| ISSUE: EAP Keying section 1.4 data associated with authentication | <– Date –> <– Thread –> |
From: Salowey, Joe (jsalowey cisco.com)
|
|
| Date: Sun, 30 Apr 2006 21:44:24 -0700 (PDT) | |
Submitter name: Joe Salowey Submitter email address: jsalowey [at] cisco.com Date first submitted: Reference: Document: Keying Framework Comment type: 'E'ditorial Priority: '1' Should fix Section: Section 1.4 Rationale/Explanation of issue: Length description of problem This section contains text that seem to indicate that an EAP method has access to certain data for authorization. While this may be true in some cases this is not generally true. Suggested revision: "As illustrated in Figure 2, the EAP method key derivation has at the root the long term credential utilized by the selected EAP method. If authentication is based on a pre-shared key, the parties store the EAP method to be used and the pre-shared key. The EAP server also stores the peer's identity as well as additional information. This information is typically used outside of the EAP method to determine if access to some service should be granted. The peer stores information necessary to choose which secret to use for which service. If authentication is based on proof of possession of the private key corresponding to the public key contained within a certificate, the parties store the EAP method to be used and the trust anchors used to validate the certificates. The EAP server may also store additional information associated with the peer's identity and the peer stores information necessary to choose which certificate to use for which service."
- (no other messages in thread)
Results generated by Tiger Technologies using MHonArc.