| Re: Issue 243: Clarification of State Synchronization | <– Date –> <– Thread –> |
From: Bernard Aboba (aboba internaut.com)
|
|
| Date: Tue, 6 Jul 2004 18:48:27 -0400 (EDT) | |
Joe Salowey wrote:
> I think the state synchronization should be in relation to the state of the
> authentication protocol and not to things that happen external to the
> authentication protocol such as the EAP method negotiation that happens
> before the method starts. I don't currently see a requirement to
> authenticate EAP protocol numbers as they are outside the actual
> authentication protocol.
>
> Anything that is internal the method must be synchronized including the
> protocol version number. The two sides must agree upon the data exchanged
> and established within the authentication protocol.
>
> Joe
OK. How about this?
[4] Synchronization of state. The EAP method state of the EAP peer and
server must be synchronized when the EAP method completes
successfully. This includes the internal state of the
authentication protocol but does not apply to state external
to the EAP method, such as the EAP Type used or the negotiation
occuring prior to initiation of the EAP method. The exact state
attributes that are shared may vary from method to method but
typically include the method version number, what credentials were
presented and accepted by both parties, what cryptographic keys are
shared and what EAP method specific attributes were negotiated, such
as ciphersuites and limitations of usage on all protocol state. Both
parties must be able to distinguish this instance of the protocol
from all other instances of the protocol and they must share the
same view of which state attributes are public and which are
private to the two parties alone.
-
Re: Issue 243: Clarification of State Synchronization Bernard Aboba, July 6 2004
- RE: Re: Issue 243: Clarification of State Synchronization Joseph Salowey, July 9 2004
Results generated by Tiger Technologies using MHonArc.