|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: iSCSI: PAK: an alternative to SRP and DH-CHAP> So is the goal of the working group now to propose a "new and > improved" authentication method every 2 months so we can never > make forward progress... > I hope not. I simply believe that password authentication with no security against active attacks is not a good idea, and thought that I could bring a protocol that has advantages over the current alternatives. I hope that is progress. > I have no problems with having the ability to use optional > authentication methods, but we need to be VERY careful of specifying > MUST/SHOULD algorithms, and the number should be really small, > VERY well understood, and as widespread as possible. > Agreed. >>From my understaning of PAK, I don't see a way of plugging this into > a legacy RADIUS environment (I don't have the password avail at the > iSCSI endpoint, only the ability to say please authenticate this for me) > I also do not see a way to plug PAK into RADIUS. I don't believe any password authentication protocol with security against active attacks could work with RADIUS. -Phil
Home Last updated: Mon Apr 29 19:18:24 2002 9864 messages in chronological order |