Re: [Emu] new I-D on password-authenticated EAP method

To: Dan Harkins <dharkins at lounge.org>
Subject: Re: [Emu] new I-D on password-authenticated EAP method
From: Hannes Tschofenig <Hannes.Tschofenig at gmx.net>
Date: Tue, 11 Mar 2008 22:49:31 +0200
Cc: emu at ietf.org
Delivered-to: ietfarch-emu-web-archive at core3.amsl.com
Delivered-to: emu at core3.amsl.com
In-reply-to: <02eba29ca4fd7f3cd1daa18be2c0466f.squirrel at www.trepanning.net>
List-archive: <http://www.ietf.org/pipermail/emu>
List-help: <mailto:emu-request@ietf.org?subject=help>
List-id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-post: <mailto:emu@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
References: <27382.216.31.249.246.1202512996.squirrel at www.trepanning.net> <47D6B516.4020100 at gmx.net> <02eba29ca4fd7f3cd1daa18be2c0466f.squirrel at www.trepanning.net>
Sender: emu-bounces at ietf.org
User-agent: Thunderbird 2.0.0.12 (Windows/20080213)

Let's assume for the moment that there are good deployment reasons why 
you want to use a password based authentication method without running 
it in combination with pk-based server side authentication then TLS-SRP 
dumped into EAP would be my choice.
The reasons are:
* already specified and analysed quite well
* implementations available.

I am going to ask around whether someone could write a quick 
implementation to see how long it takes.

Ciao
Hannes


Dan Harkins wrote:

>> To continue on the previous discussions about this subject (with a
>> different subject):
>>
>> a) I believe the document does not do a good job in describing where you
>> plan to use this method in comparison to the already ongoing work on
>> tunneled mechanisms.
>>
>> To quote Bernard on a previous mailing list thread (see mail thread
>> about "Thoughts on Password-based EAP Methods" from March 2007, at
>> http://www.ietf.org/mail-archive/web/emu/current/msg00476.html)
>> "
>>  > I am concerned that by defining yet another password-based
>>  > authentication mechanism,
>>
>> "
>>
>> I understood that Bernard has a different opinion now and maybe his
>> comment was influenced in other ways back then in the style of
>> "... there we discussed tunneled methods and not password based methods in
>> general ..."
>>
>>
>> b) Assuming that bullet (a) provides a reasonable argument I believe
>> that the suggested approach is wrong.
>>
>> Ciao
>> Hannes
>>
>> Dan Harkins wrote:
>>     
>>>   Hello,
>>>
>>>   There's a new I-D in the Internet-Drafts database called
>>> draft-harkins-emu-eap-pwd-00.txt. It describes a new method
>>> for authentication using only a password. It provides resistance
>>> to active attack, passive attack, and dictionary attack. It
>>> also provides forward secrecy and an authenticated key (not just
>>> a shared key between authenticated entities).
>>>
>>>   Please take a look and send comments to the authors.
>>>
>>>   regards,
>>>
>>>   Dan.
>>>
>>>
>>>
>>> _______________________________________________
>>> Emu mailing list
>>> Emu at ietf.org
>>> http://www.ietf.org/mailman/listinfo/emu
>>>
>>>       
>>     
>
>   

_______________________________________________
Emu mailing list
Emu at ietf.org
https://www.ietf.org/mailman/listinfo/emu

References:
- [Emu] new I-D on password-authenticated EAP method
  - From: Dan Harkins
- Re: [Emu] new I-D on password-authenticated EAP method
  - From: Hannes Tschofenig
- Re: [Emu] new I-D on password-authenticated EAP method
  - From: Dan Harkins

Prev by Date: Re: [Emu] new I-D on password-authenticated EAP method
Next by Date: Re: [Emu] Last Call: draft-funk-eap-ttls-v0 (EAP Tunneled TLS Authentication Protocol Version 0 (EAP-TTLSv0)) to Informational RFC
Previous by thread: Re: [Emu] new I-D on password-authenticated EAP method
Next by thread: Re: [Emu] EMU charter revision
Index(es):
- Date
- Thread

Re: [Emu] new I-D on password-authenticated EAP method

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.