On Mon, Dec 10, 2018 at 06:00:18PM -0500, Michael Richardson wrote: > Valery Smyslov <[email protected]> wrote: > > Why do you think balanced PAKE is more appropriate for us than augmented? > > Because I share Paul's view that the PSKs we care about are generally > identical in both directions, and this use is primarily about site-to-site > inter-company VPNs. This is note for road-warrier accesss.
There's no reason to not also add support for an augmented PAKE for road warriors. It's true that road warriors are already well-supported via PKIX user certificates, so perhaps there's no need, but it's very little extra work to support both, augmented and non-augmented. (Should I be saying "balanced" instead of "non-augmented"?) > I would prefer that the PAKE method was not wrapped in EAP. +1 _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
