RE: [Emu] Thoughts on Password-based EAP Methods

To: "Bernard Aboba" <bernard_aboba at hotmail.com>, <emu at ietf.org>
Subject: RE: [Emu] Thoughts on Password-based EAP Methods
From: "Joseph Salowey \(jsalowey\)" <jsalowey at cisco.com>
Date: Mon, 2 Apr 2007 12:35:42 -0700
Authentication-results: sj-dkim-5; header.From=jsalowey@cisco.com; dkim=pass ( sig from cisco.com/sjdkim5002 verified; );
Cc:
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=2679; t=1175542550; x=1176406550; c=relaxed/simple; s=sjdkim5002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jsalowey@cisco.com; z=From:=20=22Joseph=20Salowey=20\(jsalowey\)=22=20<jsalowey@cisco.com> |Subject:=20RE=3A=20[Emu]=20Thoughts=20on=20Password-based=20EAP=20Method s |Sender:=20; bh=2CzTpE8qZnDesVDIQEygwg8p7DBwWj60X6o5e534SdE=; b=aYOHJfOvHOWiNDYvHeiODfUJDgN9v6p40ojEMFiZ7fbRCD76JRLekyJW/dW/vCzjbOjG0sE/ d++/g3nALYEWzGqjZ7DuQvS+Hz/dE1nLjr+TiejRS7Q089MuEC6dljKP;
In-reply-to: <BAY117-F26744523DE68F69D417DE7936E0@phx.gbl>
List-archive: <http://www1.ietf.org/pipermail/emu>
List-help: <mailto:emu-request@ietf.org?subject=help>
List-id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-post: <mailto:emu@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
Thread-index: AcdwgbyDI98ve6UoRfCi/RnvnE2MHAE2mL2Q
Thread-topic: [Emu] Thoughts on Password-based EAP Methods

I'm not sure that adding yet another version to TTLS specifically for
supporting passwords will make things better for customers.  Multiple
versions certainly has caused quite a confusion in PEAP.    

> -----Original Message-----
> From: Bernard Aboba [mailto:bernard_aboba at hotmail.com] 
> Sent: Tuesday, March 27, 2007 8:07 AM
> To: emu at ietf.org
> Subject: [Emu] Thoughts on Password-based EAP Methods
> 
> After listening to the IETF 68 presentation on a 
> password-based EAP method, I would like to voice some concerns.
> 
> Today we already have an "over abundance" of such methods.  
> These include 
> PEAPv0, PEAPv1, EAP-TTLSv0, EAP-TTLSv1, and EAP-FAST.   In my 
> discussions 
> with customers, I invariably hear complaints about this 
> explosion, and about various interoperability and 
> compatibility problems that it causes.  Simply put, customers 
> do not want "yet another password-based EAP method";  they 
> want a single method that is widely implemented and interoperable.
> 
> I am concerned that by defining yet another password-based 
> authentication 
> mechanism, EMU WG will be making this problem worse, not 
> better.   Creating 
> yet another mechanism which differs little from the existing 
> ones also seems to have very little chance of being implemented.
> 
> There is a better alternative that EMU WG should consider. 
> This is to choose an existing method for inclusion on the 
> IETF Standards Track, rather than creating a new one.  In 
> order to maintain backward compatibility, this would require 
> that the owners give up change control to the IETF.
> 
> I would suggest that the best candidate for this would be 
> EAP-TTLSv0, since it is very widely implemented, and has an 
> existing certification program in 
> WFA.   Also, EAP-TTLSv0 had previously been on the Standards 
> Track in the 
> PPPEXT WG, before work on EAP methods was removed from the 
> PPPEXT WG charter and the EAP WG was formed.
> 
> In terms of steps to be taken, this would require the 
> following actions:
> 
> a. Review and publication of the existing EAP-TTLSv0 
> specification as an RFC.  The goal here would be to document 
> EAP-TTLSv0 as it exists today.
> 
> b. Agreement by the authors to give up change control to the IETF.
> 
> c. EMU WG efforts to publish an EAP-TTLSv0 "bis" document, 
> specifying additional capabilities (such as Channel Bindings).
> 
> 
> 
> _______________________________________________
> Emu mailing list
> Emu at ietf.org
> https://www1.ietf.org/mailman/listinfo/emu
> 

_______________________________________________
Emu mailing list
Emu at ietf.org
https://www1.ietf.org/mailman/listinfo/emu

Follow-Ups:
- RE: [Emu] Thoughts on Password-based EAP Methods
  - From: Ryan Hurst

References:
- [Emu] Thoughts on Password-based EAP Methods
  - From: Bernard Aboba

Prev by Date: [Emu] Re: Looking for WG input: Password based method requirements
Next by Date: RE: [Emu] Thoughts on Password-based EAP Methods
Previous by thread: RE: [Emu] Thoughts on Password-based EAP Methods
Next by thread: RE: [Emu] Thoughts on Password-based EAP Methods
Index(es):
- Date
- Thread

RE: [Emu] Thoughts on Password-based EAP Methods

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.