IETF Logo Mail Archive

Re: [IPsec] [Cfrg] Beginning discussion on secure password-only authentication for IKEv2

Yaron Sheffer <yaronf@checkpoint.com> Tue, 02 March 2010 18:32 UTC

Return-Path: <yaronf@checkpoint.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B0AF428C24F; Tue, 2 Mar 2010 10:32:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.224
X-Spam-Level:
X-Spam-Status: No, score=-3.224 tagged_above=-999 required=5 tests=[AWL=-0.376, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, SARE_OBFU_ALL=0.751]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wPY15aAUdP9t; Tue, 2 Mar 2010 10:32:22 -0800 (PST)
Received: from michael.checkpoint.com (michael.checkpoint.com [194.29.32.68]) by core3.amsl.com (Postfix) with ESMTP id 82BF828C0FE; Tue, 2 Mar 2010 10:32:21 -0800 (PST)
Received: from il-ex01.ad.checkpoint.com (il-ex01.checkpoint.com [194.29.34.26]) by michael.checkpoint.com (8.12.10+Sun/8.12.10) with ESMTP id o22IW9sd002480; Tue, 2 Mar 2010 20:32:09 +0200 (IST)
X-CheckPoint: {4B8D5870-1-1B201DC2-2FFFF}
Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([126.0.0.2]) with mapi; Tue, 2 Mar 2010 20:32:28 +0200
From: Yaron Sheffer <yaronf@checkpoint.com>
To: "Steven M. Bellovin" <smb@cs.columbia.edu>, "Blumenthal, Uri - 0662 - MITLL" <uri@ll.mit.edu>
Date: Tue, 02 Mar 2010 20:32:26 +0200
Thread-Topic: [IPsec] [Cfrg] Beginning discussion on secure password-only authentication for IKEv2
Thread-Index: Acq6NQxHgW1YgMkHQeSj7dEu3kOOlQAAN4DQ
Message-ID: <7F9A6D26EB51614FBF9F81C0DA4CFEC801BE05CB56D0@il-ex01.ad.checkpoint.com>
References: <20100302180343.A31EE28C1FC@core3.amsl.com> <20100302131944.303e2615@yellowstone.machshav.com>
In-Reply-To: <20100302131944.303e2615@yellowstone.machshav.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "'ipsec@ietf.org'" <ipsec@ietf.org>, "'Hannes.Tschofenig@gmx.net'" <Hannes.Tschofenig@gmx.net>, "'cfrg@irtf.org'" <cfrg@irtf.org>, "'paul.hoffman@vpnc.org'" <paul.hoffman@vpnc.org>
Subject: Re: [IPsec] [Cfrg] Beginning discussion on secure password-only authentication for IKEv2
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Mar 2010 18:32:25 -0000

Whether or not the EKE patent is broad enough, if you search the IPR repository for RFC 2945 (SRP), you will find out that more than one company is happy to post an IPR warning related to SRP. This of course does not prove anything - they're just saying that their patents "might apply". BTW, I also believe the EKE patent expires 10/2011.

Thanks,
	Yaron

> -----Original Message-----
> From: ipsec-bounces@ietf.org [mailto:ipsec-bounces@ietf.org] On Behalf
> Of Steven M. Bellovin
> Sent: Tuesday, March 02, 2010 20:20
> To: Blumenthal, Uri - 0662 - MITLL
> Cc: 'ipsec@ietf.org'; 'Hannes.Tschofenig@gmx.net'; 'cfrg@irtf.org';
> 'paul.hoffman@vpnc.org'
> Subject: Re: [IPsec] [Cfrg] Beginning discussion on secure password-
> only authentication for IKEv2
> 
> On Tue, 2 Mar 2010 13:03:40 -0500
> "Blumenthal, Uri - 0662 - MITLL" <uri@ll.mit.edu> wrote:
> 
> > I see value in adding a simpler-than-EAP method, and support this
> > effort. But overall it's an extremely difficult task because of IPR.
> >
> > I personally would hate to see a patent-encumbered solution - and
> > that would disqualify EKE and PAK outright (both held by
> > Alcatel-Lucent, AFAIK). SRP would be the only acceptable (from IPR
> > point of view) candidate that I'm aware of.
> 
> Note that the EKE patent expires in October 2011.  (At least I think it
> does; it was filed in October 1991.)  Depending on when you expect
> implementations to appear-- and given how long it takes to produce
> standards-track documents in the IETF -- it might not be a problem.
> 
> > I've been told that EKE
> > patent is written so broadly that it could cover SRP as well -
> > somebody more knowledgeable should comment on this.
> >
> I've been told that, too, but since I haven't worked for the patent
> assignee for almost 13 years, I've never felt any need to (go through
> the non-trivial amount of work necessary to) come to my own
> conclusions.
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec
> 
> Scanned by Check Point Total Security Gateway.

v2.23.0 | Report a Bug | By Email