 00
Title: The NULL Authentication Method in IKEv2 Protocol
Document date: 2013-12-24
Group: Individual Submission
Pages: 8
URL:
http://www.ietf.org/internet-drafts/draft-smyslov-ipsecme-ikev2-null-auth-00.txt

Status:
https://datatracker.ietf.org/doc/draft-smyslov-ipsecme-ikev2-null-auth/
Htmlized:
http://tools.ietf.org/html/draft-smyslov-ipsecme-ikev2-null-auth-00


Abstract:
   This document defines the NULL Authentication Method for IKEv2
   Protocol.  This method provides a way to omit peer authentication in
   IKEv2 and to explicitely indicate it in the protocol run.  This
   method may be used to preserve anonymity or in situations, where no
   trust relationship exists between the parties.




Please note that it may take a couple of minutes from the time of
submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat

_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec

_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to