> >> Secondly, we should wait for the failure/success message before >deciding > >> whether the context is established or not? > > Josh> Hmm, isn't the context establishment ultimately dependent on >receipt of > Josh> the MSK? The protected response is within the tunnel, the MSK >is outside > Josh> the tunnel. > >What is this tunnel of which you speak?
The method; I was assuming a tunnelled method. >At this layer, both passthrough >authenticators and tunnel methods are somewhat invisible to us. That's >absolutely true on the initiator. On the acceptor, it's more complex; we >want to write guidance that works with a full or passthrough >authenticator. Isn't it sufficient for the acceptor to conclude success if the method exposes the keying material and parameters per section 2 of RFC5247? That's true for both full and passthrough authenticators. Josh. JANET(UK) is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
