eap Mailing List: Re: Proposed Resolution to Issue 243: State Synchronization

[Florent Bersani (florent.bersani]

I understand what is meant but I feel concerned that "synchronization of 
state" may be understood as "common knowledge" (which is impossible to 
reach in a distributed environment with unreliable communications 
http://www.cs.cornell.edu/home/halpern/papers/common_knowledge.pdf - 
using the paper's terminology page 5, what we want here is E or E2 but 
not C that we can't provide).

Though I tried I couldn't figure out some simple wording to reflect this 
(but I am still trying to).

Am I the only one that is uncomfortable with this wording?

Bernard Aboba wrote:

> The proposed resolution is to change clause [4] of Section 2.2 to the
> following:
>
> [4]  Synchronization of state.  The EAP method state of the EAP peer and
>     server must be synchronized when the EAP method completes
>     successfully.  This includes the internal state of the
>     authentication protocol but not the state external to the EAP
>     method,  such as the negotiation occuring prior to initiation of
>     the EAP method.  The exact state attributes that are shared may
>     vary from method to method but typically include the method version
>     number, what credentials were presented and accepted by both
>     parties, what cryptographic keys are shared and what EAP method
>     specific attributes were negotiated, such as ciphersuites and
>     limitations of usage on all protocol state.  Both parties must be
>     able to distinguish this instance of the protocol from all other
>     instances of the protocol and they must share the same view of
>     which state attributes are public and which are private to the two
>     parties alone.
> _______________________________________________
> eap mailing list
> eap [at] frascone.com
> http://mail.frascone.com/mailman/listinfo/eap
>
>