eap Mailing List: Re: Issue 392: Authorization Issues

[M. Vanderveen (mvandervn]

I have read the new text and agree with most of them.

 

1. Here is one change that I disagre with ("should not" turned into "must not", and no basis from the Guidelines BCP-to-be that I can see): Section 5.1:

Text of -17.txt: "

[.. ]this should not allow the attacker to compromise other

authenticators or the backend authentication server"

New text:

Compromise of a single authenticator MUST

NOT compromise keying material held by any other authenticator within

the system, and SHOULD NOT allow the attacker to compromise the

backend authentication server

 

2. Compromise of Peer in section 5.1: hopefully this does not invalidate the idea of Group keys for multicast (if a Peer's group key is compromised, so will the group keys of other peers in his multicast group - can't be helped).

 

3. Last paragraph of Section 5.8 "

the backend authentication server can impersonate the authenticator ". Not really necessary to say this, especially since the guidelines say that the backend authentication server is a trusted party, yes?

 

 

Some nits: page 43 bottom: "an stale key" -> "a stale key".

Section 5.7, 3rd paragraph starts with "EAP EAP", 4th paragraph contains "and and", 5th paragraph starts with "AAA The AAA".

Best regards,

Michaela

----- Original Message ----
<too long to be included w/o moderator approval>

---

Want to start your own business? Learn how on Yahoo! Small Business.