I am going to just use the DEX authentication for now. But moving to a
PAKE-styled authentication, given that we have a DH exchange is rather
enticing. Dragonfly may be easy to do; I did follow it in 802.11. But
maybe one of the others might be where cfrg is headed and where I should
look at?
On 07/27/2016 06:19 AM, Robert Moskowitz wrote:
I am looking at a HIT enrollment function using 5403-bis. But why
should the Registrar accept the Register. This is our basic need of
an Out-off-Band process to trust an enrollment.
So assume that some process establishes a PSK between the two
parties. Perhaps a failed enrollment that sent the phone's # that
returns an SMS message with the PSK. The enrollment then grabs that
PSK and uses a PAKE HIP parameter for authentication. This would be
stronger than what I have in DEX...
I would like to get the draft done this week, or early next week. It
is mostly written. But I need to put in the trust for the
enrollment. I can either lift what I have in DEX, or go with one of
the PAKE efforts in CFRG. But which one and how would it work in HIP
BEX/DEX?
Thanks
_______________________________________________
Hipsec mailing list
Hipsec@ietf.org
https://www.ietf.org/mailman/listinfo/hipsec
_______________________________________________
Hipsec mailing list
Hipsec@ietf.org
https://www.ietf.org/mailman/listinfo/hipsec