[IPsec] Proposed work item: EAP-only authentication in IKEv2
Yaron Sheffer <yaronf@checkpoint.com> Sun, 29 November 2009 17:22 UTC
Return-Path: <yaronf@checkpoint.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CE2E43A6970 for <ipsec@core3.amsl.com>; Sun, 29 Nov 2009 09:22:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.524
X-Spam-Level:
X-Spam-Status: No, score=-3.524 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J6j8WPv9K9JF for <ipsec@core3.amsl.com>; Sun, 29 Nov 2009 09:22:46 -0800 (PST)
Received: from michael.checkpoint.com (michael.checkpoint.com [194.29.32.68]) by core3.amsl.com (Postfix) with ESMTP id D71903A6916 for <ipsec@ietf.org>; Sun, 29 Nov 2009 09:22:44 -0800 (PST)
Received: from il-ex01.ad.checkpoint.com (localhost [127.0.0.1]) by michael.checkpoint.com (8.12.10+Sun/8.12.10) with ESMTP id nATHMbGo025794 for <ipsec@ietf.org>; Sun, 29 Nov 2009 19:22:37 +0200 (IST)
Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([126.0.0.2]) with mapi; Sun, 29 Nov 2009 19:22:43 +0200
From: Yaron Sheffer <yaronf@checkpoint.com>
To: "ipsec@ietf.org" <ipsec@ietf.org>
Date: Sun, 29 Nov 2009 19:18:31 +0200
Thread-Topic: Proposed work item: EAP-only authentication in IKEv2
Thread-Index: AcpxEw2BkfQRvohJSsu1ldV7KkNLtw==
Message-ID: <7F9A6D26EB51614FBF9F81C0DA4CFEC801BDF88E04EE@il-ex01.ad.checkpoint.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="windows-1255"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [IPsec] Proposed work item: EAP-only authentication in IKEv2
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Nov 2009 17:22:46 -0000
This draft proposes an IKEv2 extension to allow mutual EAP-based authentication in IKEv2, eliminating the need for one of the peers to present a certificate. This applies to a small number of key-generating EAP methods that allow mutual authentication. Proposed starting point: http://tools.ietf.org/id/draft-eronen-ipsec-ikev2-eap-auth-07.txt. Please reply to the list: - If this proposal is accepted as a WG work item, are you committing to review multiple versions of the draft? - Are you willing to contribute text to the draft? - Would you like to co-author it? Please also reply to the list if: - You believe this is NOT a reasonable activity for the WG to spend time on. If this is the case, please explain your position. Do not explore the fine technical details (which will change anyway, once the WG gets hold of the draft); instead explain why this is uninteresting for the WG or for the industry at large. Also, please mark the title clearly (e.g. "DES40-export in IPsec - NO!").
- [IPsec] Proposed work item: EAP-only authenticati… Yaron Sheffer
- Re: [IPsec] Proposed work item: EAP-only authenti… Dan Harkins
- Re: [IPsec] Proposed work item: EAP-only authenti… Yaron Sheffer
- Re: [IPsec] Proposed work item: EAP-only authenti… Dan Harkins
- Re: [IPsec] Proposed work item: EAP-only authenti… Martin Willi
- Re: [IPsec] Proposed work item: EAP-only authenti… Dan Harkins
- Re: [IPsec] Proposed work item: EAP-only authenti… Yaron Sheffer
- Re: [IPsec] Proposed work item: EAP-only authenti… Martin Willi
- Re: [IPsec] Proposed work item: EAP-only authenti… Michael Richardson
- Re: [IPsec] Proposed work item: EAP-only authenti… Michael Richardson
- Re: [IPsec] Proposed work item: EAP-only authenti… Yaron Sheffer
- Re: [IPsec] Proposed work item: EAP-only authenti… Dan Harkins
- Re: [IPsec] Proposed work item: EAP-only authenti… Michael Richardson
- Re: [IPsec] Proposed work item: EAP-only authenti… Dan Harkins
- Re: [IPsec] Proposed work item: EAP-only authenti… Nicolas Williams
- Re: [IPsec] Proposed work item: EAP-only authenti… Yaron Sheffer