eap Mailing List: RE: [Fwd: I-D ACTION:draft-walker-ieee802-req-00.txt]

[Hannes Tschofenig (Hannes.Tschofenig]

hi jari, 

i agree with you that there were some discussions in the past few weeks
about these protected result indications. i got the impression that many
method do not support them in the desired way. i have also realized that we
do not understand the issue in all the glory details. having a must
requirement is a little bit hard. 

ciao
hannes


> -----Original Message-----
> From: Jari Arkko [mailto:jari.arkko [at] piuha.net] 
> Sent: Sonntag, 08. Februar 2004 17:39
> To: Tschofenig Hannes
> Cc: eap [at] frascone.com
> Subject: Re: [eap] [Fwd: I-D ACTION:draft-walker-ieee802-req-00.txt]
> 
> 
> Hannes Tschofenig wrote:
> > hi all,
> > 
> > thanks for the draft. i was not surprised about the requirements
> except
> > for one:
> > 
> > [3]  Synchronization of state.  This corresponds to the "Protected
> >      result indication" security claim defined in [RFC2284bis],
> Section
> >      7.2.1.
> > 
> > why is this suddenly a MUST requirement?
> 
> This is not really an answer to your question, but I'd note 
> that in the last few weeks, we at EAP WG have learned more 
> about what protected results indications can and can not do. 
> In particular, it seems that their usage may not cover all 
> aspects of state synchronization (e.g. authorization), 
> current EAP methods such as EAP-TLS generally do not provide 
> the indications in all cases, and that even new methods would 
> not be able to provide them in all cases. The indications can 
> still be useful, but its important that we all realize their 
> limitations.
> 
> --Jari
>