| EAP-SKL update | <– Date –> <– Thread –> |
From: Thomas Otto (t.otto sharevolution.de)
|
|
| Date: Thu, 13 Oct 2005 02:16:16 -0400 (EDT) | |
EAP-SKL has been updated,
http://www.ietf.org/internet-drafts/draft-otto-eap-skl-03.txt
Rationale.
Assume the underlying protocol is a 4-step protocol,
<-- -->
<--
-->
<-- EAP-Success
<-- "start"
-->
<-- -->
<-- --> "finish"
<-- EAP-Success
With EAP-SKL, this is slightly different, because it is a 3-step protocol. This can never
incorporated into EAP exactly, so either at the beginning or at the end (before the
EAP server sends an EAP success) an "empty" message has to be inserted.
So with EAP-SKL v03 we have
<-- EAP-Success
/Thomas
http://www.ietf.org/internet-drafts/draft-otto-eap-skl-03.txt
Rationale.
One main problem of embedding existing security protocols in EAP is to match the EAP message flow. After an EAP Identity exchange, the EAP server begins the conversation.
Assume the underlying protocol is a 4-step protocol,
<-- -->
<--
-->
<-- EAP-Success
then this would match exactly. Some protocols however mandates the peer to send the first message, then
<-- "start"
-->
<-- -->
<-- --> "finish"
<-- EAP-Success
With EAP-SKL, this is slightly different, because it is a 3-step protocol. This can never
incorporated into EAP exactly, so either at the beginning or at the end (before the
EAP server sends an EAP success) an "empty" message has to be inserted.
From -02 to -03, I decided to have the first message of the server an empty
message, which could probably carry some informational things, not specified yet.
So with EAP-SKL v03 we have
<-- "start" --> <-- -->
<-- EAP-Success
/Thomas
-
EAP-SKL update Thomas Otto, October 12 2005
- EAP-SKL update Thomas Otto, October 12 2005
Results generated by Tiger Technologies using MHonArc.