Re: [Emu] new I-D on password-authenticated EAP method

To: Dan Harkins <dharkins at lounge.org>
Subject: Re: [Emu] new I-D on password-authenticated EAP method
From: Hannes Tschofenig <Hannes.Tschofenig at gmx.net>
Date: Tue, 11 Mar 2008 18:36:38 +0200
Cc: emu at ietf.org, eap at frascone.com
Delivered-to: ietfarch-emu-web-archive at core3.amsl.com
Delivered-to: emu at core3.amsl.com
In-reply-to: <27382.216.31.249.246.1202512996.squirrel at www.trepanning.net>
List-archive: <http://www.ietf.org/pipermail/emu>
List-help: <mailto:emu-request@ietf.org?subject=help>
List-id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-post: <mailto:emu@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
References: <27382.216.31.249.246.1202512996.squirrel at www.trepanning.net>
Sender: emu-bounces at ietf.org
User-agent: Thunderbird 2.0.0.12 (Windows/20080213)

To continue on the previous discussions about this subject (with a 
different subject):

a) I believe the document does not do a good job in describing where you 
plan to use this method in comparison to the already ongoing work on 
tunneled mechanisms.

To quote Bernard on a previous mailing list thread (see mail thread 
about "Thoughts on Password-based EAP Methods" from March 2007, at 
http://www.ietf.org/mail-archive/web/emu/current/msg00476.html)
"
 > I am concerned that by defining yet another password-based
 > authentication mechanism,

"

I understood that Bernard has a different opinion now and maybe his comment was influenced in other ways back then in the style of 
"... there we discussed tunneled methods and not password based methods in general ..." 

b) Assuming that bullet (a) provides a reasonable argument I believe 
that the suggested approach is wrong.

Ciao
Hannes

Dan Harkins wrote:
>   Hello,
>
>   There's a new I-D in the Internet-Drafts database called
> draft-harkins-emu-eap-pwd-00.txt. It describes a new method
> for authentication using only a password. It provides resistance
> to active attack, passive attack, and dictionary attack. It
> also provides forward secrecy and an authenticated key (not just
> a shared key between authenticated entities).
>
>   Please take a look and send comments to the authors.
>
>   regards,
>
>   Dan.
>
>
>
> _______________________________________________
> Emu mailing list
> Emu at ietf.org
> http://www.ietf.org/mailman/listinfo/emu
>   

_______________________________________________
Emu mailing list
Emu at ietf.org
https://www.ietf.org/mailman/listinfo/emu

Follow-Ups:
- Re: [Emu] new I-D on password-authenticated EAP method
  - From: Dan Harkins

References:
- [Emu] new I-D on password-authenticated EAP method
  - From: Dan Harkins

Prev by Date: Re: [Emu] Agenda Take 2
Next by Date: Re: [Emu] new I-D on password-authenticated EAP method
Previous by thread: [Emu] new I-D on password-authenticated EAP method
Next by thread: Re: [Emu] new I-D on password-authenticated EAP method
Index(es):
- Date
- Thread

Re: [Emu] new I-D on password-authenticated EAP method

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.