Paul Wouters <[email protected]> wrote: > > Because I share Paul's view that the PSKs we care about are generally > > identical in both directions > > I agree here. > > > , and this use is primarily about site-to-site > > inter-company VPNs. This is note for road-warrier accesss. > > But not here. weak group PSK's for roadwarriors is a thing :(
yes, typo, "not for road-warrior" > > I would prefer that the PAKE method was not wrapped in EAP. > > Indeed. As I explained at the last IETF's presentation, it CANNOT use EAP > because then site-to-site admins cannot use it to connect two different > enterprises because none wants to reconfigure their equipment to trust > the other party's authentication infrastructure. > > EAP is not suitable to interconnect different enterprises. +1.
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
