eap Mailing List: [eap-keying] issue EAP and authorization

[Avi Lior (avi]

In draft-ietf-eap-keying-08.txt  page 6:

 

"The EAP server also
   stores the peer's identity and/or other information necessary to
   decide whether access to some service should be granted.    The peer
   stores information necessary to choose which secret to use for which
   service."

 

The issue i have is that the above seems to indicate that the EAP-Server is somehow involved in authorization.

This is *hopefully" not true, and contradicts section 4.1 of the same draft.

 

Suggest re-write:

 

"The EAP server also
   stores the peer's identity and the peer
   stores information necessary to choose which secret to use for which
   service."

 

Note also that in the following paragraph the sentence is repeated again:

 

"If authentication is based on proof of possession of the private key
   corresponding to the public key contained within a certificate, the
   parties store the EAP method to be used and the trust anchors used to
   validate the certificates.  The EAP server also stores the peer's
   identity and/or other information necessary to decide whether access
   to some service should be granted.  The peer stores information
   necessary to choose which certificate to use for which service."

 

Suggested re-write:

"If authentication is based on proof of possession of the private key
   corresponding to the public key contained within a certificate, the
   parties store the EAP method to be used and the trust anchors used to
   validate the certificates.  The EAP server also stores the peer's
   identity and the peer stores information
   necessary to choose which certificate to use for which service."

 

========================

Avi Lior                                   
Bridgewater Systems Corporation
Phone :  +1 (613) 591-9104 x6417
Cell    :  +1 (613) 796-4183
E-mail : mailto:avi [at] bridgewatersystems.com
www.bridgewatersystems.com