| RE: draft on authenticated service identities | <– Date –> <– Thread –> |
From: Alper Yegin (alper.yegin samsung.com)
|
|
| Date: Thu, 15 Apr 2004 18:18:31 -0400 (EDT) | |
> >>I think you are right about the check part, assuming that the > >>method is capable of actually informing the other end about > >>its decision. OTOH, it looks like having one side do the > >>check would add a roundtrip in methods that currently don't > >>inform the other end; > > > > > > If the check is performed by the AAA server, does it still add a > > roundtrip? > > I think so, because we need not just the check, but also a > way to communicate the result of the check to the other > end. OTOH, on _some_ environments having the AAA server > fail the authentication is enough. Yes, this is what I'm thinking. Is this really only on some environments? If designed appropriately, the AAA server can perform the check as part of (or before) the client-NAS authentication. Are there cases this is not possible? > For instance, in 802.11i > if the AAA server fails, the AP will not get the MSK, and > the parties can't complete the 4-way handshake. Thus > eventually everyone knows there was a failure. Alper > > --Jari
- RE: draft on authenticated service identities, (continued)
-
RE: draft on authenticated service identities Alper Yegin, April 12 2004
-
Re: draft on authenticated service identities Jari Arkko, April 14 2004
- RE: draft on authenticated service identities Alper Yegin, April 14 2004
- Re: draft on authenticated service identities Jari Arkko, April 14 2004
- RE: draft on authenticated service identities Alper Yegin, April 15 2004
-
Re: draft on authenticated service identities Jari Arkko, April 14 2004
-
RE: draft on authenticated service identities Alper Yegin, April 12 2004
Results generated by Tiger Technologies using MHonArc.