| EAP-SKL update | <– Date –> <– Thread –> |
From: Thomas Otto (t.otto sharevolution.de)
|
|
| Date: Thu, 13 Oct 2005 02:14:41 -0400 (EDT) | |
|
EAP-SKL has been updated,
Rationale.
One main problem of embedding existing security
protocols in EAP is to match
the EAP message flow. After an EAP Identity
exchange, the EAP server begins
the conversation.
Assume the underlying protocol is a 4-step
protocol,
<--
-->
<--
-->
<-- EAP-Success
then this would match exactly. Some protocols
however mandates the peer to
send the first message, then
<-- "start"
-->
<--
-->
<--
--> "finish"
<-- EAP-Success
With EAP-SKL, this is slightly different, because
it is a 3-step protocol. This can never
incorporated into EAP exactly, so either at the
beginning or at the end (before the
EAP server sends an EAP success) an "empty" message
has to be inserted.
From -02 to -03, I decided to have the first
message of the server an empty message,
which could probably carry some informational
things, not specified yet.
So with EAP-SKL v03 we have
<-- "start"
-->
<--
-->
<-- EAP-Success
/Thomas
|
-
EAP-SKL update Thomas Otto, October 12 2005
- EAP-SKL update Thomas Otto, October 12 2005
Results generated by Tiger Technologies using MHonArc.