Yoav Nir writes:
This draft represents a total shirking of our responsibility. Rather
than decide on one protocol that is best or even arbitrarily
choosing one that is good enough, it proposes to build a framework
so that everyone and their dog can have their own method. This is a
nightmare
Paul Hoffman writes:
Partially yes, but unfortunately all of the authors of those actual
protocols decided that they wanted to continue publishing those drafts
as individual RFCs, and each of them used different way to negotiate
them, so there was no way to even implement multiple of them.
Yaron Sheffer writes:
Back to the matter at hand: I am opposed to
draft-kivinen-ipsecme-secure-password-framework. It has served its
purpose when two of the proposals were changed to add method
negotiation, and thus enable IKE peers to implement none, one or more of
these methods.
I support an IKEv2 ZKPP method framework. I don't understand the
controversy -- i.e., I think it's much ado about nothing.
Nico
--
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
I think this is a terrible idea.
IKEv2 has a way for mutual authentication with a shared key.
A concern was raised that this method was vulnerable to guessing if trivial
shared keys were configured.
There were several proposals for a better cryptographic method.
The IPsecME working group
hat location=off
On Jul 27, 2011, at 6:30 PM, Yoav Nir wrote:
I think this is a terrible idea.
+.5. I think is is a bad idea.
IKEv2 has a way for mutual authentication with a shared key.
A concern was raised that this method was vulnerable to guessing if trivial
shared keys were
Paul,
The existence of this draft shows a failure of YOUR leadership (and
that of your co-chairman) of the working group. Consensus was achieved
to add an authentication method based on a simple password yet you
seemingly worked to do everything possible to create division in the
working
Unfortunately Dan cannot accept that there may be objective, non
political reasons for the group not to adopt his work. Which is the
reason why three alternative proposals were published several months
after his proposed PAKE solution.
As co-chairmen of ipsecme, Paul and I did our best to get
The IESG has received a request from an individual submitter to consider
the following document:
- 'Secure Password Framework for IKEv2'
draft-kivinen-ipsecme-secure-password-framework-01.txt as an
Informational RFC
The IESG plans to make a decision in the next few weeks, and solicits
final