ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: The Emperor Has No Clothes: Is PANA actually useful?

2006-05-26 11:18:48
from [Gray, Eric] [Permanent Link] 
For those of us that are just trying to follow this discussion,
what does the word "posture" mean in this context?

--
Eric 

--> -----Original Message-----
--> From: Narayanan, Vidya [mailto:vidyan(_at_)qualcomm(_dot_)com] 
--> Sent: Friday, May 26, 2006 2:05 PM
--> To: Sam Hartman; Bernard Aboba
--> Cc: ietf(_at_)ietf(_dot_)org
--> Subject: RE: The Emperor Has No Clothes: Is PANA actually useful?
--> 
--> > 
--> > >>>>> "Bernard" == Bernard Aboba <aboba(_at_)internaut(_dot_)com> writes:
--> > 
--> >     >> My question is more why do they need EAP in 
--> situations where
--> >     >> they are not running at the link layer than why do 
--> they want or
--> >     >> not want PANA.
--> > 
--> >     Bernard> The simple answer is that there are 
--> situations which IEEE
--> >     Bernard> 802.1X cannot handle on wired networks.  As 
--> specified,
--> >     Bernard> IEEE 802.1X is "network port control", which 
--> means that
--> >     Bernard> authorization is controllable only at the 
--> port level.  If
--> >     Bernard> there is more than one host connected to a 
--> switch port,
--> >     Bernard> then that model no longer applies.
--> > 
--> > Yeah.  I guess I wonder whether you are actually getting 
--> > network access authenticatino at that point or whether you 
--> > are getting a service that allows you to check posture.  It 
--> > seems that a service that simply allows you to check posture 
--> > should be not EAP.
--> > 
--> 
--> 
--> I fully agree. As far as I can tell, using EAP in this manner merely
--> reduces it to a posture transport protocol. The level of security
--> provided by EAPoUDP does not seem to be any greater than a
--> kerberos-based authentication done today in most enterprise 
--> networks,
--> considering the presence of switched ethernet. Hence, the 
--> only reason to
--> move to EAPoUDP would be to check posture and I agree with Sam that
--> making EAP the posture transport protocol is a bad idea. 
--> 
--> Vidya
--> 
--> 
--> > _______________________________________________
--> > Ietf mailing list
--> > Ietf(_at_)ietf(_dot_)org
--> > https://www1.ietf.org/mailman/listinfo/ietf
--> > 
--> 
--> _______________________________________________
--> Ietf mailing list
--> Ietf(_at_)ietf(_dot_)org
--> https://www1.ietf.org/mailman/listinfo/ietf
--> 

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: The Emperor Has No Clothes: Is PANA actually useful?, Narayanan, Vidya
Next by Date:  RE: The Emperor Has No Clothes: Is PANA actually useful?, Lucy E. Lynch
Previous by Thread:  Re: Kerberos, Jeffrey Hutzelman
Next by Thread:  RE: The Emperor Has No Clothes: Is PANA actually useful?, Lucy E. Lynch
Indexes:  [Date] [Thread] [Top] [All Lists]