IETF Logo Mail Archive

Re: [Emu] review of draft-ietf-emu-eaptunnel-req-04

Yaron Sheffer <yaronf@checkpoint.com> Thu, 04 March 2010 06:16 UTC

Return-Path: <yaronf@checkpoint.com>
X-Original-To: emu@core3.amsl.com
Delivered-To: emu@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 937D23A8A0A for <emu@core3.amsl.com>; Wed, 3 Mar 2010 22:16:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.404
X-Spam-Level:
X-Spam-Status: No, score=-3.404 tagged_above=-999 required=5 tests=[AWL=0.195, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v-+mqh2T4ziq for <emu@core3.amsl.com>; Wed, 3 Mar 2010 22:16:05 -0800 (PST)
Received: from michael.checkpoint.com (michael.checkpoint.com [194.29.32.68]) by core3.amsl.com (Postfix) with ESMTP id 18E0128C22C for <emu@ietf.org>; Wed, 3 Mar 2010 22:16:02 -0800 (PST)
Received: from il-ex01.ad.checkpoint.com (il-ex01.checkpoint.com [194.29.34.26]) by michael.checkpoint.com (8.12.10+Sun/8.12.10) with ESMTP id o246G3sd004845 for <emu@ietf.org>; Thu, 4 Mar 2010 08:16:03 +0200 (IST)
X-CheckPoint: {4B8F4EDA-0-1B201DC2-2FFFF}
Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([126.0.0.2]) with mapi; Thu, 4 Mar 2010 08:16:23 +0200
From: Yaron Sheffer <yaronf@checkpoint.com>
To: "emu@ietf.org" <emu@ietf.org>
Date: Thu, 04 Mar 2010 08:16:00 +0200
Thread-Topic: [Emu] review of draft-ietf-emu-eaptunnel-req-04
Thread-Index: Acq7T/TYjbDrG1gjQ/ybWk9h2vA4aQAEURmA
Message-ID: <7F9A6D26EB51614FBF9F81C0DA4CFEC801BE05CB5865@il-ex01.ad.checkpoint.com>
References: <mailman.918.1267675512.4805.emu@ietf.org>
In-Reply-To: <mailman.918.1267675512.4805.emu@ietf.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [Emu] review of draft-ietf-emu-eaptunnel-req-04
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/emu>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Mar 2010 06:16:09 -0000

Joe, what Dan is proposing is a reasonable way to use a one-time password for the initial provisioning of a trust anchor. Initial provisioning is important for many types of deployments. Does the document allow an alternative secure way to do that?

Dan, I suspect that for this specific use case (one time use, no need for confidentiality), resistance against dictionary attack is not very important. So EAP-GPSK inside the tunnel will do just as well.

Thanks,
	Yaron

> Date: Wed, 3 Mar 2010 20:05:09 -0800
> From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
> Subject: Re: [Emu] review of draft-ietf-emu-eaptunnel-req-04
> To: "Dan Harkins" <dharkins@lounge.org>,	"Hoeper Katrin-QWKN37"
> 	<khoeper@motorola.com>
> Cc: emu@ietf.org
> Message-ID:
> 	<AC1CFD94F59A264488DC2BEC3E890DE509BD3EBA@xmb-sjc-
> 225.amer.cisco.com>
> Content-Type: text/plain;	charset="us-ascii"
> 
> Hi Dan,
> 
> The document currently states anonymous cipher suites MUST NOT be
> mandatory to implement for the tunnel method.  I think the is the
> appropriate stance for the document to take for the base tunnel method.
> I also do not think this prevents a follow-on specification defining
> how
> to use anonymous tunnel securely.
> 
> Cheers,
> 
> Joe
>

v2.23.0 | Report a Bug | By Email