| Re: draft on authenticated service identities | <– Date –> <– Thread –> |
From: Jari Arkko (jari.arkko piuha.net)
|
|
| Date: Thu, 15 Apr 2004 01:05:34 -0400 (EDT) | |
Alper Yegin wrote:
--Jari
I think you are right about the check part, assuming that the
method is capable of actually informing the other end about
its decision. OTOH, it looks like having one side do the
check would add a roundtrip in methods that currently don't
inform the other end;
If the check is performed by the AAA server, does it still add a roundtrip?
I think so, because we need not just the check, but also a way to communicate the result of the check to the other end. OTOH, on _some_ environments having the AAA server fail the authentication is enough. For instance, in 802.11i if the AAA server fails, the AP will not get the MSK, and the parties can't complete the 4-way handshake. Thus eventually everyone knows there was a failure.
--Jari
- Re: draft on authenticated service identities, (continued)
- Re: draft on authenticated service identities Florent Bersani, April 8 2004
-
RE: draft on authenticated service identities Alper Yegin, April 12 2004
-
Re: draft on authenticated service identities Jari Arkko, April 14 2004
- RE: draft on authenticated service identities Alper Yegin, April 14 2004
- Re: draft on authenticated service identities Jari Arkko, April 14 2004
- RE: draft on authenticated service identities Alper Yegin, April 15 2004
-
Re: draft on authenticated service identities Jari Arkko, April 14 2004
Results generated by Tiger Technologies using MHonArc.