eap Mailing List: RE: Re: Issue 243: Clarification of State Synchronization

[Joseph Salowey (jsalowey]

Looks good to me. 

eap-admin [at] frascone.com wrote:
> Joe Salowey wrote:
> 
>> I think the state synchronization should be in relation to the state
>> of the authentication protocol and not to things that happen external
>> to the authentication protocol such as the EAP method negotiation
>> that happens before the method starts.  I don't currently see a
>> requirement to authenticate EAP protocol numbers as they are outside
>> the actual authentication protocol. 
>> 
>> Anything that is internal the method must be synchronized including
>> the protocol version number.  The two sides must agree upon the data
>> exchanged and established within the authentication protocol.
>> 
>> Joe
> 
> OK.  How about this?
> 
> [4]  Synchronization of state.  The EAP method state of the
> EAP peer and
>      server must be synchronized when the EAP method completes
>      successfully.  This includes the internal state of the
>      authentication protocol but does not apply to state external
>      to the EAP method,  such as the EAP Type used or the negotiation
>      occuring prior to initiation of the EAP method.  The exact state
>      attributes that are shared may vary from method to method but
>      typically include the method version number, what
> credentials were
>      presented and accepted by both parties, what
> cryptographic keys are
>      shared and what EAP method specific attributes were
> negotiated, such
>      as ciphersuites and limitations of usage on all protocol
> state.  Both
>      parties must be able to distinguish this instance of the protocol
>      from all other instances of the protocol and they must share the
>      same view of which state attributes are public and which are
>      private to the two parties alone.
> _______________________________________________
> eap mailing list
> eap [at] frascone.com
> http://mail.frascone.com/mailman/listinfo/eap