On Mon, 10 Dec 2018, Nico Williams wrote:
There's no reason to not also add support for an augmented PAKE for road warriors. It's true that road warriors are already well-supported via PKIX user certificates
That is still missing OTP support :(
, so perhaps there's no need, but it's very little extra work to support both, augmented and non-augmented.
I'd want the PAKE method to support OTP.
(Should I be saying "balanced" instead of "non-augmented"?)
Explaining these differences on this list would be useful for me and possibly others. Paul _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec