RE: [Emu] Thoughts on Password-based EAP Methods

To: "Ryan Hurst" <Ryan.Hurst at microsoft.com>, "Joseph Salowey \(jsalowey\)" <jsalowey at cisco.com>, "Bernard Aboba" <bernard_aboba at hotmail.com>, <emu at ietf.org>
Subject: RE: [Emu] Thoughts on Password-based EAP Methods
From: "Hao Zhou \(hzhou\)" <hzhou at cisco.com>
Date: Mon, 2 Apr 2007 17:33:22 -0400
Authentication-results: rtp-dkim-2; header.From=hzhou@cisco.com; dkim=pass ( sig from cisco.com/rtpdkim2001 verified; );
Cc:
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=4325; t=1175549618; x=1176413618; c=relaxed/simple; s=rtpdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=hzhou@cisco.com; z=From:=20=22Hao=20Zhou=20\(hzhou\)=22=20<hzhou@cisco.com> |Subject:=20RE=3A=20[Emu]=20Thoughts=20on=20Password-based=20EAP=20Method s |Sender:=20 |To:=20=22Ryan=20Hurst=22=20<Ryan.Hurst@microsoft.com>, =0A=20=20=20=20=20 =20=20=20=22Joseph=20Salowey=20\(jsalowey\)=22=20<jsalowey@cisco.com>, =0A= 20=20=20=20=20=20=20=20=22Bernard=20Aboba=22=20<bernard_aboba@hotmail.com> ,=20<emu@ietf.org>; bh=y6M0Ja+XYVRq7XnQo/ac4XucS3T6r/vZ2+irzExLrOM=; b=wSh1rTJO407wR54a1zfLZ9z0NM3qeU+4COXzdXT/uf83g+pLQeI9fnWofX8ln1q2G0xp0JEQ HNP0aJUlELHtD1PPhrr+8cUjs0wEkvS9hM1THsaEvKy9a7Ft7cTeQ5AT;
In-reply-to: <5F3AAFB2FEC5ED4AA6DE79A3E0B47D8004ADDE24@WIN-MSG-21.wingroup.windeploy.ntdev.microsoft.com>
List-archive: <http://www1.ietf.org/pipermail/emu>
List-help: <mailto:emu-request@ietf.org?subject=help>
List-id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-post: <mailto:emu@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
References: <BAY117-F26744523DE68F69D417DE7936E0@phx.gbl><AC1CFD94F59A264488DC2BEC3E890DE503862B41@xmb-sjc-225.amer.cisco.com> <5F3AAFB2FEC5ED4AA6DE79A3E0B47D8004ADDE24@WIN-MSG-21.wingroup.windeploy.ntdev.microsoft.com>
Thread-index: AcdwgbyDI98ve6UoRfCi/RnvnE2MHAE2mL2QAADg76AAASqTcA==
Thread-topic: [Emu] Thoughts on Password-based EAP Methods

What is the difference between defining a new method vs. a new version
of the existing EAP method that is  not backward compatible? I don't see
how the implementation issue will go away. Some one still needs to
implement it and customers need to deploy it. Might be more confusing to
define another version of TTLS, as there are two version defined
already, version 0 and 1. It seems to me much cleaner to start from a
standard based EAP method handling password-only, and gradually
extending it over time.

> -----Original Message-----
> From: Ryan Hurst [mailto:Ryan.Hurst at microsoft.com] 
> Sent: Monday, April 02, 2007 3:48 PM
> To: Joseph Salowey (jsalowey); Bernard Aboba; emu at ietf.org
> Subject: RE: [Emu] Thoughts on Password-based EAP Methods
> 
> I believe there were many issues with how PEAP progressed, if 
> we are careful we could prevent the same things from 
> happening with TTLS.
> 
> Ryan
> 
> -----Original Message-----
> From: Joseph Salowey (jsalowey) [mailto:jsalowey at cisco.com]
> Sent: Monday, April 02, 2007 12:36 PM
> To: Bernard Aboba; emu at ietf.org
> Subject: RE: [Emu] Thoughts on Password-based EAP Methods
> 
> I'm not sure that adding yet another version to TTLS 
> specifically for supporting passwords will make things better 
> for customers.  Multiple
> versions certainly has caused quite a confusion in PEAP.    
> 
> > -----Original Message-----
> > From: Bernard Aboba [mailto:bernard_aboba at hotmail.com]
> > Sent: Tuesday, March 27, 2007 8:07 AM
> > To: emu at ietf.org
> > Subject: [Emu] Thoughts on Password-based EAP Methods
> > 
> > After listening to the IETF 68 presentation on a password-based EAP 
> > method, I would like to voice some concerns.
> > 
> > Today we already have an "over abundance" of such methods.  
> > These include 
> > PEAPv0, PEAPv1, EAP-TTLSv0, EAP-TTLSv1, and EAP-FAST.   In my 
> > discussions
> > with customers, I invariably hear complaints about this 
> explosion, and 
> > about various interoperability and compatibility problems that it 
> > causes.  Simply put, customers do not want "yet another 
> password-based 
> > EAP method";  they want a single method that is widely 
> implemented and 
> > interoperable.
> > 
> > I am concerned that by defining yet another password-based 
> > authentication mechanism, EMU WG will be making this problem worse, 
> > not
> > better.   Creating 
> > yet another mechanism which differs little from the 
> existing ones also 
> > seems to have very little chance of being implemented.
> > 
> > There is a better alternative that EMU WG should consider. 
> > This is to choose an existing method for inclusion on the IETF 
> > Standards Track, rather than creating a new one.  In order 
> to maintain 
> > backward compatibility, this would require that the owners give up 
> > change control to the IETF.
> > 
> > I would suggest that the best candidate for this would be 
> EAP-TTLSv0, 
> > since it is very widely implemented, and has an existing 
> certification 
> > program in
> > WFA.   Also, EAP-TTLSv0 had previously been on the Standards 
> > Track in the
> > PPPEXT WG, before work on EAP methods was removed from the 
> PPPEXT WG 
> > charter and the EAP WG was formed.
> > 
> > In terms of steps to be taken, this would require the following 
> > actions:
> > 
> > a. Review and publication of the existing EAP-TTLSv0 
> specification as 
> > an RFC.  The goal here would be to document EAP-TTLSv0 as it exists 
> > today.
> > 
> > b. Agreement by the authors to give up change control to the IETF.
> > 
> > c. EMU WG efforts to publish an EAP-TTLSv0 "bis" document, 
> specifying 
> > additional capabilities (such as Channel Bindings).
> > 
> > 
> > 
> > _______________________________________________
> > Emu mailing list
> > Emu at ietf.org
> > https://www1.ietf.org/mailman/listinfo/emu
> > 
> 
> _______________________________________________
> Emu mailing list
> Emu at ietf.org
> https://www1.ietf.org/mailman/listinfo/emu
> 
> _______________________________________________
> Emu mailing list
> Emu at ietf.org
> https://www1.ietf.org/mailman/listinfo/emu
> 

_______________________________________________
Emu mailing list
Emu at ietf.org
https://www1.ietf.org/mailman/listinfo/emu

References:
- [Emu] Thoughts on Password-based EAP Methods
  - From: Bernard Aboba
- RE: [Emu] Thoughts on Password-based EAP Methods
  - From: Joseph Salowey \(jsalowey\)
- RE: [Emu] Thoughts on Password-based EAP Methods
  - From: Ryan Hurst

Prev by Date: RE: [Emu] Thoughts on Password-based EAP Methods
Next by Date: [Emu] Re: Thoughts on Password-based EAP Methods
Previous by thread: RE: [Emu] Thoughts on Password-based EAP Methods
Next by thread: RE: [Emu] Thoughts on Password-based EAP Methods
Index(es):
- Date
- Thread

RE: [Emu] Thoughts on Password-based EAP Methods

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.