[SECMECH] Method work

"Salowey, Joe" <jsalowey@cisco.com> Tue, 23 August 2005 00:50 UTC

Received: from localhost.localdomain ([] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E7MzQ-0005eY-O1; Mon, 22 Aug 2005 20:50:08 -0400
Received: from odin.ietf.org ([] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E7MzO-0005eN-Ok for secmech@megatron.ietf.org; Mon, 22 Aug 2005 20:50:06 -0400
Received: from ietf-mx.ietf.org (ietf-mx []) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA07430 for <secmech@ietf.org>; Mon, 22 Aug 2005 20:50:05 -0400 (EDT)
Received: from sj-iport-4.cisco.com ([]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1E7MzO-0000hE-O8 for secmech@ietf.org; Mon, 22 Aug 2005 20:50:08 -0400
Received: from sj-core-3.cisco.com ( by sj-iport-4.cisco.com with ESMTP; 22 Aug 2005 17:49:56 -0700
Received: from E2K-SEA-XCH2.sea-alpha.cisco.com (e2k-sea-xch2.cisco.com []) by sj-core-3.cisco.com (8.12.10/8.12.6) with ESMTP id j7N0npZ1014903 for <secmech@ietf.org>; Mon, 22 Aug 2005 17:49:51 -0700 (PDT)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Date: Mon, 22 Aug 2005 17:54:45 -0700
Message-ID: <7210B31550AC934A8637D6619739CE6905C06A6B@e2k-sea-xch2.sea-alpha.cisco.com>
Thread-Topic: Method work
Thread-Index: AcWnfJKy7ng8opthRdeidrD8Zos7SA==
From: "Salowey, Joe" <jsalowey@cisco.com>
To: <secmech@ietf.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 97adf591118a232206bdb5a27b217034
Content-Transfer-Encoding: quoted-printable
Subject: [SECMECH] Method work
X-BeenThere: secmech@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Security mechanisms BOF <secmech.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/secmech>, <mailto:secmech-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/secmech>
List-Post: <mailto:secmech@lists.ietf.org>
List-Help: <mailto:secmech-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/secmech>, <mailto:secmech-request@lists.ietf.org?subject=subscribe>
Sender: secmech-bounces@lists.ietf.org
Errors-To: secmech-bounces@lists.ietf.org

I would like to identify which mechanism types there is interest in
working on.  Below is a list of various authentication methods that
people have expressed interest in having support for in EAP and other
frameworks.    It may not be the case that we need a separate mechanism
for each of these.  I'd like to know who has interest in contributing
and reviewing (please indicate either or both) specifications for each
of these mechanism types.  

1. X.509 Certificate credentials - (possible revision of EAP-TLS
(RFC2716)) - applicable to EAP, possibly applicable to GSS and SASL.
Desired by IEEE 802.11 for EAP.

2. Shared Secret - pre-shared secret method.  Applicable to EAP and GSS,
possibly SASL. Desired by IEEE 802.11 for EAP.  

3. Password based -  essentially a shared secret mechanism that provides
resistance to dictionary attacks. It should support various backend
databases of password that use different storage techniques and perhaps
support for one time tokens as well.  Could use something related to EKE
or a tunneling approach.  Applicable to EAP, GSS, and SASL. Desired by
IEEE 802.11 for EAP. 

4. Tunneling - a tunneling method is useful to protect weaker
authentication mechanisms.  Tunneling methods are also used to exchange
other types of authentication data.  Applicability EAP and GSS possibly

5. Kerberos - Something that provide for initial authentication and a
strategy for resisting dictionary attacks.  Applicable to EAP, possibly



SECMECH mailing list