| RE: RFC2284bis-06 draft: Support for sequences | <– Date –> <– Thread –> |
From: Puthenkulam, Jose P (jose.p.puthenkulam intel.com)
|
|
| Date: Sun, 26 Oct 2003 10:38:53 -0600 (CST) | |
Jari, See comments below > -----Original Message----- > From: Jari Arkko [mailto:jari.arkko [at] piuha.net] > Sent: Sunday, October 26, 2003 7:55 AM > To: Puthenkulam, Jose P > Cc: EAP mailing list; Adrangi, Farid; Lortz, Victor > Subject: Re: [eap] RFC2284bis-06 draft: Support for sequences > > > Puthenkulam, Jose P wrote: > > > Section 2.1 Support for Sequences : para 2 reproduced below: > > > > "Once a peer has sent a Response of the same Type as the initial > > Request, an authenticator MUST NOT send a Request of a > different Type > > prior to completion of the final round of a given method > (with the > > exception of a Notification-Request) and MUST NOT send a > Request for > > an additional method of any Type after completion of the initial > > authentication method; a peer receiving such Requests > MUST treat them > > as invalid, and silently discard them. As a result, > Identity Requery > > is not supported." > > 1. In this text "MUST NOT send a Request for an additional > method of > > any Type after completion of the initial authentication method;" > > > > shouldn't it say "before completion of the initial > authentication > > method" > > Hmm... I had to reread the text multiple times and I agree > its complicated. > But it does appear to say what was decided: *during* a method > you can't send > any other method, except maybe Notification. And *after* the > first _auth_ method > you can't send any method at all, period. > Same here, it confused me too. I agree with the principle of not supporting open ended sequences, however the mixed use of the word "method" which includes Identity Type method and "authentication method" which excludes it, seems to complicate the interpretation. > > 2. When we say "As a result, Identity Requery is not supported", > > > > does it imply that two successive Identity requests > cannot be issued > > by the Authenticator? > > I think it means that you can't do Id - Method - Id but you can still > do Id - Id - Method. Or am I missing something? It would help, if we made this interpretation explicit. As you point out, already in section 5.1 in the Implementation Note, it does support Id-Id-Method. > > --Jari > thanks, jose
-
RFC2284bis-06 draft: Support for sequences Puthenkulam, Jose P, October 26 2003
- Re: RFC2284bis-06 draft: Support for sequences Jari Arkko, October 26 2003
- RE: RFC2284bis-06 draft: Support for sequences Puthenkulam, Jose P, October 26 2003
Results generated by Tiger Technologies using MHonArc.