Re: [IPsec] #188: Explicit list of allowed EAP methods]
"Alper Yegin" <alper.yegin@yegin.org> Wed, 14 April 2010 06:48 UTC
Return-Path: <alper.yegin@yegin.org>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 826D83A6BAD for <ipsec@core3.amsl.com>; Tue, 13 Apr 2010 23:48:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.15
X-Spam-Level:
X-Spam-Status: No, score=-1.15 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MSGID_MULTIPLE_AT=1.449]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hDlVh6qlLRom for <ipsec@core3.amsl.com>; Tue, 13 Apr 2010 23:48:48 -0700 (PDT)
Received: from mout.perfora.net (mout.perfora.net [74.208.4.194]) by core3.amsl.com (Postfix) with ESMTP id A5D9E3A6BAB for <ipsec@ietf.org>; Tue, 13 Apr 2010 23:48:48 -0700 (PDT)
Received: from ibm (dsl88-247-34762.ttnet.net.tr [88.247.135.202]) by mrelay.perfora.net (node=mrus1) with ESMTP (Nemesis) id 0Me9Ic-1NqLXR1XWY-00PSWs; Wed, 14 Apr 2010 02:48:39 -0400
From: Alper Yegin <alper.yegin@yegin.org>
To: 'Paul Hoffman' <paul.hoffman@vpnc.org>, 'Yaron Sheffer' <yaronf.ietf@gmail.com>, ipsec@ietf.org
References: <1271063569.21796.13.camel@yaronf-linux> <1271086498.24999.0.camel@yaronf-linux> <p06240808c7e8ef1ac0f5@[10.20.30.163]>
In-Reply-To: <p06240808c7e8ef1ac0f5@[10.20.30.163]>
Date: Wed, 14 Apr 2010 09:48:27 +0300
Message-ID: <02f201cadb9e$803086a0$809193e0$@yegin>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcraVrrU0/l1O8P5RxO+WORXfpo+eQBR6BFQ
Content-Language: en-us
X-Provags-ID: V01U2FsdGVkX1/Xqu/k6kYHl1/g2sB0bqq6vjCDaHt7Br5zdAa xUYE9uGkkcxxBofoDGplJReuDOkU26NuJ9S1u4k86Qd1I5gH0y YG8LEUPmbz6Ymzsg/T0VwOF4+n4qJSU
Subject: Re: [IPsec] #188: Explicit list of allowed EAP methods]
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Apr 2010 06:48:49 -0000
> At 6:34 PM +0300 4/12/10, Yaron Sheffer wrote: > >there was some off-line discussion on whether the mutual-EAP auth > draft > >should explicitly list the EAP methods that work, securely, with this > >extension. I now tend to say no, and to remove this list (and IANA > >registry) from the next document rev. > > The list is not just "methods we like" but also "methods that are known > to have the properties that are required to be safe here, because some > other methods don't have those properties". > > A different proposal would be to leave the list in as "the authors > think that these methods (and likely others) should be considered as > safe", but not to have the IANA registry, letting developers pick what > to include (including known-unsafe ones). Or, just list the required "properties", and name some methods as examples. Alper > > --Paul Hoffman, Director > --VPN Consortium > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec
- [IPsec] #188: Explicit list of allowed EAP method… Yaron Sheffer
- Re: [IPsec] #188: Explicit list of allowed EAP me… Paul Hoffman
- Re: [IPsec] #188: Explicit list of allowed EAP me… Alper Yegin