| Re: Revised resolution to Issue 372: Key Lifetime | <– Date –> <– Thread –> |
From: M. Vanderveen (mvandervn yahoo.com)
|
|
| Date: Thu, 17 Aug 2006 09:14:03 -0700 (PDT) | |
Sounds very clear now. Thanks.
Bernard Aboba <bernard_aboba [at] hotmail.com> wrote:
> About section 3.6, it sounds fine. The authenticator "reclaim[ing]
>resources" is a bit unclear.
> Also, deleting the older key first does not read to me as the same as a
>LIFO queue, as the last > key to be added is the newest one, and that's
>not the one that it is thrown out first.
> Michaela
How about this?
"3.6. Key cache Synchronization
Key lifetime negotiation alone cannot guarantee key cache
synchronization. Even where a lower layer exchange is run
immediately after EAP in order to determine the lifetime of EAP
keying material, it is still possible for the authenticator to
purge all or part of the key cache prematurely (e.g. due to reboot or
need to reclaim memory).
The lower layer may utilize the Discovery phase 0 to improve key
cache synchronization. For example, if the authenticator manages the
key cache by deleting the oldest key first, the relative
creation time of the last key to be deleted could be advertised
within the Discovery phase, enabling the peer to determine whether
keying material had been prematurely expired from the authenticator
key cache."
Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates starting at 1¢/min.
-
Re: Revised resolution to Issue 372: Key Lifetime Bernard Aboba, August 17 2006
- Re: Revised resolution to Issue 372: Key Lifetime M. Vanderveen, August 17 2006
Results generated by Tiger Technologies using MHonArc.