RE: [Emu] Thoughts on Password-based EAP Methods

To: "Joseph Salowey (jsalowey)" <jsalowey at cisco.com>, Bernard Aboba <bernard_aboba at hotmail.com>, <emu at ietf.org>
Subject: RE: [Emu] Thoughts on Password-based EAP Methods
From: Ryan Hurst <Ryan.Hurst at microsoft.com>
Date: Tue, 3 Apr 2007 09:43:22 -0700
Cc:
In-reply-to: <AC1CFD94F59A264488DC2BEC3E890DE503862E0C@xmb-sjc-225.amer.cisco.com>
List-archive: <http://www1.ietf.org/pipermail/emu>
List-help: <mailto:emu-request@ietf.org?subject=help>
List-id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-post: <mailto:emu@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
References: <BAY117-F16277E1F5B6CEF748C42AC93600@phx.gbl> <AC1CFD94F59A264488DC2BEC3E890DE503862E0C@xmb-sjc-225.amer.cisco.com>
Thread-index: Acd1eLJ4rcfb6ubPRKyrmX8KD8SaPgAiZwTAAAMeS4A=
Thread-topic: [Emu] Thoughts on Password-based EAP Methods

I can easily see how crypto-binding could be added to the protocol
without breaking backwards compatibility, eg how negotiation via
TTLSv0's extensibility model could add this in as a optional operation
that the client and server agree upon.

In general I think having a standards based, interoperable tunneling
method would be good for customers and the industry and TTLSv0 appears
clean enough, and pretty broadly adopted so using it as the basis of
work in this area looks like a good idea to me.

Ryan

-----Original Message-----
From: Joseph Salowey (jsalowey) [mailto:jsalowey at cisco.com] 
Sent: Tuesday, April 03, 2007 8:16 AM
To: Bernard Aboba; emu at ietf.org
Subject: RE: [Emu] Thoughts on Password-based EAP Methods

Some of the things that need to be fixed are fairly fundamental. For
example crypto-binding and avoiding multiple layers of negotiation are
fairly fundamental.  At this point I'm not sure that modifying TLVs is
the best way to achieve this.  It needs to be investigated.  

Joe

> -----Original Message-----
> From: Bernard Aboba [mailto:bernard_aboba at hotmail.com] 
> Sent: Monday, April 02, 2007 3:46 PM
> To: emu at ietf.org
> Subject: RE: [Emu] Thoughts on Password-based EAP Methods
> 
> >I'm not sure that adding yet another version to TTLS 
> specifically for 
> >supporting passwords will make things better for customers.  
> Multiple 
> >versions certainly has caused quite a confusion in PEAP.
> 
> I would agree that "versioning" is not a good idea.  However, 
> as I understand it, EAP-TTLSv0 is the only deployed version 
> of TTLS; v1 has never 
> been implemented.   So currently there is no versioning issue 
> with TTLS, and 
> if possible, it would be best if the IETF would not create 
> such a problem.
> 
> It is not clear to me that EAP-TTLS needs "versioning" in 
> order to enable addition of new features in a backwards 
> compatible way, since it already supports a TLV-based 
> extension mechanism.
> 
> 
> 
> _______________________________________________
> Emu mailing list
> Emu at ietf.org
> https://www1.ietf.org/mailman/listinfo/emu
> 

_______________________________________________
Emu mailing list
Emu at ietf.org
https://www1.ietf.org/mailman/listinfo/emu

_______________________________________________
Emu mailing list
Emu at ietf.org
https://www1.ietf.org/mailman/listinfo/emu

References:
- RE: [Emu] Thoughts on Password-based EAP Methods
  - From: Bernard Aboba
- RE: [Emu] Thoughts on Password-based EAP Methods
  - From: Joseph Salowey \(jsalowey\)

Prev by Date: RE: AW: [Emu] Re: Next Steps on Passwd-based EAP Methods
Next by Date: RE: [Emu] Re: Thoughts on Password-based EAP Methods
Previous by thread: RE: [Emu] Thoughts on Password-based EAP Methods
Next by thread: [Emu] Review of draft-clancy-emu-eap-shared-secret-01
Index(es):
- Date
- Thread

RE: [Emu] Thoughts on Password-based EAP Methods

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.