1. August 2, 2005EAP WG, IETF 631 EAP-IKEv2 review Pasi Eronen

2. August 2, 2005EAP WG, IETF 632 Summary I like the overall approach, but the protocol is not even close to being ready yet –Many details missing –In some places it’s pretty obvious the protocol just can’t work as described

3. August 2, 2005EAP WG, IETF 633 Mostly fixed in -07 Inaccurate comparison to EAP-TLS –EAP-TLS is essentially carrying TLS messages inside EAP messages (instead of TCP) –The messages are still valid TLS messages EAP-IKEv2 is not carrying IKEv2 inside EAP –It’s a new protocol whose messages resemble IKEv2 a lot, but they’re not valid IKEv2 messages –Both syntax and semantics are different

4. August 2, 2005EAP WG, IETF 634 Examples of missing or broken things Fragmentation text assumes we can simply split message to N fragments and send them –But EAP is a “lock-step” protocol – description of how fragments are ACK’d is missing It’s not specified how authenticating both parties using a shared secret works –And no, “same way as in IKEv2” is not the right answer in this case…

5. August 2, 2005EAP WG, IETF 635 Examples of missing or broken things (cont.) Fast reconnect: 1 st message is encrypted by the server… but how does the server know which key to use? –Several possible solutions exist, but none of them is described in te document Not described what happens if fast reconnect fails because client has forgotten the SA Channel bindings not specified in a way that would allow interoperable implementations –If this document doesn’t say what the payloads contain, it must provide a normative reference

6. August 2, 2005EAP WG, IETF 636 Next steps Finish the protocol –Significant amount of both technical and editorial work needed