>>>>> "Josh" == Josh Howlett <[email protected]> writes:
Josh> Isn't it sufficient for the acceptor to conclude success if the method
Josh> exposes the keying material and parameters per section 2 of RFC5247?
Josh> That's true for both full and passthrough authenticators.
It needs to happen in consistent timing with the initiator. I think
Alan is right hear: the state machine is far simpler if you wait for the
actual success message. Note that since the RADIUS server is going to
wait for that before sending you access accept, you don't have much of a
choice.
--Sam
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
